Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
21/08/2024, 07:54
General
-
Target
b2aa23d6b4adb8f8623cc51498ba5c5d_JaffaCakes118.dll
-
Size
184KB
-
MD5
b2aa23d6b4adb8f8623cc51498ba5c5d
-
SHA1
93c9b95d401213f3d9197a3d8c6398da335b6c96
-
SHA256
a3a875372a18e1e91397e6c3e7f5e0ab3dba911c5908188eb9f4de48b40f0416
-
SHA512
630639faa98888d5cd268340a4219e199df2b7d95b9ce37f961ecfa62e6d080900f9680fec2bcb74f4652a686b173537e00b5089f144519c468e185274d911d9
-
SSDEEP
3072:QILqzszmqBPWnF3wTn/4zxHHA1qi9R2BtzwD6TCaBPQGHHfWB4ulpj4SqJOrcYHG:QLhqB4FgT/4zRg2rzqCFBPR/WBDj4OrF
Malware Config
Signatures
-
Disables Task Manager via registry modification
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
-
Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 42 IoCs
-
Modifies registry class 5 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of FindShellTrayWindow 12 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 29 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b2aa23d6b4adb8f8623cc51498ba5c5d_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b2aa23d6b4adb8f8623cc51498ba5c5d_JaffaCakes118.dll,#12⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\notepad.exenotepad.exe3⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\SysWOW64\notepad.exenotepad.exe3⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\ctfmon.exectfmon.exe2⤵
- Suspicious use of FindShellTrayWindow
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2572 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD58d81fa084ac3aaee6fb56986721cc959
SHA15395a861d3347da22e952bd4f07b55d36b4c1843
SHA25677c5e931f77723a3f527217bf8f0943bffca2b7b0b8024354322684154899711
SHA512a723e561d69a4c7835a668d60020074f72e4be45fc77c32bc1c19fad5d02e9b82f55c64da27bc1b541f525aac49cdf3c245599b6e8523dfd2f794016b74f91c1
-
Filesize
342B
MD554b00eec77b5e990b1eb8fbceb018d7f
SHA158ad22cb4dde9206698559eab016a09777aadd4c
SHA25661e0f76cc46302064224a7bc615c812e31d6a2368ba19c369d879d0b5bb4fc37
SHA5124b6e69744fa4969e8bac17b8300273c8232121909318892d896eda7d631e9615b0fbc6aacc846180f2fa0d8ec3e8eaaca45253d1ed9500306b368f8c3b74d147
-
Filesize
342B
MD544d1f401254a68d2901d3573cf19dc93
SHA1f001da1bc8c2e4713047b91655479020c6deec64
SHA256572c531151189ed1e68cb0a97ec46da157f49ba998e0c2fe2bd70521b2a932db
SHA512c0b29617cb6c8dc2c9d9b39461aa952d1b200db7b90e7af3d7d934d2e25d15c0733e3892e0082a447fb255dee941a56ccd3b3185c3134807edc56ca1972a218d
-
Filesize
342B
MD5f411e970df6794593657f3b055a66969
SHA16995aa4f3ad6d504d16288dee58f941b4c5a211e
SHA25600745bb2a9fa0a91ab2a2d1b39606fbd985b2262413a1daa44ed7aefb36a6634
SHA512fd9d52fb643620717f6961ed495712116c27875cb3e30e93320e0a8a8e4f76a9fcf06a52f2f4c94b3e32d9888ef4d8ee9e60e8cfb7a46b81fc60ed6a33045e0f
-
Filesize
342B
MD51fd9d58a6d98d292484ef8a4f212201b
SHA16dff932f305f95097513d305c6f15dbe5f5797d2
SHA2563d85ec429a336f972a2ff791a4cd2d3ae19fb1696dcf49ddf4fb065994464f62
SHA5128cca0c27adb192b715939213fa50e365d8e6a5aa91f6e24959fd0b3a90fb4d12141791f5e40f57db8ac58683d1795fbb51cc67b3a1e2154799b3bc047b3b8622
-
Filesize
342B
MD5b77be5c1409454de9b5b8ee4327b301c
SHA1cfedffbfbe6c130eb3b38baad2254313b4be00b6
SHA256c572209d685bda9dd0c81593499b0e85d63c67cac058b8b29b5015342b2595c9
SHA5129e849c29c18eb14ccd4f0279bb258e4bad4ffd85455c9755a039e2f4195bd732f6393af81ba6bedd3c8805581557f7c084d271417f69cfbf45e4daab850113f3
-
Filesize
342B
MD59eadab3faf86a1a5213cd11e705a1a65
SHA16b38f0f3c5513fe35b3bedc1ca238e435a5207f6
SHA2569a421c91e33e2c15330a700e26f0f7834c1ac4361793a796ce799bb3bc26501d
SHA512343a0fe38e8f727465e6db831ea269f86f580f868e12ed0e9ac4aa0cc19ea76b863a4d8756aa745cd8599b45adf0e8850bfd656088ee029478e0c3d9207bf21c
-
Filesize
342B
MD5bd288beb7191eefa07d37a2115dbe606
SHA1cb11395726f9d57513b8f8c66bb1f1f72d37486e
SHA256e99ee0b73dac6f70abf2311e5ecfa7e245369ecd7db6938e860491fb47f6c6e3
SHA512b6fc84d10684bdd8ecc263272ef91af0ff17ec34760934519dcbd949a2e920b9863277c4e308643da5e5e2bf59071c6d2942372cba72171433a447432b44ccc7
-
Filesize
342B
MD5086f601bdec7a25fa6e6e361882ec074
SHA1a584aaad36bae228ca57d6b4e53b3e196c8a02f1
SHA256d5000709952a02cb39887cb4611671c4cea427c2843c6525aac4788abd31c7c8
SHA5123634ca942883752d60aeaf1bb9dc161574140b11e92828643f1290a72d797d5394ac9c42fd3a4415106b1614a36e5830c6db3395befb55120854f466828ceeda
-
Filesize
342B
MD57d340decd26664916bd21ec30515171c
SHA1b360f369c5419b874d5c203e7181dadc91e8711b
SHA2562d3024739b54bf3a9421602eddd95238abd8362e04c2829a6ee8782173059053
SHA512c80c8b1c088c530dd0ad511e7e8e5da16cc29a4f466dd819679af35f5dc2d8c6f9b0fa73fb673947cbb67b022c4c3e1b7593c0cb202d09ab106183570296be68
-
Filesize
342B
MD5e9478bc3c6352dfe5db5a75eda6855a6
SHA1808a3ba4888f196a5e1d75358412a67f8c77d8b3
SHA25697f46f69ae8dbd73563f94255cc6ba1926e8af661df1ca3c0a85b61bec82f86b
SHA512e33ef9a89da2b45b4c393006b4ea62def844593ef8bfa34fec20a5d694768cb3ac495dee0b07979e7f9b8d85b890cfc44fc0dd6f76849b02739ce29b1b717050
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
292KB
-
Filesize
8KB
-
Filesize
292KB
-
Filesize
4KB
-
Filesize
292KB
-
Filesize
292KB
-
Filesize
292KB
-
Filesize
292KB
-
Filesize
64KB
-
Filesize
292KB
-
Filesize
292KB
-
Filesize
292KB
-
Filesize
84KB
-
Filesize
292KB
-
Filesize
292KB