Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b7adab03d9...18.exe

windows7-x64

3

b7adab03d9...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/08/2024, 12:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b7adab03d939cf595f8aa6bbd1478b77_JaffaCakes118.exe

  • Size

    2.2MB

  • MD5

    b7adab03d939cf595f8aa6bbd1478b77

  • SHA1

    8aa737ddc1f480cdf9ba8049d0a27dc0cbebf73e

  • SHA256

    cff5bea7ff8c2ce8ea50d56dd015befae94f2c7301529dcf2ca626f55f6ee3d9

  • SHA512

    61766098f8f652f5c0e3bd2ac5a97094ac3646415e451653abb2a0855fc00b858744cfb6cbf989c0acda8d9ff0c9bf302c4c3fd59fe881efa3a7b31fdab54676

  • SSDEEP

    49152:4SHq7BZG+OeJrUMYNeBbaZWwn+0c0EHGh8eBYjfV89:4Wcj7O+7eCb1wn+LdH5eB489

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7adab03d939cf595f8aa6bbd1478b77_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b7adab03d939cf595f8aa6bbd1478b77_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:388
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://cq521.com.cn/thread-298984-1-1.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1128
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1128 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1716
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://cq521.com.cn/thread-298984-1-1.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:968
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:968 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3508
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://cq521.com.cn/thread-298984-1-1.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5112
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5112 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1356
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4260,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=3956 /prefetch:8
    1⤵
      PID:1328

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      a1c417847345e36bed0f299c81583b46

      SHA1

      883a1ef9113a8b3c18e1bc11de36852c732687c2

      SHA256

      4ed45f1f55fab97ff73b166b9e234c99ce5ad410a13d49e8404ca5ef5123f027

      SHA512

      a44e9a1dde676408292d60c5934a962596052c8fb656b52877e4441191c85222a45e574436ce0549deeb9639a6649c3e9e91cc7b8ebfbeedb7ba89c7fbc6f93f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      404B

      MD5

      0a24ba407c0b1b70dfd06a1e60e1570c

      SHA1

      f904aa25820ed6016b1e041435cbefeb8eccd5a4

      SHA256

      7d1ddf551e23a8416a985a0d674a6bf62cfb2b183bee6655ce26fe8db2e882fb

      SHA512

      902ca150867ce33c32007ba6a2a4f84b407f2a75918c607ca3b493686a499915ac00fc7536693a96402c7445f506a603b5ce904d2fde3371a1f215f095f38a76

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      404B

      MD5

      31f03511397940e3d9856fdfd0264e0e

      SHA1

      124495958fa9a119e4a973b0d5953d9519440413

      SHA256

      7b391d2f5e51a4ef4ebdd95a523fb655f2573bd95191a87064b0889730b66cf4

      SHA512

      70323fb51c3926e8019d565ce2d1aa97a67525c7be4e2e260db7f4ccef372c9e318a1ece9e6a68f59a402f1c570a564d964e00038df9fb7010582aa0552c46e0

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DC8CB2F2-6083-11EF-A2A4-FA5B96DB06CB}.dat
      Filesize

      5KB

      MD5

      9eb4e6eb5bb0e483ab72cd1667776fd0

      SHA1

      3a8f6701cd50669fabf1897be9e07f02796556be

      SHA256

      17739c1ba966039effb6525de3c201c8a83a6e29cf7426bde71b8f801fb65ae1

      SHA512

      4f5a1dd88638da608e20d56420a7ab2d8dcf8a1d3a50300f879e4d424008861fca12b3d1051195224689004e7f895453702a14fd947d44cb263e5585ff5f2a8b

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DC91780F-6083-11EF-A2A4-FA5B96DB06CB}.dat
      Filesize

      3KB

      MD5

      9c04ce1163a5662a264fe185874949e3

      SHA1

      9be90974d16cd5715efd06af89dc7d18281ad93f

      SHA256

      4debf1e6d99b531ebf7775636db73e26702bbbcf74cf43210eb599bf25928d81

      SHA512

      cddff1f3d78c7549999311be621ad6a54ac66875286f75e3970afe3617a6763439250c0081e9a63bf722e630914ae703c390e415b0cb32bc4983268b54a48421

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DC919F1F-6083-11EF-A2A4-FA5B96DB06CB}.dat
      Filesize

