Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
77s -
max time network
115s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
21/08/2024, 17:51
General
-
Target
b47005de33ed2b076fd32bd2adc39d83_JaffaCakes118.exe
-
Size
216KB
-
MD5
b47005de33ed2b076fd32bd2adc39d83
-
SHA1
ffb0b4450341e2c04d39cb3845e879af2c5961bf
-
SHA256
509acabc2196bd8e98d6480d46f9358f199e55740579145b8a4a6ca8e90d76f0
-
SHA512
01bedf9a27e1c777170cd950826a5f4c6b126904bb4f7fac42380d2c823154d4d69bf4472ceb621947601cc5f5fb514307d0f768427fb17783928b035ec8b442
-
SSDEEP
6144:Q6WEDffYdnsWF3HGtuvNhUmtPxNp7wWer7Wq6yvDE:Q9E7fYdnNXGtAzsWm6yg
Malware Config
Signatures
-
UAC bypass 3 TTPs 1 IoCs
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 6 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 2 IoCs
-
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
-
System Location Discovery: System Language Discovery 1 TTPs 6 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 26 IoCs
-
NTFS ADS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 31 IoCs
-
System policy modification 1 TTPs 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b47005de33ed2b076fd32bd2adc39d83_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\b47005de33ed2b076fd32bd2adc39d83_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\ryptgc.dll,Install2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\gdhftrlzi.exeC:\Users\Admin\AppData\Local\Temp\gdhftrlzi.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe/c start http://www.tnaflix.com3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.tnaflix.com/4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2624 CREDAT:275457 /prefetch:25⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c C:\ProgramData\Media\rdb.bat3⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- System Location Discovery: System Language Discovery
- NTFS ADS
-
-
C:\ProgramData\Media\plugin.exe-wait3⤵
- UAC bypass
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- System policy modification
-
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13B
MD538de427224a5082a04fe82e2bd4ea9ec
SHA17e4a53de1f83762dd2febd39b818e2258bc83bc1
SHA25612f99f53144294750fe8713d580eda286f4bd95cd9c840db8ab957def8040028
SHA512ec3f3c324eeaad91ab0efd47b3084493d863f969344fa1ba87ace1974908053d396673b44c33b4dceeef792a74ad9278e06acc27c83459af1153de52f83afcbf
-
Filesize
97B
MD55303b5018a6cd19200b98d31ab04f25d
SHA18285eb92f131111e40d2dc864d3b386dad6b9129
SHA256464648d492af6bb50cf65ddcbdca3e90d4b224ccc6f4ce3944d439b6c32da524
SHA512654aed00850f6b7e424a5ec5acad086a51fb54f5f944238979f43fa1aac430661250210fe5f38dcd78e46311adc7e6b282cb5c41bebfe5a7d297afd6db6de21b
-
Filesize
342B
MD51d2e68e790a51a2be003bad135af522a
SHA1c5d53bf793f57bbba5569d29e7f3776dd7684012
SHA256607fde21fb6457d1d203d929b3384509314e2a92c1fd65a90896866a0177a82e
SHA5122a673b0778ca18468b5377abf79af8849babaf86f0b57bce015e2c1a10b6a69a889c01ee3f3522cef29c1622be37e9946ed67721cccf55b7c834d7a5c2a773dc
-
Filesize
342B
MD5c813bb718a400a9215652625055e146f
SHA136578f82462bd3f279e45d5b05c3480aacdfe613
SHA256f299d7cc18b54af8cabb1b40cd9474151815cb87240116d708702ee4a505d04c
