Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
19/08/2024, 14:55
General
-
Target
ab7731887fe435f9ac85c1abadc2b025_JaffaCakes118.exe
-
Size
43KB
-
MD5
ab7731887fe435f9ac85c1abadc2b025
-
SHA1
2cd55c7bce5316b99c684d84d79dd29014d9e5d7
-
SHA256
ca972971e81e95cd355927fcdeb572907178d7440bbc5f87156fb63514b4c1a3
-
SHA512
8721e32941d9c4ae2711d06f36367092fa5dfcf908e993cf9cd65b61bab9a9c672eae819f682d874ca103aaa24e5ef43b091a70d7aa1c4ec7f7a0dc2876b691c
-
SSDEEP
768:OpO0vDLbHiiHMnPP2TB5qqIot3zcxn4LfNlRALRRXmXHW:0nbVMP+TB8qh3zOnMfNQvXmXHW
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in Windows directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ab7731887fe435f9ac85c1abadc2b025_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ab7731887fe435f9ac85c1abadc2b025_JaffaCakes118.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\windows\svchosts.exeC:\windows\svchosts.exe auto2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
-
C:\progra~1\Intern~1\iexplore.exeC:\\progra~1\\Intern~1\\iexplore.exe http://jianqiangzhe1.com/AddSetup.asp?id=137&localID=DD00013&isqq=32⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2952 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD51a949b636757cbcc35fc949cd3c3ae92
SHA16c156fb437b02322c539f38a7451a2047555cfbe
SHA2567578c5b90bc2cc1dd5e67265181da439296d76317769c29e2d944c6ff25f925a
SHA5120ba55c5cd4580755d4efd871b7689720373184a1d917061b5d28dc35ad56428fe71e32b05f140150034db4842b1ef9416811163e3694a25ee3023cb87fed7dd5
-
Filesize
342B
MD5bd21822162120ca38843fedee3fe874b
SHA1e2e72a18535fc32ea1ed8138e1d1d8db34011730
SHA25619ccc24f98833cb82a95506bcf14fd322c3b4b36c987136516da0d112a937713
SHA5124951c9ccd6cefe7a9808f5b93a524cda16749e2e65e3f7634b1784e275194359c67ac5c62fd5d75c6d2939b15d41366397b065dc244947e63c994340081f2fd6
-
Filesize
342B
MD565920bcecaea089ed1c25450f27891f6
SHA1fa64baf2cb9a496c3bc2393e859ee0e75067690b
SHA256587a2909ef2d3c77eb1c8f2a9753768c85200bb266a649b44f06c979baf1ba48
SHA512de53ab18247e068b83343de4dab1bbf5c63b3a5c7a8ade9bda1ff51d9d88da5b01a17d088cfb4358f0bed0bb659b7d2c76b4f14353228ec4d3538cd42b79b8e2
-
Filesize
342B
MD526e54f1367492303303073f322ee1345
SHA17375a60fd849aa6ac4892b4c3c9e975b40599585
SHA2563885b03d431838775da265cfb5af690d1be7842bf3c1107a9fd647fef4c976e8
SHA512a1b4e4f46247f850e92f2bc6d1b98e26513e063d06e29c9129a9916cdfafa66cb1a7af0f08ca6275ffaa66b8782a429b64ba3ceea218b79ba4836a2ff69bf67b
-
Filesize
342B
MD51f9542d739a591a4f4b42b9c595f5623
SHA1cc57b8d633c112481b13f42d6f3810deae17d745
SHA2561755363aa6874a76c1e7c04387a416b6dfaf45334f0234fdef5049d3ef7df1a9
SHA51240e3d426bb46738987dd39820d5cea45607c6f06c6e5ca824571474a07a27d053abeedb58c55ecf2d700cfd0ead2123d68c1fcd5d8c837514100046b10c96a06
-
Filesize
342B
MD59054f87620bf007bf9f3acfe3a728227
SHA13b727815eeee81cf95676db0f8b0a11c0b307112
SHA256e5aca23f2d53594552590bd2801012249bb2d3ebe854bb86120314ffef420010
SHA51209f1328444635e1c14bb8f650207306435dbc1d8051699f490bd61f2aafba3ffa336922b6f02bd3abd826eb4325a2bbd9fdade96340426f6b864d0a25d57cd59