      5KB

      MD5

      ce7778f6e71bae0d66fa7541e474f7a8

      SHA1

      41cea6da5d1d3f2bf846395822f13c671967cc27

      SHA256

      e6260021682e4679b66a6bdcf5d1d0abbc27f321febb0f9006bf72c3ec8e998d

      SHA512

      a10f2720097b2feb5e27d3fc50efd0425e003b08c8e82794726e4deabca2780956179cb7dd2f19096ee6d3bc083538b8ed33c39e1ca1507a3a24a08de041c41c

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verC6C7.tmp
      Filesize

      15KB

      MD5

      1a545d0052b581fbb2ab4c52133846bc

      SHA1

      62f3266a9b9925cd6d98658b92adec673cbe3dd3

      SHA256

      557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

      SHA512

      bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0KP8BKDN\cf-icon-browser[1].png
      Filesize

      484B

      MD5

      59caf3c7eb63af78f12db37f41433779

      SHA1

      8024e688e78e910ae1ea3bc25be7a7ab65444b02

      SHA256

      78a7d8b29cabf16831417dba1b9bbe36fae0d060a35a495e8f10e9663b3c9e65

      SHA512

      25fb9595a28fa5c793453cffead70f3a15f64538e45330595981b81fc5935438d7cfcc45a2092563d4d57a1cae166f06f0ea57573988ac497e58ee6210258b2e

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BKKBWXOR\cf-icon-cloud[1].png
      Filesize

      1KB

      MD5

      3ec81e5e3a4de9fec46ce9e6999b9e27

      SHA1

      8f03b6857ab8d31feb65f97b1ae6b678efdc2ddd

      SHA256

      3a223426c67a0a33ff57af68a57fb589fea36af2a6e8f9dae7798c77471e0e58

      SHA512

      4bb5f094aa9d735e7ecf307edb66cffd0a196663f4d7e05134ebe62b5ebb87843b2ba652356a141de4185e50404c929e184d84adeba1c0ae3900df64a0d9a24a

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NCPU4OJ5\cf-icon-ok[1].png
      Filesize

      946B

      MD5

      dfaf0fbb758c874be231335db178381d

      SHA1

      8f2597eb7ba4c89892aac0559816db3f5280b23e

      SHA256

      ed732380ee3ff0f2d841784da213c8c05d2b5ae187a5217b419d21cae5cedb1b

      SHA512

      aa390c353731b29b57276cd0f8fd9ffa8e9f8aa31989e6fdbb961ef9e56bb7da17ac1fe017f2e8d345d7cb32a04b27e8dab76496264bda057023d0624854dd9b

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NCPU4OJ5\main[1].css
      Filesize

      7KB

      MD5

      ff26f59e28a5fe6ea4ab23586415696b

      SHA1

      4182675484d175e363cd34b43041b7b1af93d0cd

      SHA256

      d30b4ea6f68456672f5abb35e9dcf7d54226372b66e9d60a7ee26b7a52568e74

      SHA512

      92c58eef6d1f885806450acd2927c57ebea2e8762c98b0826192555674bd4478e42add192834285d5934c0a76db8eac5eee1a65dc34b6f69246fad6c91a5fba4

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NCPU4OJ5\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XHVIU6BA\cf-icon-error[1].png
      Filesize

      854B

      MD5

      e5577f04b6d92590410e26bd2292933b

      SHA1

      16946b2c99d98a57f83eac170ce94b012b7d1a7b

      SHA256

      67f70597a183fbca7fac55d609fbaac5c34bb4d4d32a0530bbbbb42591f2de2f

      SHA512

      e7ee8db81b1787271aff8ebad8738468e4b019a794d9a2cf78cf286a2557e37c6a1caed9e25c073be7d1073e53f3703e63ef306fd1063829e2a445d6f8cc2fe2

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XHVIU6BA\cf-icon-server[1].png
      Filesize

      1KB

      MD5

      2c11e67182601007f577f8bf2c72fee8

      SHA1

      01dc915d4745f00632021c05d3eef634747a9c3d

      SHA256

      41553a537f85839927155af093b7bfa1987215f474ed038714609cc48812ea3b

      SHA512

      888ba6bfffff934ab1af236a77da5b6786266561b21294ea8f265e89c565c5a4f5701eab1cf3a5b440df830bd5584bc9f53f210e9613f6aca8762fcd90f49a00

      Download Submit