Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
07/09/2024, 03:06
General
-
Target
d0f2357e4fa18f649e3c5cbf2172e02f_JaffaCakes118.exe
-
Size
52KB
-
MD5
d0f2357e4fa18f649e3c5cbf2172e02f
-
SHA1
8d4686b7ca35a4fb1f30a4afa76036481606e22c
-
SHA256
d5f1e7b37d09e4b2e00bfb42eb15000455e8f9e2edcbe5bc37836e58613887a7
-
SHA512
0bd627f26ea8a9f61a17cc759faa1d0f9dfcf678265aaaae30b641c284966d43269b65eb40c88502f81becd1c9d5eb7ffac7ea027b72a850456517bc6da8e428
-
SSDEEP
768:Q6MDEOgk6guQrhO23k7/9sppE0iKFz89519yFSUKhJJ16c5QSkq6O1v8eYanFnF:gExDPQ9l3ky88x8vTJJ16mQ3Zq8FG1F
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
-
Drops file in System32 directory 2 IoCs
-
Drops file in Program Files directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 25 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d0f2357e4fa18f649e3c5cbf2172e02f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\d0f2357e4fa18f649e3c5cbf2172e02f_JaffaCakes118.exe"1⤵
- Modifies visiblity of hidden/system files in Explorer
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wscript.exe"C:\Windows\system32\wscript.exe" "C:\Program Files (x86)\Messenger\messenger.kvh"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\wscript.exe"C:\Windows\system32\wscript.exe" "C:\Windows\system32\popwen.vbs"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.95081.net/tan.htm3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9KB
MD5f6f0362d52bdd28f4facceb819c09f84
SHA1c99ad0e83984d2d2343f55a064dfd82b166b0ce1
SHA256831f7023f584b2f4325e2a42c141197bf343babb6612758ebe8b846d8eb589d4
SHA512f418b1978707b0268d0496359c60c0c884ba75a200fa9ed57745cfea966d37146e791827657c3baf9d8c7a8098a98ae207e9679593113b2dedeb3ad66ffeb1f9
-
Filesize
342B
MD5b60017403be269e2423e3c21891d7a3a
SHA16746db25513e2bd8d6267e6d0ab4d458f3d4f356
SHA256df3b6e9886f6bc263cfc73386c5615ec615c746ccf6dc979c8748ff2256083aa
SHA5122380e9faec776b32a0bb16c411d3827f7d69af37c57e4d6156a0aa386aa1426fae054cad66f4cad19f19e3a4b9d034485faa1d4501ae47d8ad71df245ce31c50
-
Filesize
342B
MD57a00657f9a652568274c3a2a78a5fb00
SHA11aeb2b1c7c023fca93f17d549e738c2a7b1a0f84
SHA256a5ed5eb06a703f016d46d5812e38079f863679ff5c7fd898e621e0f7bbeb0f76
SHA51295f9d1275490d63f41302171a3d91f7ac0dec9ab19f3cf02ba42baf099aad07b6f97332a29b131e5ecf2840a6df64107b60403ab15ab43b1c4d105495faf40d6
-
Filesize
342B
MD564a478bbc49e2a13f861d0bd9eba1f7e
SHA1240e7e58f8d9c0f6dbf41c0c8036e490d0bec8e7
SHA2560c514d07b7d0e853875d1ba996237ac01deaea8624527c349279d7410944b1d8
SHA512a9e6918477a5deae1ccad7bcdbbb30bbae227cf20a5ce14e718be5c6b71775334ad81673aebcd3bae7542b7c876794590910e7585ee7d14efb58173091d1d2b3
-
Filesize
342B
MD5dfa2a135f4858668788996cb44735096
SHA147974da11b1bbca3b6c1225d78990b59665ada41
SHA25610a5360e021be28826266f89ee0563702c867b50cb57290f6028c543772ed843
SHA5125a99943372f52c607813e3bcd16e273f612134f0ea1366ac7e361ad180ed8e29ee0a560907f005fdad3716d4b031bf0dd5f3163853e0ba43efcbcc4cb0005aba
