Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
21/08/2024, 02:51
General
-
Target
b1da08b6a47a2986dcd9b7cd56ea86f3_JaffaCakes118.exe
-
Size
31KB
-
MD5
b1da08b6a47a2986dcd9b7cd56ea86f3
-
SHA1
bc736667ecb8c324e317a5754377ba5813ee0c37
-
SHA256
24bcd77d7259411646d329be33a53edec7ef1d619c4c04a8c26d7fa69fcf4412
-
SHA512
b31eff1b35a5e9f3255cdca335ec1e16034fd426ee437b70420a0a5eaf4e947cc38e0bcdbe81c8e62603479495ecdd195063f6786d17534e83365bc3512e50c9
-
SSDEEP
768:3mOhplcsHvKWzX6HJmFqda7koSJEoonbcuyD7UPF01j7eYS:WOhplcsHv1X6n0kcnouy899YS
Malware Config
Signatures
-
Drops file in Drivers directory 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b1da08b6a47a2986dcd9b7cd56ea86f3_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\b1da08b6a47a2986dcd9b7cd56ea86f3_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\F038.tmp\Visualizar.bat" "2⤵
- Drops file in Drivers directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://pcriviera.com/admin/include/total_visitas.php3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2144 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5014030b565b0668447361fd3bd04d14e
SHA1e44e2fcf57a25b4850b8130b62067c8fd5e0c70a
SHA256fcb74dd228838e50bb491f70c4438b35f0b56fa0f4921bb0543ea7c80e5878d8
SHA51296834651b1f6137f38fac8f0dd29efaa62052907514f6375795575b5c18ba466f81d3bc0d1cbe269f09f64c6c7782bf10cf315dbc5342a52d8cb18b867c52981
-
Filesize
342B
MD587f64a55cea078e97faaa5ceaec64d41
SHA1e97f93cc28d941d4e1a9e42b6bd2bdaddd9926cb
SHA256f9c78261267a86691958cc38163d32fdd1a92083c7b01c19ca733033f83ee875
SHA51261527757683627e60b6a216c6c42c1dd8189eb941e964983180fa4d761d45b6f04dbb057ba4180a446aed9bb87cbbe98f9dd8fe4e2415b22d4476f091f5eeb89
-
Filesize
342B
MD5c12783bc589886c3e1b62d2655b1658f
SHA1c4529c9c05e505e8c6160b00d428a5870e9f05ca
SHA2562d2eaa3cde02f777d3eca3439088b50d676b26497317a5b57549d1b4bd40c6d6
SHA512f6964bb141ca7910f3362f9bf05e804551ef4fe29b71d6fd8d813f1fa1c2d6691a229dc97866dc0c070ddc8d39846fc51034422dd03c266e7228fb58a9873fbe
-
Filesize
342B
MD5ecd9ed3bc2b6f2d699a0afe0f5a873b0
SHA1058298c53903aaee23d857200dafd9c0f5c6b5fb
SHA2561bcbdefceafba265948f08c71a8019547d9070bcd91acb06b2d122e281dcf567
SHA5124e3b99602e28ba2386c48ead8717d24c8ffbbe4754c845f51a02dadd31e26c7b73ee5fe670e07744ddd68a70599688e1013b2ab6786704fa4460162dd777667c
-
Filesize
342B
MD5ffccf84efeb3d4f0f5d96e4f9c8523dd
SHA10abea39d2fc276d4d97e33f6fae9228f1fefc0de
SHA25616a4c4024db2bb2f6137aff8d9567ff9875ace2e3257d05eb35ccc2a8ee7984e
SHA512e15291222899c82b37e74c736fcd1428786c592642440495de5e8420e6e7ab7cc927f0b1b14fa233c35a200c74c9469cdc157ccfe51ff598e4d5c5eb7533163b
-
Filesize
342B
MD5a5e16a2a429e7004b180694e1f6dbd56
SHA1f9ca5b68d0ba9ede0bdf4b609af75921aa37956c
SHA2565cc2921515828af5bec8d37551f598c1945c7b29ab297000c7a7c365dd6fac27
SHA51275320cdaab0b8e42be9e72013a2ba8261f32c53a68958d5cd4d72a9748a1264d48bf342f741c948d2bc8190d6ea6d24e6a10d7e306a31a215b7594ebef6d9d43
-
Filesize
342B
MD574e258c6481beb32ef0da83dcec67724
SHA1b884b0e2e80c2a8b7d5cbc5ed09fc5e446456ae5
