Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    95s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/09/2024, 20:26

General

  • Target

    d064b804448a22524d6042e322c28282_JaffaCakes118.exe

  • Size

    834KB

  • MD5

    d064b804448a22524d6042e322c28282

  • SHA1

    622d5c03e5e7e689daf162804a5546252ee1f8e1

  • SHA256

    b4e9d76b65136f061a3f1897e2979cf3ca7972a3fe10821f5cb085fdd7c47f71

  • SHA512

    7fc551bcc8ce4a658470825dcadeb12ec0e05f35705b18f1bb97f7a0bab63650bb159406722d877a8885dbf987f3300269122bc2836ffa660ab394a2838c6f0e

  • SSDEEP

    12288:XaWzgMg7v3qnCiMErQohh0F4CCJ8lnyC8MEFmu6KMWoLnG:qaHMv6CorjqnyC8MEUKMpC

Score
5/10

Malware Config

Signatures

  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 57 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d064b804448a22524d6042e322c28282_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d064b804448a22524d6042e322c28282_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4744
    • C:\Windows\SysWOW64\notepad.exe
      notepad.exe
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2700
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://hackgame.org/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2192
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4204
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://hackgame.org/videocrossfire
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4252
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4252 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1352

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    ba1bf8cf86ec57057637af172911cd13

    SHA1

    32daf654da1afadd3021d486164516318295debf

    SHA256

    77fb6880c4ae2e78d705501c19c9cd4a4d3d2f9e42d45e313561caa0b6c832e0

    SHA512

    46780dd891659bde9eb87f07c857a43de3de9eccc53077b437282d1dd0c1339321399b0faa4cc2a6534396cdd4d358209bfe1f9622bda1e5681acef2b9c4a255

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    404B

    MD5

    11d0be7c6f1a4221c5834a53e3ca19b9

    SHA1

    20f2dfc6a11a3454e395c16bf036163fdcfdbe28

    SHA256

    34e66b745be13c303dd9aaf142934b7d049a7446a497fb11128950d530d12b64

    SHA512

    cffb4bbbb4bf74c5a4fc8b6e679724719ab055760b5e9393480c4e689840cb9a142452d6ab5416cdc7384494ab417406ce4b32376bfd7199c1fd5d84614c36b5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    404B

    MD5

    c761c8a48e7de5f91206467df235b586

    SHA1

    25099dbd9682a41b33b2a60ec86336c7f40d58d2

    SHA256

    97d53c41852932a0979254426de8c975fb82924a07509ccde93c2bba7caa28d2

    SHA512

    3beff986f44864b6139e3859e9f4df2a61acd6cc47303fb0827f5045ce2dad07d948ffd9e12f48773dfc8d0cf590a89e3c29a097bf7fa098ec1f80ea3f77d813

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5D317FD6-6C8E-11EF-BB4F-D20DFB866B4D}.dat

    Filesize

    5KB

    MD5

    65f187b65d14ff872a3ee73b0ad56cc2

    SHA1

    b9329ce64bd6075e8975758e9159df3fc43e10c7

    SHA256

    3654ee071589f9f06257c6a7a74718eddc1c5ecbb4838c07d87ba4e8380db282

    SHA512

    103c32532345b61c49381ee73f56f49a2fa5db6ad6e740347a3ba69fb9f99284d54eb42b736688bf6c297a6a571a5e6d1c761121c5a23359d92830256f4d87d4

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5D33E1C5-6C8E-11EF-BB4F-D20DFB866B4D}.dat

    Filesize

    3KB

    MD5

    d26037ebe49443f4c5415107063d11f8

    SHA1

    f8ece3b856884eb3665c7710439649223be302a6

    SHA256

    e8336c7c25adea8719dbd8c1e006846e62042dcb994bcdc5ad68ccaad109a4fe

    SHA512

    9cea19761b8d6998a712768d56c361fe42df965ecef4e45f9e8dcedfed9842224c95c13d6ed19899f1ad2441686310cdb8b6c4fd0aabfc08793a12aed35f9c54

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver7C5F.tmp

    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NMN7D09E\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • memory/4744-0-0x0000000000400000-0x00000000004C6000-memory.dmp

    Filesize

    792KB