SHA512e47348244f4b9e87831a3fd7d46a8fe2b82bdbc03b2013a8c469ab0aa34536010abde65f481cd31463be5e3c9f3ed821a3effc17488a3eed8f4a7e2d1f5c99f5
-
Filesize
342B
MD5a1846930ea65c7e3de19b1a9d5a7eb8d
SHA13c9076ed5cbad0fce7197e2b0fe7c8b1d85bdefa
SHA25623c67d73f0b9d2ef2adb2da112b634abc1ef6b6906424b031dc42e7a3413d198
SHA512464a3935b5d62179b98237b9e6370153e0a30154d70852f97d55025780a99f1aacfca89c32d6270eb213b509d8281d9686028d314d08d2d5b763b5834c58046c
-
Filesize
342B
MD50c4be7ace1e0e57077c6d7d15e9558f4
SHA1657281fe55457df10dd821d1e55c86e20734a105
SHA256b7fb4d31a02f727704b06ed0fb81d272afb41027739c7d53faed04d941e00c46
SHA512d48a555fb7caff6bc4358f9415b88ba170f2d9e65b91eb5bb2c7be44f682a71ecbd139ef54b396f0023bd9cad9bfdeb2b9fe2439ef96f2b5860e0808efbf1f85
-
Filesize
342B
MD5d522a4e7684684d8d7ba1ae405fea824
SHA108b347c05a0c1fe525cc71a6010e21a3b0dff130
SHA256b35d7122e893d4a54716f998ebb333bc365b27275ebbd1bc11f27e2b32043914
SHA5122acd42524feae4f0060dfd50262b43f6e27bf2dbd7163b2aea5ac8e350de962b8f12b1c221fe290840c5ae8d438e52a5010b8d7895e529e6554e01707be56261
-
Filesize
342B
MD58a67b456980737199adc72453f3b15d8
SHA1ea3e190268b3dc6107278eb6a51f8f258b903227
SHA2568c055419bd43172542c851bdda934db1eb620d14b03441819e8e5a8bd85de408
SHA512df2378f0b4fd8d6dde9a536c385056e5b8fa09d49b6fa55448a47643a14e016f5edcaf87f223aa5191379ca0e567fb08dadbb4318118ae692982abe9b6bc9bb6
-
Filesize
342B
MD54fa98f16a1b757516f0364bad44e0f9a
SHA1086a4c55dc9fb63f47bf95b5eb77321d0dda7d37
SHA256cdbfb9af7d5232080d50a496766a05ffdee96f82b3506987070e3eaeb8bb7b1b
SHA512fdec6b7097aa0f2a531cba8de2a58c834fdd177392fdedbb6f054f2875cb775d4cc90219dad5e448d9ee3c351db1c1a1bb0bc3a9f045e2918a5a93210b83774a
-
Filesize
342B
MD5b84965b6ae6acb502dc28138a0ab8f46
SHA1cee1db141565816beda111f9b2b78ad7d978c9d4
SHA2569c3b733648ab71d9e6d97c09abd7c832b9e77ff28ccbc7d1f6c38c14a55d9cea
SHA512ee0503ab30e1c8fe94f55031cef9398f1b4448fa2673fe39be5b5e6e73d8ce39caecdd9ab584c71d4a3dd271ea9b938ab4cbff589c7dd304e7827d0ae722c436
-
Filesize
342B
MD58aaf3e7525272a6c027f2842d8719760
SHA1335401b34965cfea498a5924d739de41eac22fff
SHA25648588a0047dfb72a58dbc2d09478ed3e469f7c43c0681c2719b8a98d03d139fe
SHA512e069288db0c6212e0236e804ca27fbb4791ada516f38424c5e3631af9e87bfb4511f2fa9dc6aa8838fb5d26b2563817291e3bf19f46b903df0446f31b9fbbb37
-
Filesize
342B
MD5703ddef3333720af48e04954cc504bcd
SHA1449b4b781d4b1301822c5dbb24f91e17226aa558
SHA256503a10b218f8fcf3d34ebb092594cb00e60cf4f55d3b3a16779c1dab7d32f397
SHA512f2662f63061505cce05170544cd33b30b0dfd77d104a766cc98bfb2a9cc3ce931363f681217f4e709d6f8c7063fed80f3c4bfb24fb345490978b8364d72147fa
-
Filesize
342B
MD56c824288a7babd476d18828653e1c806
SHA1b9d9084ae6a851ba34805f337b718eac129d12fb
SHA2569910fb81b08dcdd26d0964affaf777c91082840bad11b0e5a426654460540ff7
SHA51208ef4777f8c748861ecb2508f57c7d0001c19ef12f4d0745a4af29c0a09f8191cf154654e357d571e2422223ebb05705bef0aad226c886652868b23a4c959180
-
Filesize
342B
MD5462d5a8f459e7f604697b21eec582ffb
SHA1da5c94dd59d4e69c55eff8f2eccf53ef2deceac4
SHA2564de0e672b46cb17e2c3ccc2d11c649b41aea4ae10050a76f0ca35f52b6579bc5
SHA512b1099b64ca512457e161705f63100dad21c202b473423ad55a9f01fbe788806743ff530908e33a444c1c2eb67ca2f3e8e278a0c6463eaaf831b4a1a2216a572d
-
Filesize
342B
MD531b2f69e3cbe6e6fbd882dc28ed710aa
