Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b164ab425c...18.exe

windows7-x64

7

b164ab425c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    80s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2024, 00:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b164ab425c6da0f65f183b1ad24d1974_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    b164ab425c6da0f65f183b1ad24d1974

  • SHA1

    3dfae5412dcccecdfa3c3eaeeddf3bc0a974fdcc

  • SHA256

    9dbe2dde2a23142d494b732ff50d166450ac94e81a2a3a51a556563bcaf535cb

  • SHA512

    56c88b9edb904c9584542a4ef35754426454e29ffdafa4b4d70cc16008f848cd135e145a6606e16184a39eabbdfc9a9ba1d4fa05ba9b54a5fafb61721d4e37b2

  • SSDEEP

    24576:YQ7AJBnRkiJaH+jkYkhAmOehoI8mFSI86Oet6/Jete4etU:xYeN+4AghZTUEk1u

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b164ab425c6da0f65f183b1ad24d1974_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b164ab425c6da0f65f183b1ad24d1974_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Windows\SysWOW64\explorer.exe
      explorer http://www.dandanwg.com
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2748
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2632
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.dandanwg.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2528
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2528 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    44cc33f191211f3878ca5a5d59733d60

    SHA1

    847b5350af9d4132ea636e44f16b8f44140c1bbb

    SHA256

    64c4e8e7c37c3b08c4c08f828a8232cff975ea063e91386220e34078247bcd7d

    SHA512

    2079f4a1d48c726d878a5a4c6a32e17d10181bad29e4272fc8018502d1663cbf2936b4ac4aa42d502aea3ac79114b00c6e24c3e23a4adedaa2fb308a8de7c11e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d8daf5fcb1029e7bf95832ee006ffc35

    SHA1

    eca4db6de9c7014b81b5e4f074de87255641d8d2

    SHA256

    ae7036db65e4863ef4927b678b7a14141f947a37d315eca642d9caa6c6987fff

    SHA512

    d9101ba5bdf283bcea7a7e0542efc10d7e45d0e59f184db200bc7a6d22755d46053d154439db2fc6e30d9cbc2a27e8b479caf00c2cf1febca36cd9a60c89a9e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b2c154cae920004c5077670e5a59a4f

    SHA1

    18d21c7fb0595a4f86c28debbc3d467692d538d7

    SHA256

    f65ab44843fa80b46f83ddfead3f7f95211f4b793a9c592f62082aa9bcdc08eb

    SHA512

    197cd471e845b7432e21970c98669026914d025f28daa2115985cdccad9b1a7948f3a39ae1a44a108718be6a2959012df20605c8bdc06ebb7d97f54b942b0bfc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    00cd076163b7320edd2a978888bb1908

    SHA1

    dd998747dd71bac96c1a952e9d5ff60aee27708f

    SHA256

    b12ff706121ce9653539f08b93d7ffae3f5006a893f2444293803cb1a3c823d8

    SHA512

    3e1ec2fd730bcc1d889b46572675e3734104ee079458cad18e150d0d24e6d36aecf99d1d8e1b58742bbd70e3e36b4c77d873d5acd3a67fd8504a2d6137bb7242

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    03d886be8be052157e9b0e8a300c53d9

    SHA1

    5ccaeee8f4cec5e62b2e62e9f25885c488b8d407

    SHA256

    126396783b4df6e06fcef79a353be466153a97e5665513e8876b3bee3de083b7

    SHA512

    23f2d0a8c5021d369a5367dbc7b9dd92f6bd375ab5e6b9a3d86e0a6c4036c1a94796ac5c74247a19d38ac410f0a50f3190c2ce2fe7125ff7c56beecee810277a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8d9886b905a9c6675fc66d697029185b

    SHA1

    da15cab270d96a78a7f1ce20992e35d17aa6cde6

    SHA256

    20a349c8c4006d24905fcb01c2d8d9fb4bce53321cc43c0b58ca6ba10889d51b

    SHA512

    1fda0dd5f2a13f87f855415f9af4877cea76eb815a5e9eb7bd1e87e0ff0be0e5f37a7e9bb88d8548fe1bbe4d1eb17f96e8ecd5be75e39c72b1f14e8d4594ddcb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9db95fa93d00cd04e0d98d322eebbe63

    SHA1

    56b40737ce847d949acd287035563572a61cebe0

    SHA256

    ec801103a3079789f72e2d312ceb6bd61f707e1b24242734177e4af6ca5bf511

    SHA512

    26821b9ccb63f77aaa8672f6bcd66fb867268e6dbf3555ef454b692ebb5eb5860c1e9c3ff47a9d8199dbd4f45105a0dac234fc947ac9778d042490fd7d00c922

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    527f315b8a35bf46b61e059f17d4cdb2

    SHA1

    7bf71303d0f7b131c00e86e98ebe1af0eceea695

    SHA256

    fbd9945f88c8dfc0b49eabc96d958d74f4953f88c702471461634fa9b6cfd80d

    SHA512

    13393b997bb4466d9f602afb39c8abd36e847f3eb4bac4cb1d0da5d57db5709c20719058bba7c4b260e7a9ecd62e354c3f6b4da4f28d4939b13964f34401bb24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3502d2dfd60a4c98db7516879a55d322

    SHA1

    15c3a9de058144f1bd6e0a8e138e97837456d9b2

    SHA256

    8f4223b0ef72cc888f6c39cb0a99f21c31cbab4f28f3f10b6edff92992a34e86

    SHA512

    bfb91784e607a270e9353a4499f95d0c70ba1c2f41906b0ae508389540820b572113dfba923a340ae22746c7fe06e5ba65c2583d7dde5a7c45285214af82fc29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    39dd6bb63996d6cdc85bfd184b0e98ab

