Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
25/08/2024, 17:03
Static task
static1
Behavioral task
behavioral1
Sample
c12fd8494bc84c87d6eb74b7a4c81b46_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
c12fd8494bc84c87d6eb74b7a4c81b46_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c12fd8494bc84c87d6eb74b7a4c81b46_JaffaCakes118.html
-
Size
20KB
-
MD5
c12fd8494bc84c87d6eb74b7a4c81b46
-
SHA1
994102451a4ec0120c1dc512c35c87fbf6ce26c5
-
SHA256
ce28230ab19652b0b6e9f5b0c1469b5425e8010a45edac3d8322f0ff1004263b
-
SHA512
6c15d9a9b68e32111cb08daa4cff3c729d4324fdb6b84126882ec20feaced2bd426e2f526351bf4374114e66279c4bc8bc96d2f221dc4a01d3a5c41e8e2056b9
-
SSDEEP
384:gaCdpzoLFBMfBMFBMJBMYBMtBMBNMQkJJOTn+9+I4xRw9YnWV1ctb:gamzMCfCFCJCYCtCBWWMId
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430767303" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{03031781-6304-11EF-B228-52723B22090D} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3064 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3064 iexplore.exe 3064 iexplore.exe 2832 IEXPLORE.EXE 2832 IEXPLORE.EXE 2832 IEXPLORE.EXE 2832 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3064 wrote to memory of 2832 3064 iexplore.exe 29 PID 3064 wrote to memory of 2832 3064 iexplore.exe 29 PID 3064 wrote to memory of 2832 3064 iexplore.exe 29 PID 3064 wrote to memory of 2832 3064 iexplore.exe 29
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c12fd8494bc84c87d6eb74b7a4c81b46_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3064 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3064 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2832
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51c24e08024771c8dbc4e5889bb80d5c2
SHA1f40ea16cdb6f4dd99431bfad3df75d929f894f06
SHA2560e32c4bf11378787c10165ae4017d810a8d7701a52eb129173c54eee533c535d
SHA51229c8f4281e167e5a2230bcf4ad25831fe4e77ef57541bf960ee25c151bba6777923ae3ac69445172a5926115906fa0370edecbc98877bced6faefb619b00795b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57386315cbc18794001887a2e43c19d6d
SHA11ab2d79f3dba68261be0ee335774c2749b9524b2
SHA256821251a138051f4140b2fe6778a9c7e97e6b06f8242a99d9b4e400d2a22a797b
SHA512f43ead7c1179308bb8e8539915dec2132a5ab41f1f9c0171fed4fefc25846a668ba7916e4a94d2df42e611916c0545c822201f3ae6bfb9b80a9236d18d07ac86
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD562a60591d1191ed9c24c9685c4b3679e
SHA15b446db3d3ad7fdbc4d7f8a0fd93729300d39dab
SHA256f0293905a97006210c7fce83b3b89b5c153202329e1a335b593a753c066ed211
SHA512f89b1d2b5682d714a52f71130d2b1dd0c8f491d8d569762445b98ae88bf60394b2f50363434227263d33b883f03a9d91da16c8e621189377b96e7a04ab55d276
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5288816fca81da61d4c61eb73d6a6fa65
SHA11cac5f6f10ae5c418d723a8f7f69fa782785942e
SHA25628cb0ac59ac02f1cc20a928b68f62df435f1050432e171166ce79fcb35884dc3
SHA512a634b336726c52be6ab8652e79eed26ff335e1969844b035dbb328d98587ddf2b9834f6dfeb8b5c79611f4cf557b85e4b4a4594d3f881a6080b786747e70ebf6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5601dbecc1f34d41b0ac994a547a886c9
SHA1982d847ce7d13aebf3e53e9f22d18cbf26bc92f6
SHA256000a7fbf097e7741d411b31701bf8cdfbc5ed84f4bb17133161a8d7852400825
SHA5124bd279c138f8db16b2aba34df623578fe14349ea0b362684d9bb0282ae00a38d85a574e29b1086c2bd8eb33fe4fb54ee7fc9816231f784df45e6ac6bcb41d7ed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c8eb291930dd7cdd88f20d5bc32c881d
SHA1c141b71c38de033d82fc3840fd11498dd28e7118
SHA256a2471ab5411143bd6f5518bacc0b10d3ac740b9646defdcbfccda8acb6d9e9ee
SHA512503e15af4c2aa2146c591b6dbae6b514b1d22d5c64ca891736aa9c7609bee36ba19eff64b622da359d76e5fd219edb6333bf9f24953271a4eab0134a21c87712
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a6f994bcfc6731462ec3f3836ec42d07
SHA1b4473ccb60e88c2a939c76f112321fa26273d583
SHA256fa8027a01b5b3f6106ba97630829c007f76d4f0343a8008499e7da1cd0ae3fe7
SHA512cc1474f67512d5583cd8db89b7e2a63c21d0c6db35ea7113a7526e4de28a27a6e398cb75ebc802c508aa6a9aafdde2ef5d74495098fa19fa0ac68d198e96bba4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5034102d23e6650560961620d0f71928f
SHA1fe1dc82c1d10fca3f7278fa63d0a8737ec364023
SHA25635ba7a09017703150f6ab476f9200482ac51817ffe9021c50723625939bdcf12
SHA51216b892f919cddac36d623a0cc4ea82fe58a40b13c4b656b064f700a5aa05569a20b0d47b9e2df135ffc8a969be3c27270993f8f100b4c36e44ba58bd80bdbf65
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51a3f187d8e3f778148c5a29df9c1b4bb
SHA13a9ea912752c4efe61a214f5d1d8dc109b1832c4
SHA256e9058baf2881f668822334c5b2ea58977ba275a8e3dceed43516061d33e615ee
SHA5122bd5ec6ded48a95e611553eed05857b458702f199d5a05691a6b720bb42bcb5a2ae880ebae02dda0badec5e6445fea9cd1ee5d63f9c51ada21043da2664ba7c5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b