SHA14147344b2692f47eecc25f4f06d6899f33155905
SHA2561b1a2ed0e3bf3a536d611cb31041daef9cdfe7ea13fa556d6cb9be4c1ab28768
SHA512502622f146dac5c535e1b9ebbd9bfc2930439825bdec8028298d12fabec6cb3faf45c20b26a7a5dd530d5a418eaf48cf51064567e8cea3f9434d35a3a1b6a1ff
-
Filesize
342B
MD5c585aa0f3f3d3e7ec5c4fb8d2ec92c7a
SHA17815d70d8d00c3e47f51af8dfdf504e3da30a1e7
SHA256cd6b8a4f3d32cc86cb45f1758f7aea59f4cc5fd562d123cb3ca781cb11c60675
SHA512c866cc4a257806159d00cfa166074f1b58d4c1c9f574026fbac531ebf410186da1b52da15e270b12a1ac057fb53ae3eb844082d70de7529494669016bfa8e4ca
-
Filesize
342B
MD5888bd3de2d94031d907c4963f634f88d
SHA1d63987016635ddee4adbd53e48fbbbff9741c089
SHA256890ef56f0ed8e3bc287cf22b8e8aa27a861471795160472df0fc10de1de768ce
SHA512984cda17a6779e164948c4e2fb632bcfab51d300cbd860ded48be0db21e22e82c5fb8e1f1c8be6d01295cc0dfc87cd26a7f6e0d865d11cb0242fdde9fe025720
-
Filesize
342B
MD59b91baf27d46623f8fbcaf18a960c262
SHA17ec6b40686e5631aea7f1230149423fc52ee5477
SHA25697ab526bf5b1e3703be5dcc53728793e94eef50685791f77eb3a1f5df24e0a2e
SHA512e18aab265efdb35dbb096bc721deeb02adfdc7dae1daffe509ae9410ebeaa52d46700bfa20445721549db6e03558ee6a4bacb7fa2c457df97fe60d722bb12bb1
-
Filesize
342B
MD518e2e7c94d0f7b24aea1512973a295ef
SHA13b0fbc35b6ee3f062e81f16a464540c8303ed70a
SHA25611a96bd73f9d6307494b94b0c1d2c8bfbba13b34857c67950f4238aedeb848fd
SHA512cd3ba6f274c1909bf34b6a3c9226f42bce27cc93b554159201fc4e81d1920ee7b2903dd36cf9a5d3d4c18e5b7015ceed74c85f91120430e2b1696d85222a66c6
-
Filesize
342B
MD57500f03caea8d1038a8209238fbfcc83
SHA187d73cd77c0b0bfce9198dd2fb0ac9195bdf642b
SHA2563d0676e1fbe2fad2c0d6ee9a28bb82ac159c55ce7c98bafdd945c4174ce30630
SHA51237e2d1be423f135b6295d710f280f8022b1b3b2f9b33266ad2232c3b790cc89437302d5803f76cc7fb8e8b2682b8d593920aa91f2bab176b754cd5c59eb635ee
-
Filesize
342B
MD59a71128c209b029dc9d52c844392468b
SHA1096e43e9d4f6b7b8ed7c8831e86d7f762cab5022
SHA2568b23418f9781fec8b5f81ea9d7fd7521f89a41fe671ab372e2473ef7b55ca1c7
SHA5124065ed290eb094b6ddd98e8bbdb0b7849e7c1f718d04e2e65546db6cd15e4be4560e26a5e7cf63e6866abf85a36d567bb843635c192dc5877c1c04a3b106085f
-
Filesize
342B
MD504a368d95ae48af4890ae48f3fb79b8d
SHA1bd3579f19fa90ad3485d505255702bcbd6e51309
SHA256a731673bf26e7b8b60665dbf4e96ce82814b1c876bb0e5b2feef5c238cd64e57
SHA51257b72f8e40803c2c59d33e7056bb9eede0fc2e80af3f9c42559f35c5033d7c099627e579454ead703e89e40a7e942e55b497777e7f6556a3ba134e82ec822c88
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
56KB
MD53038c779df2ad97b71102a689cd866cf
SHA1e56d6e0c0545f2c6d9187ce06c0c3fe17aa51db0
SHA256bd0e43ed3cd340145b55fc1685c66a644426127041b1dad97a563b31e8733f09
SHA5121a80f5276593541a94842d627a4f11b4bfa768ce0e00c15176d8de2e975a4084ee9fc78eb272aebf3a60cf2419d76814a0b408b631099a284cb86a82a28bc5f2
-
Filesize
150KB
MD572c0c3469d6b4993bf1a815842d3e88d
SHA14171cd10258c457192d3bb2ea12a1fc51ce7830a
SHA25650a75cd22ce467b06128479671a460b1bc19458e8634c2a87390171f15073f44
SHA5124b8682e98b25371b5a42df918f8045bd0fde24fb531d704822bc699fa06b2452a0931e37de6073600c43653b93e90a9d0c5b1b6a42018ddc54f0afc3c16861c6
-
Filesize
296KB
-
Filesize
296KB
-
Filesize
32KB
-
Filesize
296KB
-
Filesize
296KB
-
Filesize
296KB
-
Filesize
32KB
-
Filesize
144KB
-
Filesize
144KB