-
Filesize
342B
MD519feb2ab121de2437f2b8d62f21979ac
SHA1feb8174f17c8904e646196e3a41b33bd8f3827b9
SHA256146f72ab950e75c3dcdf879d8603bc1cdc2109371621a96aeb007f58fbffa562
SHA512cbb76a9ae955206fcc6e7cb5c7c965119bed55266e84608a93e01bba7f611d0dbeb0cc2b66f19e168bb3a001be803a64f583b877078780311a4a8b1c436c740d
-
Filesize
342B
MD55d4c07051f3cb202fe1fa95c34ecb5ce
SHA1af4aed78df7b051f67e79ead1d6ea1950eb3747d
SHA256333d18f169d5598f2d588aff9525baed940cbbbdc2eb22d103b5a503c6ca8a6b
SHA512728f73bbfbbab84ad1f2fd73f7ecc60a053f40cb31a9665ee73d633159a4be06692a27dcf34987dc01eb2a024b84d0bb253d9d8dd010a89a9be6acae65afba60
-
Filesize
342B
MD54eaafaa202eb9ac0550e94d112cd909b
SHA138090ee8dd2ce1a0fc05ca89959b1a63c50a9707
SHA256fe29cd2739a3d94bee0ce57b003051f452f7f29665dd55f74f98d66763c99339
SHA51294bfd04ff032aa72f9904b862883c13d9e64535a59b342cf94845bd1887889277b32e21e35084f708be51c575dfd0d0ce1c066f4545f652b68a2ac9497ce4746
-
Filesize
342B
MD5a8a64abec19bb7811c2ff095c965a78a
SHA121167f9572e87ac2d9d4be1f6e2f4eb8d2512ddb
SHA256959e432d873345fb44fecb7223fbdc1d75123553a84eca547a0b6c55737b76b1
SHA51283d5c30b6a4a56278cf053bca8ee1c19465f29cf0c90d8fc9faf30f0d47629ba05a821cd7568623599ec8d3f0c6642938770f220797434770c8c557858f6f870
-
Filesize
342B
MD5cc189e3240da24ec65a7d91c9b9d6978
SHA145be526906b83fca9a1c8ce3c801debb54ea4ef7
SHA256609a7d051c05d1e7c9e34a34979fa15140580024037ff0271b446a8744d93f66
SHA5124069fa4a724101991ec3069e7dc8d8c5acc54be52b395214353f86a900334ed71977940b43c2524a6c610b7d86fdc18402b13fd83b4348bd0916d5957fcc6bc4
-
Filesize
342B
MD563dac92d0f8e0748464befd6fc00136b
SHA148133847621f9d0550d9d806bdeae18be0286495
SHA2568633e6c89d5baba49bad0117baaebdb51eac464d207790800a4d2ae7a944918e
SHA5122eefc106b25f5f5f92eef311cb367bdddf099f685310bc0197d5a8dc0d9af769b4f52afedfbaac4b6391384ace88ebe666ff6f3b1680c0a292a944c5e7f837b3
-
Filesize
342B
MD595ccb02823ad10ca39651f97cf13e046
SHA17a0c524ab0fe48f87ac8702d9aff7dc1936db261
SHA25643d0de6437294cb17e6ed317c84720e01fb6b6d7d8e37a6c8da0377b388a3a37
SHA512e74d4fbe273be5fcd7b6b9ab94cad530bab4b62bec9bd9d7187cd9806afb3127a81c34190d9534a6dce7ec941e349acc6d0f4bdc7f88ee44c46db764b839e601
-
Filesize
342B
MD54534f46ca0b23493988054a4a8558e3d
SHA15f42b1a7aa85e9745bad3721872ab0a1ec22e220
SHA2567f255ef30e23fb62f637b34cd0ea9b9b69842e6ecfd0ce659c416e8b36fb7af4
SHA512c7abb5904bf73d8efa85e738b4269ca04d98f386061da9890e9e02ccd1b570f0ded4a213d07485017bb89324923885c2725c957e0837d90eb2f6bd77662406be
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
218B
MD56938ddef8c3a70aa95a1f01c69f45ba4
SHA136cb5f5bea112e983587d0ddf5f7aaf3be3b4f4c
SHA256bc677ccea9a040710ed88ed3fcefadd73a931ec6750d7366a330329f95f95c46
SHA5120cac9e72295d2a23965f9c18b5ddd948df205e7babd704c77ce3b60bef6cecee5c1e3d5f76de00abc9ca029e58a493421c3e31f18f8d71d59c770e3e90c0b725