Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

d0ae798e9e...18.exe

windows7-x64

3

d0ae798e9e...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/09/2024, 23:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d0ae798e9ed4e29829be4a63c153a83d_JaffaCakes118.exe

  • Size

    96KB

  • MD5

    d0ae798e9ed4e29829be4a63c153a83d

  • SHA1

    18cc3576bae077f37fb2e6ecb45e5f8972b6e589

  • SHA256

    2e1e76b3154a9b2946a3bd60ee74d620c6dfcb1f732b55adff41bcf9e668c7fd

  • SHA512

    77cffb713aaeab0bce41d4bd905fcdb38a028185dab70354589aee12f8155751e43c28f710c03c01ded85e03ae4f71a78ea595346ce36bf9d8f7bdbab9f46192

  • SSDEEP

    1536:Wt80qzTsJg1GnxJezBZTkgHDJpRRSMjsQITBos2/JmdjNkI2:W6TiTn8TkgbDpRIoL/JmFNkI2

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d0ae798e9ed4e29829be4a63c153a83d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d0ae798e9ed4e29829be4a63c153a83d_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2704
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3148
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2096
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:17410 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:968

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    ba1bf8cf86ec57057637af172911cd13

    SHA1

    32daf654da1afadd3021d486164516318295debf

    SHA256

    77fb6880c4ae2e78d705501c19c9cd4a4d3d2f9e42d45e313561caa0b6c832e0

    SHA512

    46780dd891659bde9eb87f07c857a43de3de9eccc53077b437282d1dd0c1339321399b0faa4cc2a6534396cdd4d358209bfe1f9622bda1e5681acef2b9c4a255

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    c48e8abc13f3e135b0bdba62a0a4ebd2

    SHA1

    621b21f2fbc209f7fe895f3c93d11d50beb81702

    SHA256

    fff6a9c61526b51269d4779e48869905a5163df9291a8f934ccd53b51016e4b3

    SHA512

    f2ef9212883d734e5a191123bd909a0f1386f6d313803d367b7502e563f342c2a677fe474266d5bd1d0e7f5d845836e082285131b17072369b8e31537139fa8a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\374sd3b\imagestore.dat
    Filesize

    1KB

    MD5

    979892229f3124c4723c3350b4892fb2

    SHA1

    173d60de139e68978cf7310f75dd43426863596d

    SHA256

    cd8e006d0ab44976041ead6b69b74847b8da7936bf39cc8ae1ffd8b2176d96ba

    SHA512

    ecbc05904aad67349b4483f5027aea85256ea4e1968d1397871289d9da57f956cb32dbc1cff5d41e22011dca670d62afaa141dab9638fe3e00e5b92af1fa8054

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KDOTUZKP\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8WYVOD7\favicon[1].ico
    Filesize

    1KB

    MD5

    8581383b8ae06c4e3a036eeedc627f80

    SHA1

    c2e31508114689a5457b54354c4570a2a7fdd31f

    SHA256

    cc9ad6a2c236fa22ee411e04382b55e87adf1e2edace8587c06f625911dd20e7

    SHA512

    f85d74add91481715fee0f69ed8633a3924649936341bb7ae35e7d0b56401f1752a604d9b8e5ef6fc737859f8db21a73cac13a7ee5611ee83bc461faf19f87ea

    Download Submit

  • memory/2704-0-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download