Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
23/08/2024, 19:42
General
-
Target
bce93de83c926b315a18f55ee850b5cd_JaffaCakes118.exe
-
Size
7KB
-
MD5
bce93de83c926b315a18f55ee850b5cd
-
SHA1
51e7f06a5b9e0d3f0bd00520487887820809ab2b
-
SHA256
c1015ec13216325b2d4a24d8e1b1ef7161f3c25a8095aec1548eaf38ea4593ef
-
SHA512
ac854dd5dd3181191e6971e12e764d73af76050f34115f34645b037250db00fd5cd26f1f6756b474b8b076c97279a81a6cc07700aadbad29a8d35c09c68345ca
-
SSDEEP
96:3u+evkj70/JtpaZtfKxZ643uRCyYxdU6ub8W3lea/oZOurTD/XquJt99cUefOynF:e+K/VZD3fSb8mleaADLJHpuOyF
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Control Panel 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bce93de83c926b315a18f55ee850b5cd_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\bce93de83c926b315a18f55ee850b5cd_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2924 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD51dbe5ffdde6115fdeb76549409910188
SHA12306b64d6150dd269381de8690417bb85f0a223d
SHA2566d78f208e1b9164f4f69aa8b9ec54e350419f91bf246a2ebf43ab5a5595cf557
SHA5129a798606e94f6802edf66f9d5b01a4df1d04cb205dd40ba97acc653daa6ba164dbfe1a1b126e589293e8b1f93f3fa89f098d4154b6dd9e43e808014417c9655c
-
Filesize
342B
MD55e35838011a262756c7035a44d892204
SHA1d0a41df5f133a889c854b238e73ace01731722e0
SHA2566bdf75de1ff95f205a080b155233ce73ad6288a997b134506dd670adb705579d
SHA512d5d449cabe9688747adbb811014e0b85fd3346c8b4d57df2e8fe9718c5121649862fe5551318434192eebf4bcb92bc9f23de763a9a8268e0b0e0aae343896cb3
-
Filesize
342B
MD551c0d4675c90722baa8ec8fe78c2e2ff
SHA16eedbf894c53ba7b1254fe38003b42a62cc2d4de
SHA256a770ba6b2ce1f08751a04af5bd9c3dee80f3dcff8cc326f4983d8580601005e1
SHA51286d8548f248c59b29aee7d27bb71966c9232566ce39339224151339366f6b9bce69081c577959a89b0f169069372b9c896089465f17e30f172370ba0a3d25187
-
Filesize
342B
MD5c79194adcedd722a2825a6d576e576c4
SHA1476b94e4c3bca587f03e8924634d5453707b4767
SHA256dda175949f10d0c37c6d72b09c672cd8ef8fb6860fcb1a2f33a174cccfb557fd
SHA512b2e84d767891c81880a5e0142eb368d4b4994de3059eb19ce40585693cde3c8640ab1cdd7d2b1fcdf725fb39080d74c6d0c4c574edb2bbf10c61b08d91448a77
-
Filesize
342B
MD5436303e6cc1691f3b7027bb646f5ec92
SHA110ea54485b6c221489f7a197c259338b83c851d5
SHA256bc0306397d584a32d90365b5e750c7c0bf5e02163fec5f2a7c19bfebcffe0c3f
SHA5123e359e769660427a957ae21364de46c811f8caf8091c5e4cc485845c836d366b6613582dd465db7b9551c355b1a72afb6b7c423ad93ce52077cafb250d22425e
-
Filesize
342B
MD5bb4547f3c80e05a2964de5f5ce2946a9
SHA1aa2400c3fa85009b91b4eeb41e00928e5d4d43d4
SHA256d7e4de8cbdb9b6bc97d072d749faa0636872cc8a3871e0b1951db2b7360c816d
SHA5120582d9993f1adba56ec48ab18d79ae54f56f9c252f0176ddc79348eabfb6889b46fcdc436bfa4527eced7dc8d90cedec9a655ee007c1fa07d5a2cabe57f2a99e
-
Filesize
342B
MD5a05418d4593a4fb027cc8628046fdebe
SHA1d853552ae698c7c54d947137dc5688740c870b72
SHA2568942de654be8176c6e868c9d97d967a3bb834a6e054f0241c4db0c1ddf5d24ad
SHA5121dacfe11c5b05fa449fce159a84b9b8ba406a111cfc4ba8d9ffd48b6ffe1ee2ff930a6a66949e2721b5099045402343368d6d59c460ae6f87e264c290d33c599
-
Filesize
342B
MD5383d4095f0c22d88921612f5e6d33a4f
SHA1f04c191e37e90cf923eaa54f96b131ce190d1746
SHA256b80e9bca4372e128135189c99e39ed205b871441b7002f312f17306490e3ea17
SHA512b770950df52831ad4133bf61b1d9925735c382e3a17fa8ea9655c5b97104b6244f111ca59a1cadd86d741d8d586bf182216f9d60701a65ecacf8450f076ae10c
-
Filesize
342B
MD51b463771699800e690ab1a80a1cadecd
SHA17681c1bf94642141cecfe0ac3be7f3b0606a6e3d
SHA256c4e5dbeabbdd1c6e45dc9c98e0f5674e5448a44b15fcd0d613b9550a03d31159
SHA5125afe0226b9df1b67ff2cf560b923b81d50772efb7da0da07e3e45fe2ec6b884945ac576e01ae913dcb253cfac852634aa0b3b96bafc0ce7e6d92984730a57e5b
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
36KB
-
Filesize
36KB