SHA256fcc23a0037e12e2b0325efe108d5791887261020b9983344876d5eccf415ce1a
SHA512e48c1a08480e458361f158b411c24bdf1922cf9dfd32f368011902fccf9c68bea14031f13c65c64b8fb9537cdd14fc1a4e6656b787b5513835e56b662ef5b5e8
-
Filesize
342B
MD562aca5a7ed35183d3ddcf870bb1881b8
SHA119f8b4ac3962ff553ca9df7ccb6357c030cf0893
SHA256f7821a35a05f7ead65c89f2526789dfbaae41075113fee5ad24f5a437c4b70c0
SHA512f23b99e340c53c6248161e768d6865187ff7bb626288fdc6aabef3cfaf21979106501be1bc232510bf6f0f425527216fc5a11a9af85b09995630a3dd6d5670ae
-
Filesize
342B
MD59103b7ba3a87a7c9bdc1c635bdd72192
SHA12cb20cc4455742f944d29480d27b50b1ad241867
SHA2560f908bcf19cd3d3bc167780bcb9e365f67d14ab20c071a38d5b9660b0b80f868
SHA512570097ae7c904df6109f402cfe6eee24eb758950d7698aa325c023e8baa642917a473abc882728f225eda247e4730969aced1bfa216cdb0a0a63abd1f1868580
-
Filesize
342B
MD5dcb6b337a1d211a6a61a5b9cc53e70d6
SHA13b1180d3eda40244257c0d4e532908fdfba6a2e4
SHA2563c213ae1f0b9256cfd8e9ebd91152a7b1acfdbcf4516d8e66675c73b5a5ecb63
SHA512050f8d077c61e1c5661b4cf25a72a0672aa1247b52986a350b1270579c95033b001797d443e0369d6837a7c1b8c62603f09ebabb5190477f16eb407810d95ba1
-
Filesize
342B
MD5f75cf7afcf2d33bdd84bbd7096533fdf
SHA1cd807f3e80bde4e4416f9a0774b50a0c6618a17e
SHA256e191816943f6bb3c08f7052eed627bd5dcce29b8b85bd37cbf9e4abc0e346ff3
SHA512aafdf993e7a231748544443b1c75c14e8823de4abe9bc8dac796a511fdad892135e4b0a28abea028bfd2be06157c70d552c3a6b8f46d477fa6b1565702a6414f
-
Filesize
342B
MD594544a12a97a9c1779729c106b8e888e
SHA1d3c6b0ac0bcacff4b3d0519308816a5d44ecc45a
SHA2562a3a432cd2830f9874f14ce00f227e5308d79117885fc31909d0e2b0a9e1104b
SHA512af48d61038a88c3aa10a26cef456b5e60959a56c9f41f4b98bd062e6584add1db07c0da8af92fb91c4b60a866ab056162097bf6e77b4a65587ba0f58e04478b9
-
Filesize
342B
MD50a0e4fb32881996fa945ec7dfc3ca27b
SHA1c121930066a3f5440250d124a38a9cb988577426
SHA256c4b0cc28c531cca5dfc966bf5ff40a42352963bec68d611c32bfa04bec079f6c
SHA512f48bd258fc1b1c8d8f7771f188f0fb45c8a2635a05aafe32e894b30be4729549bf37286fa7cff1325761010233e370cc48c1973092b663f71849c6764fa31b95
-
Filesize
342B
MD5e01ac7e7d35bb25df14408a1566fffc1
SHA18ed9f95000f514efc99bcfcd35e5a7e0f305d58e
SHA256503732937118ead0da9078c17312d26338c631aee05a8784eaa87cdf3a9d27e3
SHA51253b7d206eba49c52bcc330a728b410632689f5fe5abd9bbdcaac6dce90b74cc1b58c1cd9b5a92af5aa27cf028c937330b40309f29dbaa5b0d01870258d084d17
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
322KB
MD5789889892df2731975804d1354349133
SHA163652aff5008fac6e432c8678418592b723cf29c
SHA256ba02603150e3ed50934911e38ce2b1050a4ebf651d2e0de58db42a787702d6bb
SHA512c5b14b085826d5474a68201c9f75fa32d44cfb1f749e6c80efb243c35117ad4d206534eaf497d68a5d24fac121a413687b1f7e68724b68db2e7f61748dd3982b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
4KB
MD53cd7cc2d02562ac1d15dcadd376bb8d1
SHA18fc2d52aa0c3b256e474920c4ff954f745d1402b
SHA256bb79c094db02f7b66265e4b339e05177f24c1b94161829f26052dcacf8e7b2da
SHA512456adb05b8ee5cdf9ef95bde6722ab590c57bb2cd4ed4093374d5caf0b734ae6d332c507d9a546b35020a515fdf423f324fb90315574d182fdf7558f554453fc
-
Filesize
404KB
-
Filesize
404KB