-
Filesize
342B
MD51e55c94b50911edf36ec34eaa6f90d95
SHA1b41378eb4b71344f787933f9e47ed853f56e76ec
SHA256a53a780f6aeb2d43524ea937556801324077eb1f4e407d89ce0f39e9f5cdea3b
SHA5128c9bc47189726348343b14b35d08a8583dc0cc562fd461fb39d43c197c416cfe1a80b652398507fee2b746d1835ec3dbff3ab919d581388ab8d8252a93fa0174
-
Filesize
342B
MD58d1b17a966db2d3d9de28c9ecfbb68b5
SHA1d10298c59be64b58a251f6b2ddc15cf004c8adda
SHA2566500c6a14a71ceda32e397581d78a2e6ffd189c7b87d1040829b67efa6e1e582
SHA5122b54cd211cd2367309a461acc028c1dbb31ba6a3eea46a54a59f46279d543d3811cc20bf8e20230cb640f8c42450f945c61809f2157f6f9224303694b9733748
-
Filesize
342B
MD568c5a40d581e982a4633610b5821d1cf
SHA1d266017dc0b2300995e8ba2a8fb5109a5d34315b
SHA2560316749a76d82339b42ea8e753099dba01028cd1d137f2a86d69c09f333ff56a
SHA512295c5fc5c29424c629cac62d7cbf236b53cf3b0a5147b5c592406de95b2450561fee79e7223ff00e21a791094db46cd74ba68ac99f45ff2a4160871d38125e72
-
Filesize
342B
MD54050a1e71231dfcc899524a9a2e86d12
SHA155668e5e2aad999beeb6b37ba0aa2b79adfcc9d5
SHA2564d78b5cd35d81bcde452f1dc15140d6477be59900ff98c8bbc1ea04daae771b3
SHA512479e65750039c6dc1dedc70f08a7d0410efc30b5c4296f4f46de382a0a1be293039358b95a0b04a0a06bd6f4ed283cacd261de8555e8e3a83bf32e15ddcdce91
-
Filesize
342B
MD5ccba7caa888f467e61d53ef03803f8cc
SHA175e50e0933125735f27ce27108eb823c9bdf7310
SHA256d3e8b0fec9b34529d8ed445e9d137f804771876278f252038d7cbfa5cd5e5137
SHA5122f03730790a40c80a5b52b1866f4708d8a457033234e5acdf050d07a0d03805a956845135eb37686e7fb72424cfa01d3d0c89db5f7d69c4aff6e8db769912004
-
Filesize
342B
MD5877ccb0eeb6d5e54e41079f08b7a7c0f
SHA1e77053a4659364149f0d6a16d0360c340946de9b
SHA25694bcb46cf00b77f8614884c306769b67c13d7e397414b6ceda0bf59d5ba2d81b
SHA512ed73d94b7758724ecd2e4ab24523a0c154d03ef59bb901f94a886572f00ef1bed8e762cacfad10ca37e4be0e40d67751870e73b9c4dc91d7da1a8fc15f1a99cc
-
Filesize
342B
MD547f044f6864cd0b8842362caa7e8b7d7
SHA128f3204b994fe6aa8a2e1752448eb003cdfd5944
SHA256f6a25dad81b864ffe7de8baa16bb2cc43a862f3feed80e68863cab7adabc26fb
SHA51203ddef47577560031abcb5cfd3c8135797847d672f64ec248e330fa5c60cd90ad5f0897eefb55a2c4ad0b727304baf6a34cce513dc76121c1301c491b9b4ec00
-
Filesize
342B
MD5a71b926adacab504c5306bf7ac4025e9
SHA1d88c812f137f3569a2d4b01e6fb6fe06bbb96714
SHA256ed326df9e3e6657a93456e0cfab158e7f114e41549cad4eeb38cea596880b96d
SHA5122ea4df9c42b24031149f461b7c75053d1a9f188a710ffa6aeaf2ff2341a094650ba4ea541b3efdae639fd14c8cecaa89cf4f28c635f3874c6eeec44d93055612
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
43KB
MD5ab7731887fe435f9ac85c1abadc2b025
SHA12cd55c7bce5316b99c684d84d79dd29014d9e5d7
SHA256ca972971e81e95cd355927fcdeb572907178d7440bbc5f87156fb63514b4c1a3
SHA5128721e32941d9c4ae2711d06f36367092fa5dfcf908e993cf9cd65b61bab9a9c672eae819f682d874ca103aaa24e5ef43b091a70d7aa1c4ec7f7a0dc2876b691c
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
8KB
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
64KB