    SHA1

    399669bd81316af989f70352fab8dc4727749d1e

    SHA256

    7389021342e09774adffcc09090059fc7bc55b625138e2d9470bbb34c092977f

    SHA512

    8672c63a72954519b8c07e5aa5e193525f4d44976048ad07ec535cdd7fc3ae57520136a229d496ed848b168b3fdea0317f506830544e119e76a1e38133883291

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3c9dcc7c697996d07fa23f562de793a9

    SHA1

    af96333bf29f96b970ac933b3cbcc86001d98fff

    SHA256

    8f2b599def6b69dced0c7ed8b538efabecbad25396056a9e93f529e614eae747

    SHA512

    7f69c57c5955144ad1f60004a7daa1787a2e33998ec4416e8d62883801f27d3358c996a48edd03d8e7a541eec35500324b7f2ef2fd3e3746fdf827161616e9ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    069e22371a1a4412c6a0533e2222ad3d

    SHA1

    ebe69513054035e434e1aaee6cea4162da9b00b1

    SHA256

    96378ac0fac16c2767edf267f798ef8644269fecf3c34ec1d35b82012f59a394

    SHA512

    7932cd4be7f031796d68162cfbf970775c28ff3a2087e5c0791ac0b41cc1af84e6b36c93073d702a1eea6f4e631364d047cf497ab7f5e0a697d19e9545350e1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d0c50347b915dde6872df89c3cb57a9c

    SHA1

    bb66c2c16a3bdfe42b905b09ad1a3a01dc9f9dc1

    SHA256

    666ee6f8ab3d26c3d5f66d217e2b13502550ce12f391b9fe8bcd665c1406e4cc

    SHA512

    cf29cb182e964975942f5d65a474dc778433ea375334d73c40db3f8eb8ea7558b56d9de0ea1617f3b3e66108bdf178c06e6cb3e9ed8f9088b45e7890111deed0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b2ab2a555a6066eee44bc4b6f84fe29

    SHA1

    a4bb97214710f498977edb8a062368bfa191d38a

    SHA256

    c8e82cd60c286dadf1f0f9750f9d78762aa0cb24d63b5d7bb2684bc52f58f13d

    SHA512

    fff3a13f676e72fb410eebbb9e7e3df8b3cae78682419688d8ae182ad4b55b990eaa724f19a98736cc4477a8dad0963db9775ce2dccc92fb8d51218151d137c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aea42990ec5eba9b404a16cde304714f

    SHA1

    a2f1e011b0c66b96a304afe7188f51a48a113f93

    SHA256

    68c29d522a8f1570d83a2042478f9c77afa63b8a7437745b36e05603057bd2ef

    SHA512

    51d1f50783105492502dc13b8317d19fd4348d37d98ed4d0e0c0a6686e4246f2a9340c835529da45a70662377c8338ebd2bb29c7bff65efaa2b0e2a7d611a214

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    106a677a42386796e7510db06c5f99ce

    SHA1

    91e6f1b2fd6f38e27162c29c5f5f0df4305b45c4

    SHA256

    3cccd425ca20cfa4a768e2c970589852a1c7865f26a17ac7cacf499a59e0acc0

    SHA512

    aac03039cc55f12edc4cce6df2db3a05da1b4c3f13c5db7f1658ec816cc7f3aa2255265e3b4bec4d2cca68bc3d1fef9ca32f34627fe61a917a1d633cbf748928

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4039f9f94bf3170ddcbb81b1c203a937

    SHA1

    69f2b8ebabfa4ee15bb00b6a108d7ccc74009edc

    SHA256

    639c2bd78fa77ac739a4c68caad9801a384383d4c8e2bc3983a4ac55cf6b5351

    SHA512

    4c0c6d4b80b87fda46f1ec795e630f195a33d03d06fc9de52e3ca5adde7c3baab9fb31e8b264fba3ee563b09a63134e82249ac6a9755002115de7a90d5a5ad7f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6356438ef2be5906bceff8c49bf8abae

    SHA1

    22a5983eb82e5d6a1e4b692a42ebed7cfdb02931

    SHA256

    16fae0610eca97fcf47e7678ff13ffb8e33cf5e754f0842249627caaf3896fc7

    SHA512

    86b7cac19730da8ada0cd954bbc10d389a145bb39832e9fd4a8c3fb767768ac0cbc33cac1c6813c8ffac643f0613bfc60c5f630b54f2981560cb7e0139773dbf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2ce9363df324b1998b016ae32bb56bc

    SHA1

    81d50d59c9b243aa07205ec9915d86048c3bc86d

    SHA256

    003ffef5f31a9db1fad3aab5920b35df14dc0ca7b29a1c233f00f9902dde7e26

    SHA512

    eddaa7eefd3f466459889ddddd07c3264ea4a3fa5224fe090e798911a21a75e865d30ce9251a31d7bde324a737ed5b1502a1eb3ecf73e4bae25e9836aa9a5dc2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1410.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1471.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\SouGoo.ime
    Filesize

    52KB

    MD5

    b60da4e2e5aceba3ce3d87ee2cd872ee

    SHA1

    9bbdbf1f3ce2c000a86e0473da756a4b1031db41

    SHA256

    b581fcc82c0462d60286a80912ab2ce5aca7d7b11c5cff0b5f74716dbb7dc453

    SHA512

    664d6f893484252b339ff8f413a4cf9da9b0ef82ed74b097ba86a5f00b4d9740eef6e8a5b81e8be7e82ae4009928097baf15e65a03f31c4b92e44f593ce39874

    Download Submit