Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a6430c6761...18.exe

windows7-x64

7

a6430c6761...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    18/08/2024, 09:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a6430c676166dd4db105f8bb82a55e8d_JaffaCakes118.exe

  • Size

    87KB

  • MD5

    a6430c676166dd4db105f8bb82a55e8d

  • SHA1

    c3851a59386b804964c27bfd768afb7f1adee005

  • SHA256

    d80459b207a0c50f203ce7bc228ee19c186e10868fc2232d034e982fb9a84fe6

  • SHA512

    16f26fdc2dca10e0fd163b644a3cc627e7f26ea0e0b1bafc82170319ecaf0d1d9436197469bc866954e53cb514d8c3e851c063c6c0a8396bbaf91ba285d48883

  • SSDEEP

    1536:Ca+4evduxy+gtju8UOfbhaLNR9DVpz7PgEpGlWt/aHH3gadTAu+o:C7duU+gtjuAfbh8tDVKEpGgt/S3dd0Fo

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1204
      • C:\Users\Admin\AppData\Local\Temp\a6430c676166dd4db105f8bb82a55e8d_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\a6430c676166dd4db105f8bb82a55e8d_JaffaCakes118.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2196
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c start iexplore -embedding
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:3044
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2868
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
              5⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2576
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c "C:\Users\Admin\AppData\Local\Temp\OeJ5560.bat"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2184
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 124
          3⤵
          • Program crash
          PID:2960

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f22a88583af38770d4ba911dec08682c

      SHA1

      67352cdc0e34a02ad6b493ef0ce2eebb36dc0f99

      SHA256

      7e7614e5dc8337dfb18895d81145b995128dd1be0157b6329f7f65935445dce5

      SHA512

      511d75edc2dd92fdb979b50871585b33536847be240875d43e4fdd2f7942f115b7e3f9fd513c79ed98ac779b7781a2c8072a80264b4790be8305397c1b35f9be

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b887baf6a1190b56bb4d8fae528c0da3

      SHA1

      3361c243fcc8833971836b7f765bc831a69294db

      SHA256

      e4090bc0cc17dd375003b6cbf0cdd345f920035bfce0d84e4bc188f9d76c2e62

      SHA512

      f4c214d0e7da94a966918fd75d513210341449dfa87e123eb7934000dcb77bb1dd1b9346e6a874ff9f6cd7467b7377b799385a8dac129dced17f5ffc1f629003

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bff3d954a8b5d865378c4b8795c18411

      SHA1

      b140dfe08c71bc9c7fa30bfff1fb5fd6d0cd2124

      SHA256

      c000dc7c7713bcd34d032ba047746beb990073759cc868981c097601c809a308

      SHA512

      47e17d22f86610c54b13db231afe4ab57da1997dcf6f683367eea22a8cbb6de04b43aabd7d639e80d298fa48f14b6edcf3f77bdf0d45fb59f9fad329ccf0cc70

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      da4489f9d8213a59a336e0cac680c55c

      SHA1

      78ab3004199a14c71ed803350e4dbaffb9f782ff

      SHA256

      8484cb7c231337b5d1f7f1e6161f47a4aedde09a08944b23952496beb6c2bb79

      SHA512

      a63752373ce9838f87c57ff99b6c5950fe6d3283547cb927d908aad70fcf3993bd8ff3ab289ab025508b5307a637f3cdcbb4c776914e8f3b2ff624fe7b290924

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a5503ef7f1686bda355cd1d8761a40e1

      SHA1

      b16c396ea8c22d05bfeda6efd35ea6e922edfc54

      SHA256

      83d83408cd7aa3c81f12f86f3afcb3a8abc6bb4fb1c4615498e22aa9d9f347e8

      SHA512

      734f1e2a2bc45bed523be30bb8d14d23d5dde7dd080625798af3d0aa7658633945ed92991da2e480a3632ecc2b4f7c0362c83fe703f5b5c43a4531fe3ef5d48c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      22077171e8e033e83324c6bdcc6efb5d

      SHA1

      ef6c65f73f084fa9859deaf31e79a632bb9baf9c

      SHA256

      d259903b28a2f8194b3fb520ee707fae90870d44c95fb751a78544a428473ba3

      SHA512

      7e2c3afe75e03f74d38b8e792c15aa7a09e721aa19281478f23a57f172309eee060a456c4d0a3366571632d36dfd23be263ed3960d16712232e414735c6dbc35

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      09538ac3eabd5dc2614b938b8efd3a43

      SHA1

      a1a3f998a859ed02ce8ec70319e1b8bd1a4b0aca

      SHA256

      772a6aaa95297d4dc6bf3e0a3a94ecd9c541dc4a931f1f7a5a87e6e714895fca

      SHA512

      60926f0f9f6bb2beb96fc90f7a25d121d77e6bd08a899b3ea7d5ffea99c7244873a6a8f467b39960992e02945f65604734674219f5d6b03967b4f1e86ec0e340

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a3117fc3f0e6079a9c4abbce5548eb14

      SHA1

      a4e01401ecacc40abea465589c21f6c7e07c5c5d

      SHA256

      772842333cb5f3e7cf91ae6fd865482a851c3241fdc3b0c336e18dd9e9eca5a4

      SHA512

      3d70c38b2f3873febad95818967fead0ccd76c55a27ce2d82aade6b8686884cdea66e7b7d3e6ad2a3cf5f89d4dde7465982a035cb006f61fd73a0e59bc836375

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      51eb3c2aef1e3f3d550173657bda59ac

      SHA1

      fc762e8c169aa041a9973d9137551459cec20ab7

      SHA256

      cd69853ffec601919551a3edf14dc50b61c05bbe7db3be640d2868b5e647f702

      SHA512

      823b37f5de099642d3f27391a18c9e29183210c171e6ad2671fa0a19ac865d34a2da272871b89ba271b28861d44f1d42e63d0dc688c39ba91088e15aac1a389d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab54F5.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\OeJ5560.bat
      Filesize

      188B

      MD5

      dad92f7600fc1d2e7063a70dfd08b911

      SHA1

      00200b5b37116b11c5ef4188b6963a6d1090a5cb

      SHA256

      01aa7d7af9c0cb9fc08b028d917c6c4ec5eaef5dbfd6adf7a12b7ae5635b2203

      SHA512

      b1f92d450904bb70ec56ccf5355d0e3d98891fe053a2146c2006bb29e1660c4bda63f6ce852635d8a40eb7aa597e2d6ee485e6456cde505385154aafe0c60b09

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar5566.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\OeJ5560.tmp
      Filesize

      62KB

      MD5

      5fd693f8057ff86c08ea8873ae61fa18

      SHA1

      136c718e6438a5924087fdb232776948d112079f

      SHA256

      11800cb53aee261852dda4fdf6b11fa9e6a2d5bf2df5c55c8e827d4c3c7e72c0

      SHA512

      117511b05a62d3676ba32d03a1af346203701f5b0f8f6a6abd7eb02114173e673dc5230de4b9c5d4ca2b9f975174fe8c120c672ad12fe911e59f0e346f6f7839

      Download Submit

    • memory/1204-22-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1204-25-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

      Filesize

      4KB

      Download