Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a7df73fe92...18.exe

windows7-x64

7

a7df73fe92...18.exe

windows10-2004-x64

7

$TEMP/rjjmanpw.exe

windows7-x64

5

$TEMP/rjjmanpw.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    18/08/2024, 19:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a7df73fe928fbb26f29aeeb7a8b0a82b_JaffaCakes118.exe

  • Size

    104KB

  • MD5

    a7df73fe928fbb26f29aeeb7a8b0a82b

  • SHA1

    3795602954da5dae4a58745752416bfd323ab73c

  • SHA256

    1bc8659958762a59361560208c31dafce0a3c370cf2d5071b745fa2cb641b7b6

  • SHA512

    afef8400ac82a207e3fe4ea58173a3dd198ddc1042dbb9d8152c6a343aa894d34f00076979aad1ffe15e70fee18ecb9e0a2b33e0dceac9b56e50c459bad0d80a

  • SSDEEP

    3072:4gXdZt9P6D3XJcM5tSGagNxOTSZWki3VJWk1BSqeJq7DxKP13LvP:4e34f7l9xYSZPe6sBSqeEPxI1rP

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7df73fe928fbb26f29aeeb7a8b0a82b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a7df73fe928fbb26f29aeeb7a8b0a82b_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2928
    • C:\Users\Admin\AppData\Local\Temp\rjjmanpw.exe
      C:\Users\Admin\AppData\Local\Temp\rjjmanpw.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1424
      • C:\Users\Admin\AppData\Local\Temp\rjjmanpw.exe
        C:\Users\Admin\AppData\Local\Temp\rjjmanpw.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:1992
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2536
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2536 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2552
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:276
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:276 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:1980
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2716
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0bc078c6e4a57641573d87e92ddbfdd4

    SHA1

    78849924362603289ed0fbdb4f32a4ce0a617555

    SHA256

    0f43300aef17d89da5cb7d30f1ed503eb64842d1d1a37b902eb99bdf05cea975

    SHA512

    fa96445f30c3bea5c230da2af01351c4df3b0238ee351637fb3cdb25b2a6cb74857dd87290f55f392a26b84665944f6b9ddb76a0473b1d13d36e0c59c5b650bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    874ac5d29716d66e0e7b5e71c6b707f4

    SHA1

    3d32221b323770ec951a1869a70559a3d1076663

    SHA256

    c0676f4cfdbd2aca5992ce945e600a217618aa7799e1f4df9060c5eaa7e32500

    SHA512

    470c2ca908831943ecb45db5f4144e6a033edeb42105f436cc659d98119fded6ef67338d87b3c628100b5fbe6451f370cd7f8b6a79d507f7669da5b8e82296c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    afed900636e1e99f6ad1389866f325f8

    SHA1

    b902aac1d7f1ed7415b687a9c93f8ad9feb787c1

    SHA256

    0105e66287cc8bdbbe96364034bc3e77dd756faea6fddea297eb0e2be8f0add0

    SHA512

    d33e5c9683c798c8effe8814c747cc2e97e29642f976320222ccfc3c2b6869250912f08d2e395cd0fdc2081235e2e67b75879c87eae66383fec3d75c1e400f3a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    421b3ebc00f9fdcbd09500f5ca790845

    SHA1

    c9b50f5bd7247aab4ae1214c62b1ed8ccd57c6c6

    SHA256

    a0e9ac9a145ec29c607ecf842d68a6c3f1399cb94612ba59727778817ebee862

    SHA512

    6e09ca2e36a3d5cf73de853ac836552caece8a3394939a069a8bf7018132ae697784d09d3f3dd9575510ff09a5e372b011816beccd3f8a17d685248189e85b8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c4f4999eed702a44d8dcb253a0176b78

    SHA1

    7184e5b65b4cd8b9b1855529ee5f458fbd37acf4

    SHA256

    dd300136ba9620b9a680f61fe00385f633fab216ca6bd5016ff0ba9fece309df

    SHA512

    730480f7499ab24c27351c95759bcc978a95194b71b2868f96bbd2a58cdb6d77c529647645ec53c9d139e38f430df077f1f0d6dc0212b059856e9564f4856b14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5abb15a50cedd773a457d0c3e623883f

