Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
20/08/2024, 01:17
Static task
static1
Behavioral task
behavioral1
Sample
ad57d8070bfc181d329492a71012900f_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
ad57d8070bfc181d329492a71012900f_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
ad57d8070bfc181d329492a71012900f_JaffaCakes118.html
-
Size
3KB
-
MD5
ad57d8070bfc181d329492a71012900f
-
SHA1
25115ef1282fdebabeabd44386891df1a7e7d01b
-
SHA256
41fb522e544346c67ce60c7b3f7d680045acadbc44ccb4b5cdf022e7f4813ecf
-
SHA512
f5b15e22849edec92e955402d02650e785ae041a28154e3ef03bf6d80ac2389f38127d590eab867701a62f0bf85d98f808ebeb2f427c20ba25dbe4b169489aca
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430278546" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{07DFBBD1-5E92-11EF-A251-667598992E52} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2780 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2780 iexplore.exe 2780 iexplore.exe 2228 IEXPLORE.EXE 2228 IEXPLORE.EXE 2228 IEXPLORE.EXE 2228 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2780 wrote to memory of 2228 2780 iexplore.exe 30 PID 2780 wrote to memory of 2228 2780 iexplore.exe 30 PID 2780 wrote to memory of 2228 2780 iexplore.exe 30 PID 2780 wrote to memory of 2228 2780 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ad57d8070bfc181d329492a71012900f_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2780 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2228
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a9a606d9b21df7bfa1b3ad0d7e4e5ae6
SHA11da83def4ddc3af2dafcc35a0d9625bfd1ad2c7b
SHA2569640aac47e5db5b787625db8306156cad724588e1f1b8946b748f1396d16a0bc
SHA512c0d3d8ebd058c34bf0a816accc79d3defb47290197bdc51cc9389bd2912905b13790950d3120f3aa7aa328d271b13ecae929470ca2f8612258a44eef9b0511d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58cdda7d69b3bbe4936a43810a0b40b30
SHA13910191080d60f778d91b0eb95b117811a591d22
SHA25677c096ea6d70ddb4b260fcc737a7b900bc9634909ed51bb86d3314af1252e41e
SHA512953d1df3c9fef3df476718a0fbacba1927b0e716c1a00d34df1692350469ef934df544ecaa2689e2b38353949b791d186b84c42b0d8026938953dec4ce8b692b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53a6e4218d91adabdd4cc45bbc26c7aaa
SHA18d676692b08b661f55ad8458f2aea76f3909c49e
SHA2561141e8714185e1c21574177bdf3546627850eb6fd5c934d104bae5f75978661a
SHA51210b0b3fd53d4c9163dedd30ec933bd8ed889122858b8e2860daff39800d7cb0e7cf57614597839ed4fda4ca1755d98d37e82168f94b8c326f5b04df84fe9da33
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c8e572e65a33496c71b02472a54ca860
SHA160e70232e463541777eb2de72e2cc8539fa9021d
SHA25677e364ad6fb268dcb70d3a402132dc502bbf129e40008a9783516fc9415e8d26
SHA5123c7cac24c73c634f0d553f62cbaaaa8c552475b96f9ec5863c726adb8e4d82b8ecd2711da51809bf1a4f9ac69dd18012ef9ef28822b6614795ce1a3b5814a2c4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cf253a842b608e9fff0b33a18fc93eea
SHA1f1c845d7d8a9e76335b09d98465d0de67fec5212
SHA2565f8ce9649b6e7252bfa5a41bca8e312fa6ffd1727a1d848fbf2028112d8bc33f
SHA512ee65fdf35d880476f190124ed244887515da7afe4804cf0a7fdf4f47ff954e1bc7365cbcab3b5c2b6813ac4b79b612681d59b1d46b049abaf3e4ce5e831f5e8c
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b