Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
20/08/2024, 01:29
General
-
Target
ad5fb6ea2263e306d3071477d228658a_JaffaCakes118.exe
-
Size
436KB
-
MD5
ad5fb6ea2263e306d3071477d228658a
-
SHA1
133b7b5794197288fc3357a538d7696d9649f0e9
-
SHA256
70131898358ac17e331b273a7af5fe80ae21679e88c0c44169b1adadb0ea5376
-
SHA512
7c71caacb48ee4c0919f547adf5b3d76b5b59a71315fde6afd3079d2c018a7a80308f2ed2dd0a0637c1e370da49dd373446bfec27d4bcd240633fd27b5040f98
-
SSDEEP
12288:ualVlT+xA+U2Lj6yrCltturh/fXp8na3F4:JDlKi2iYCtturtXi1
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 49 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ad5fb6ea2263e306d3071477d228658a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ad5fb6ea2263e306d3071477d228658a_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c copy "C:\Users\Admin\AppData\Local\Temp\ad5fb6ea2263e306d3071477d228658a_JaffaCakes118.exe" "C:\Users\Admin\AppData\Local\Temp\scvhost.exe"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\scvhost.exeC:\Users\Admin\AppData\Local\Temp\scvhost.exe2⤵
- Modifies WinLogon for persistence
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Internet Explorer\ielowutil.exe"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding1⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1584 CREDAT:17410 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
471B
MD593f15508cd4b36df3a93b731aa089d42
SHA142777a71786f2a4ae36f9a79b3ed046d4d0a5382
SHA256302bc8a564bc6b000aa867b0cc7d53b6026137cc50b8dd951a8406b5ea588a26
SHA5123d46d8a5fa284510f8ea3060f22f08b67e36d126cf4a203fb8e98fa8b0f6372b82187804760033c414cd6132ae340f68b7a94d57088739f3f303d6d9f51ee6d1
-
Filesize
404B
MD5a010c82cc3ab3829d11e9faf083ad38b
SHA10b578d358c181ace2da5daf075274ef0f4f6b5a5
SHA256dee232c1b871f2ae98f949e6feb25091c109d1b61d1cac2df316d80647826f2d
SHA512f30da50081cd87e7c9bb854c744df5af6bca7796f2c38b3c561b8da5e26d30df00a8f3c279da1f25613b6174a83553293cd5884f4286406b92881fa3336837a2
-
Filesize
15KB
MD51a545d0052b581fbb2ab4c52133846bc
SHA162f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d
-
Filesize
1KB
MD57ef01901e0d237721dee885877137b8c
SHA1a375c386476f3ba9f25089ad152eed9bc51e852c
SHA25658ba32ac233df709ef7097de8ce1855d658af04102d79a0cfe359433b19d2910
SHA512193af254ec18bd2e49177d0b26436f7a69546c941027d7565033b5f21879b14587654c7279c461484f9255fd0b8e32e070fba5455992ed52fe4bd158e6e3c89b
-
Filesize
1KB
MD56a65fd444457822051f1038ed91a9949
SHA1eb246b35e2773973bc394783d4a1a90cbb5f36da
SHA256ee11c9a837debac46f01cd80292865b505fcb9f2f5553cb7977bcfedad52a161
SHA512c03ccf08031b96febbe29765005e2006b84dd13f76d845553078f7dadc92aaa692507de305eeadbb8d58af53445d6d581911039175021bf4d1119894fe83751b
-
Filesize
240KB
MD5d8e14023b11ab348bcd6148a50b7ae85
SHA1f7778124c39814a93df08e74d11f855cb27d09b0
SHA256a7dbdfa852bb23eaa74c5846f999cd83365720fd9cb15b50874f1848bcffb55f
SHA5122d341118ac88c5a953932be07e67f97fd7358fedad2fef1475c9042bc67d5a5621dfd86cf3aea8958e90686c3e5a835c057a076b923594594e0dfc763bac071c
-
Filesize
219KB
MD5dd012cb958a95fc77ced4ecbb7c87040
SHA1122375da09a85d0834f86ddb7652d39c74b57942
SHA256c169747d50a5e329c43ed19744c7c68592d564faf8d676ba340b9ccc35f8ce2c
SHA51290580c6befe1b043cb2e02ddf361d2bf71e2c7c409858d0f413a1b46edc5489cea4b147b1166bd6e15d9eaff2efc5873bc8769498236e014d4f9c26ff9a8e18a
-
Filesize
179KB
MD5265b724844b97d7427fc4a44c9c2e43d
SHA1ce3b1d7a991dbb98e642a23b2acf754785817434
SHA25685528db3d0ca496bc7075693ecdfd1bbbd85fe342f946b9eab219cb56c7ad205
SHA512f5b0421f75b3a7965cf477dab93805ddaadd0af4e1d6e4098b203906840235537bdd7cc923cef606ea880cf791e0d77ab051177c16b1fe5b94d00e511f5c423d
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
35KB
MD5b5af8efecbad3bca820a36e59dde6817
SHA159995d077486017c84d475206eba1d5e909800b1
SHA256a6b293451a19dfb0f68649e5ceabac93b2d4155e64fe7f3e3af21a19984e2368
SHA512aac377f6094dc0411b8ef94a08174d12cbb25f6d6279e10ffb325d5215c40d7b61617186a03db7084d827e7310dc38e2bd8d67cf591e6fb0a46f8191d715de7b
-
Filesize
436KB
MD5ad5fb6ea2263e306d3071477d228658a
SHA1133b7b5794197288fc3357a538d7696d9649f0e9
SHA25670131898358ac17e331b273a7af5fe80ae21679e88c0c44169b1adadb0ea5376
SHA5127c71caacb48ee4c0919f547adf5b3d76b5b59a71315fde6afd3079d2c018a7a80308f2ed2dd0a0637c1e370da49dd373446bfec27d4bcd240633fd27b5040f98
-
Filesize
464KB
-
Filesize
464KB
-
Filesize
464KB
-
Filesize
464KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
464KB
-
Filesize
464KB
-
Filesize
464KB
-
Filesize
464KB
-
Filesize
464KB
-
Filesize
464KB
-
Filesize
464KB
-
Filesize
464KB
-
Filesize
464KB
-
Filesize
464KB
-
Filesize
4KB
-
Filesize
464KB