    SHA1

    e98d52a607514f0f960d8330885ef4a8234947ea

    SHA256

    b94b10fd70a324ca8e77898c420c9f2460b135a29d7c38aaaf2d7319e369f435

    SHA512

    32392c654d886cd6205a7d4f15d7a6ff0edee9a2e60e045faaebac956540dd07874243d24dfa30c9c0749f77e8962fa24cc5def57319b736aedfb832b39b4555

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7cb55f57754bd3f339776f7b199bb9a4

    SHA1

    392206a478e16c508be1f3493154033cde2cf5bb

    SHA256

    6bf8e12c6d186da67b4b39138e4a14b9ed741ef7a1304ea8e14f2072f072b920

    SHA512

    407f0978b10fe10b18d100c2b4331ec009140581f7b759ddb890154462f032d29f5cd62f796cfbca9bb93fc9d4fdca379823c85a88c78e8ee23979d37e428ed3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    93411302a9c26fccd549c1b48f225ce2

    SHA1

    663761c0b52b72cb097cdc66d4de751532f872e3

    SHA256

    789788a3df526d24d985e3592bedbad6f6bdbed78c7399d65c1262dd7e576ac4

    SHA512

    9d32c9b9f4ea55e59dadd1400658a848b78562961d299d2d4fa6de2bc7e49c5db35c6f4fb6a10fc48b75f82ae1cddee621ed00ec8e53c5d247fd2e44b08ba9fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43101dece03591e515c6f911f56d5350

    SHA1

    aef9556d62775358a7f63952703ad5b94ee2c5b2

    SHA256

    5c2a1a335e8c44811e5fadc2fb52817991e58704176ecfcb8600130aa91b3e07

    SHA512

    78b8ad6b42ea47515e95abfd780a9e2999a37d4355f56ab5bb6ac72b8f4ea833ebb2f05bf278c97dbb51d0cf663ded6d518ad9d93c0e6694963cfd9d7754d343

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    53520375bf34d59063c6cbb203004028

    SHA1

    550ff8236076f4ccbfe6364d9ddc71b093ffea55

    SHA256

    8d51a3b685ec8a7bd7f3882e395e49680fd3612c94457cbd19756958683cf128

    SHA512

    b6a87a4e4ef9f3f27d5f80dfee136b95acaf9322c91aa54c32aacf9093d7b5e6be3b214985d7f7686e4076d989114dfe5b858768fe6aa04399c3db8351696db5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    37f90fb4101a0e7ad246c1c35694e9aa

    SHA1

    4e1b6fa37581c7e811da2385678c37a6cc6aa8f2

    SHA256

    a3744c5522f2432fd22f4c2084cb9db16bad563c8f2967dc97a548f45e1c528a

    SHA512

    3232fc772d4c390d2bab75814e1d08c6f76ee7711f4c6ef11e9f7e0daa836dd32bac1a44f782048a5bd44ffb1bf3bb7624ef2e909a75f6b22c6920df0b116b14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    033e4fbc403aeb78b8709103d36fa89c

    SHA1

    6cf2dc60b3192cb8cd438efaeb18ea80d536c0da

    SHA256

    e3d8c399de49a5abbf2def169f36737d960bf63b3959c26b3e3c9a989297f0cf

    SHA512

    80ac339134bd4071867a9c78ae6629a52df0f0a8f22d0ddb439e5002bb3fa8c09672daee6bd3968cedd830a359523f718291c0ff507099f3a7a35549b964de00

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be1621c51b0b95e62cfa31012cad2302

    SHA1

    d393f51eee6bfaa1784a49e3391306d72970333c

    SHA256

    c39bc3c7fb8c4a7334ee5c9eb10084062e7090504290a02217a034b56b1de9f4

    SHA512

    684b089a10b238af27e8b3f130047787d9d2301e41f1e6fed37c0fdbabb890a701a1dfddbdc879cc013239a2a107e490aa310c8e8283f0b3ba5f0a58e146cec4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a7edb05e65b66d572ab3c39f76f3d7ea

    SHA1

    b623cf556b45b13cca8a7c1ecbcd064ed88d1adb

    SHA256

    a59007cb674e08e1ff1b01413b7e23e178f3c1cbae5b59176f9b7f618f3921fe

    SHA512

    08bf2fd32e12410bae8fda20a8b60110147ce6f9c74dd50bbe6a2787c0464b0b4feb1798a58650c1cbbc963b7399b2410790b2e9b76764e506d30e1a4ad689c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73838466e49f169078f61dab7aba0bd2

