Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
132s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
25/08/2024, 05:31
Static task
static1
Behavioral task
behavioral1
Sample
c00ca12a660e28e02c8c85c38952ac4a_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
c00ca12a660e28e02c8c85c38952ac4a_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c00ca12a660e28e02c8c85c38952ac4a_JaffaCakes118.html
-
Size
23KB
-
MD5
c00ca12a660e28e02c8c85c38952ac4a
-
SHA1
5afa1af526ad7b2081a34e09dc3cffc96e5bbdbb
-
SHA256
b896ec5d7939b36a9155c4517e0c44379b657ec493ae7bbaf22c500e71855cbe
-
SHA512
29cebcc88d1b2a31d4aef4bda281493a7e4e8c092e6267bf8f3d6a487d903b466fde8cb3a11a36224864dbf27559cfe0d9c029682486a39a009cbb2eee81088c
-
SSDEEP
384:TphIOw9cAfEJFNxwHEmBUQfQ/yg9r9UOXtMEOcj6kgGgs3wu/2kyql:3
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430725754" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{445F1CD1-62A3-11EF-BA91-7AF2B84EB3D8} = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2192 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2192 iexplore.exe 2192 iexplore.exe 2588 IEXPLORE.EXE 2588 IEXPLORE.EXE 2588 IEXPLORE.EXE 2588 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2192 wrote to memory of 2588 2192 iexplore.exe 30 PID 2192 wrote to memory of 2588 2192 iexplore.exe 30 PID 2192 wrote to memory of 2588 2192 iexplore.exe 30 PID 2192 wrote to memory of 2588 2192 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c00ca12a660e28e02c8c85c38952ac4a_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2588
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a77891260e897ee0ef107248b74ea1fd
SHA12c5fc332e0f31a2c6e7b2fd6bc7aaf55e5dc7da3
SHA256508a33030f1320963d7675eab83a08f3cc1adbb979d29d3b842f76b2d8e7fb5b
SHA5121e4a44dc87ba8262648aba8fefacead43a4038e14467a0394f3036c35a4e1ef6ca6a8e6fd3417e080cafc4e8569ff43682f9add8546c3f07934eac8dfe35de73
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD595cdef58cf76a36fad0634841f7f1752
SHA1a63a0d14cb20b2651fc1cbd2c592f52655320fc6
SHA256c3c71dd70103e8eb0eae467fca3742ad081b9a86733dd278e120fd0379107cf9
SHA512b0d67ebad74e777018d506825f9df5b7f560898a9a2c2345c6421cc9289e0178445e2eafdf33244a6d2ee052ac354856b49836d3cc781a35359068b964d1f59f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD503de49e09fe6d244260743294d2360ff
SHA100420c052731df3c4a235b519db42a0b615bacd5
SHA25688091e3e9dce8eb0c9c78de37861de949e0ceaac193a3887cd6d44b3b8e1f25e
SHA512b823818f7c2af8d4c0193dd732f3aeda9c302bf65358f01ddacb4d545c159d28414c79db6eed6042315c4ff059e272f6d6464d07b4afd7b2eb4cd940b084c504
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5be1f0ebed7b7e73160d31309339fa80a
SHA17acaebe8335b2005b5de1b510a7a092916456743
SHA25614e34c91fb4224397a8faee61b0c064e4df61a20f9d252affaadba58c72f5b92
SHA512bc96a4db66eb3e7f0fbcb1a180bf18eda225f2cf89e4b345f412ffe0309b89d5a3202e0b53404f7377f4e8dccf1050f025804badf22a0a2d35624c4b5f62f971
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50e4d24456fa5cb752da2543d3c2c8f22
SHA13c89041ae1bbfda1591c821ca3cd0931b54f80b5
SHA2568e78ce7146d191c1ad52f4a6fe6115c8e03dc34722545bb330b387d58fa8ef8e
SHA5120caa5ae8c4887e67c4b95765e111059aa90bc03005fcfedd9d39afb1a513173fa7aaa18207da9d9fc47f8f00d6a1e385c4b256e643a7557a8c08e356e1af7021
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5acb40c52b1fd69649f0d082bf54e8227
SHA1ec46c5ee751a7d69c2273805f1b9e860c7eabff1
SHA256fa526be786ac4aa53dcb099efc0ef10766421efffc126ceb2cb3503f3cab305b
SHA512a8e89f9eb4f076b82187dd91b197de3cbbdbf9556cd5e7f5924817475d7e0bf3aeded2202986d7a9238087a8987902fb416c2da58b6e381d78f8e938c275e4c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5948d40d66b171863f65726fc39643b30
SHA18fbb5bc6024380cfaf759190a98bb11eaffd6fbf
SHA25686f3a7f4b85339afe17058190f826bed3473cad4e951a2253cd0f15a8f5f3bf5
SHA512d448fd7bc9a0336f5e1e706bd1422318029c0f37f9e192c2f0a69f2edeead3858f8ceeeece5dfa5adf04f31afa6009bd9bae77710d9417fda90cd6899c1db420
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fc8f19d0923c1f2088c5c6088c0de7c1
SHA1a474863d87a4802df5ab2dba9710f9da86cbcfb3
SHA256c762d7cc82adfa8ea34f9faf63d6e8010d3297cefa2b417ccdb10e7d71eb5c19
SHA512ea3624c76d2163f43c00009149e6bc7f14d5937e0d6f4ae2ac7767b6ba9678148c09858cd60325ee35e636943ddf473415beb96285a34fed43ee29a767ee6ea9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52b6a93ca83bd609e07c74832bd222cd1
SHA1c4a00d658587f44b80f1479185eb2deb938f66be
SHA25677aca435c92ada0292a6333d31dc5e8725717742b4532d35aad4f44a4f491045
SHA512d28554b13d25ec55f9bacff7739b2728cab31e0e7818a5b89a913aa3cc364ef5b1a38053323ee3312d2cee69e0bf3d76993af268c40ac16013f7de9685fc5eec
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b