Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
19/08/2024, 05:59
General
-
Target
a9db6c03c9ddf1ca0308c40781c11f43_JaffaCakes118.exe
-
Size
24KB
-
MD5
a9db6c03c9ddf1ca0308c40781c11f43
-
SHA1
68cf505a3e033a3b863fe52b16fea2cf6347aa16
-
SHA256
bf0b459c3c9d8a26636157fb8b9c693df0b75f7ded288ebafe8d6374853176fa
-
SHA512
86562dd907d42da3c422ab7230f298bab68fe35669e828782b97e66a2d23a07fc41906fdf4d780443c5f5803067f6dae4a21ed6081cb67234b022e47dcabb2bd
-
SSDEEP
192:teOtaGSJAeBqaVKwlf3e4gbZdH0dHRdHwdHPH1SdHB18GZCju11K7kvBPOnT3Uvb:MMGPVx3ehVqrmuJk2VvBR
Malware Config
Signatures
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 8 IoCs
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops file in System32 directory 2 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 42 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a9db6c03c9ddf1ca0308c40781c11f43_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a9db6c03c9ddf1ca0308c40781c11f43_JaffaCakes118.exe"1⤵
- Event Triggered Execution: Image File Execution Options Injection
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\LSFPRN.EXE"C:\Windows\LSFPRN.EXE"2⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" C:\Windows\iexplore.htm3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" C:\Windows\iexplore.htm4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:25⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5b68106da0e4cbfe37048c0d6762d8cb3
SHA13d0fbf7ce18e9d129bcb2b484d8935254f8d369a
SHA2564364cf3a9ee3df8b25a49758751d307d0d61765b9ca436676fe0e01a1548eed3
SHA512731cacd7b1eb1b6789d2c1a52b7c77d315b2bab7ea71d16d64f8dc0a264bfe49133b8df5d0382b3a9e7485b68d33a8df2b0efe6602351332ab52e675efd6032c
-
Filesize
342B
MD5c4216fd46abc0fd54da3290f076b339c
SHA1f94ea94e4dd37ddc8b6e28ffc59050d0819bb06d
SHA256e8dc5ff427172e0a6e2ef39b3e045f6a05db2dc2088856d156f6f5bbb4263899
SHA5127eb51d51688a11bc7d0d278aa64fdf44bc4afa4bf5caaf31326a82db9634c2ef617b3a1b2f3459ef0fb0faed474710455d8268a887bf12d095d13d0847938fc2
-
Filesize
342B
MD502a7206c1463b6fb4fc3071606aa2462
SHA19538afbfbe4496154e1668d981db9b60d25e4812
SHA256e5db993b89a1f5467f5154dd0fbc3e17b4482fc0bf66541cd6f2eb07a5a3b519
SHA512a424b79e816aacb2e39a68634df05dd6efce7e5eeeef26d27c13311412a4b3fab79c9c2796c8cba06bad2a2cc040dc27934eca5ad5c571553a89a3b8d7614cb8
-
Filesize
342B
MD544578384ce890f73f5071bf1223aadfa
SHA1ab387c4f053cb30bb00cca6214cd9e6f761feae9
SHA256c1b0672234941ba6078e2c99650b160103045c8492773985e8032a31ce10d181
SHA5125b0e94c2baa3b81d5b72366f2c9f600146c76c50cdcc58da5b27a08947b51e6cf8c679aca573ef01983cd72ad2cde43f20b4e17307831192be0c4bd1c5910342
-
Filesize
342B
MD57b5ac8adf7754e1794424442186d4979
SHA12d38be2d7523d3041fe5538e757ad6444d7da0d7
SHA25638def028ba9324d987657be6744c0e9eb6e1743d37a58d8d74fc5a86985c82c4
SHA512af1c7ac223e350b88b1e231032a2a491b6ff3803c90e630a7d0b79b67b4644e426861a78072cb933b4b80b4b1c9b0f8668e5f15eb4d2639b90df652fec909b48
-
Filesize
342B
MD5f717b1e7301bac425a36082441067a93
SHA1f88c42c69d78d09f8b3fd93656d33310316dd53e
SHA256b8dbb53e0e8ffb0fe9bd11507f67aa2047961412e6c42d2ce4321b0885f74459
SHA5123bda331f707aa0e138dcdfcc35b1e3f8aff37080cfb8a47fb2d821f981cf22214d1d867b3ebb2dcaed245e47f77e61de54182fd6045a0f6f2b4638dac9a384ad
-
Filesize
342B
MD5fd3b68f699cb863c2cf93247fff83d1e
SHA166e23bc1921ffa8f2924e13500f2ff3359ea9981
SHA256ee3f8c3e949d7dc6ee53686e65c2a0be3abb76d7d6054f7b108baba5f82d8c6d
SHA51238fb1fe3c2105b76c9578422a74888de019ce3d25d9b475387070bd1f249c11010179e2bfa82d04a996b9bcdeb53a0a5c84e9ec27217feff6e615de963278185
-
Filesize
342B
MD5fdc1394fb84f0b500651275d7750beff
SHA138155a261958d5f6826d3c28b65b3a5698d91acb
SHA256af7286768ecf9f22aeb90c70d2eb6f35bea50e43abd9a92e64b9eb7314d2ae9a
SHA5122d40423f2841d9cdf7f802ffbda330a8f673b8002c9755baefe072c63d6c9cc09f147727352a52a9e71b50d524846395160e99cb012bd074d47466a070de0ba1
-
Filesize
342B
MD5689996ca8922f40d3afd26490f579849
SHA1c15fbac213ec4a1821d810e34e4ca7f8278ded8b
SHA256002910dac52cc2b7a1beb3606897aec652acd0f2f36dfb2a0180042037ad6dd2
SHA5125a282fd16d35c07a9cc884ebb28aeb8e293258e089966ddc91d72f19596635c44dd330ea461baf102ad3ac626e115b8dc98b754967bf9125f1915c1fd05ff36d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
24KB
MD5a9db6c03c9ddf1ca0308c40781c11f43
SHA168cf505a3e033a3b863fe52b16fea2cf6347aa16
SHA256bf0b459c3c9d8a26636157fb8b9c693df0b75f7ded288ebafe8d6374853176fa
SHA51286562dd907d42da3c422ab7230f298bab68fe35669e828782b97e66a2d23a07fc41906fdf4d780443c5f5803067f6dae4a21ed6081cb67234b022e47dcabb2bd
-
Filesize
256B
MD57fc27f0eb3c1ab6ef579f4ef0ac12774
SHA1d04c43eb42a01467e1bb8996de0160e959d50079
SHA256a0aca3e8c478cbe4fd866047007bab97099b03512841c67fd139df62e47d6f02
SHA512c7706b6ea625da5aa968f4be791127e1faea3a00f458052210158d685666241bc15175b55d14f569493026e7cdb8c36d0892e284e426125e45c9b77abed89379
-
Filesize
1KB
MD51d47e608ba041a2325a1eab479180bf4
SHA17316d2d1a0fc1ccd6d1d4530db63ca55167c16c0
SHA256843ad1039e884b2dc398b7db77ea920e7853b8490bf2960dbf14882729435899
SHA5123fae7d2409d8a2cad5f0370ac93a373d874d5a83d9692fb10012e4d587f9e77c1c25cfc55a2b18d39308ca734b385abe48f28411aa197126b8ed4b6264b35e15