    SHA1

    3e6b8f43ee2e281d6828e8aaebbaa62a0105560a

    SHA256

    906dab0ad79d28f04fa7673a9e651a582e7a386ea8476d5adbf4261e4895fd54

    SHA512

    a0b9a768271741e1093df75022192eb646e327462a406ea925027dde3acc69a250e8129913f5fc61a491f23183b6c2fa905d1871f6682ca17950f91403a8b50b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ebb503fa539fed816bc082948e5af04

    SHA1

    6c0a1e2d409aa38dfc51c6455e791b62555d9430

    SHA256

    669858fb5bd462d79891622dfb064f6c736ce83691be3171b10c11459d7483e0

    SHA512

    818b643a9c64e949ea9b6589fde86af149f5e8750a51b05e73d8c59d635b4b3d0e1fafaea76e2f0362f3d5cb8820fd225e87f9607fd55699915d6f15281635ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    31cf8f5bb6215331b666d42894767ac3

    SHA1

    e310580f4d38a2852fdc9d9e3eafa98e72c96a77

    SHA256

    6d3f6dc5e6d11e308d29556401f3af6fd7520f5c1c89329aef6ce67bad56fe97

    SHA512

    1ca34ca828cb1b0f6145a755ca6846791a50ad7b877508c2ee8439dce6a200a746215183b09fe299a321c4bfa51acc099490465be30879800bb143f405c19630

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc3e6da6649e9fef1f3943d46e625e67

    SHA1

    8295133a84df599bb643a8f2491a4556b278abee

    SHA256

    2777fe81d6ef0d5050554726039b8c68490ea3b8382a82f276b610c97e53777a

    SHA512

    8d8648941e247ca19e3c5b63cfd3d4c28e986288cae59765147eb95bf05c523a3e9b079fb3a5a5c2e18aeb88dd966ad08089a16519468fd9d8b702bb3283e00c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    42a80749eb9acb6043398c5732e0e813

    SHA1

    86184ca0067c5c52c178ec56f5b5d31c7091532e

    SHA256

    29353f4bdd44eed2a15b28b84f7673f3c69b5c36a2e34fd1b065c184e3a0d393

    SHA512

    cabc917f9c257f807727ba956371efb87b0c39cea0d4c3535d647ca2da33196ad433c73d145b9d606038267a04006879a23dab26064cac2050552d4fe086a163

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD3A7.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD417.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\setup.dat
    Filesize

    29KB

    MD5

    a3910dabffcf1940d442f936b1715fcb

    SHA1

    af38ae5ff3f4428264e8ff83905b4b4ffb1ea230

    SHA256

    8ce6d97e44ed38d8475194903e5f84a30aa83844b8c39862c6287597f3a72fb5

    SHA512

    9406fb768b3be06727c0b0d411a20d3a2bd0ac1c77986846feb25e5e7ebb16ce2aa895d1eec58314c1d981fc4b8033bc1069bfbaba792937ccbe529cf68cc303

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~DFF43A50344054DE92.TMP
    Filesize

    16KB

    MD5

    ea2664b1ac112eb12ff7241c91b04941

    SHA1

    82aa841f1bc4f9018359f4c5627fed3236035a17

    SHA256

    52391263a191425daaa14fecdfc6742ff663dace2b21b68579ae945aeec8e88b

    SHA512

    6c91ed2423dc12a2d50c15f8b11ddaade737970861f0a8e4eda44e159b25027d0ceab7113365712f378b7a077e305805f9d9726921507c1c8bd51d598174be4b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\rjjmanpw.exe
    Filesize

    128KB

    MD5

    c8ad9f49632247cf36173e5c6f225882

    SHA1

    1bda98f1c454db6bb27ea50d6731a9034f588758

    SHA256

    f0e1a2a2c83d352691c0b5b2ce9c53920d3a0457ddf20e3648b0f01ed2d24215

    SHA512

    aad1232869c55e09fda2567ff979631102d217ba7245b35f627d805250b0497fc3c74fc8e2d3938c452abe4e7a2311effa0316fce9f7c8c0a030d44b0a99f6da

    Download Submit

  • memory/1992-24-0x00000000003F0000-0x00000000003F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1992-14-0x0000000000400000-0x0000000000404000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1992-19-0x0000000000400000-0x0000000000404000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1992-20-0x0000000010000000-0x000000001000E000-memory.dmp

    Filesize

    56KB

    Download