Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
07/09/2024, 06:32
Static task
static1
Behavioral task
behavioral1
Sample
d14a60082497c144f0f5a0a9e15baf1e_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d14a60082497c144f0f5a0a9e15baf1e_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d14a60082497c144f0f5a0a9e15baf1e_JaffaCakes118.html
-
Size
219KB
-
MD5
d14a60082497c144f0f5a0a9e15baf1e
-
SHA1
710182908a68576591b790d10b8f9bdb29d8c4b2
-
SHA256
f8ec9a636558a738dc0a913d102b0857eac4205493f59515069688c4e10b4a3f
-
SHA512
d0035dca2e8a0e0c2f95c86b538e776a3f40e9ca28a5f3ce2a7808a6597fcba23539a6073a9e4f8318cbd8b3751fe60c16bb1502d3bd2b0374accea9507bf37b
-
SSDEEP
1536:Zi/LFDHGtsKMDNIz699qBVm0/9eR+8XZ5Jz/UF0swo11q2vEN:A/Lr9MAy+5AO2vEN
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F9491621-6CE2-11EF-8EF2-FE6EB537C9A6} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431852658" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3064 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3064 iexplore.exe 3064 iexplore.exe 2840 IEXPLORE.EXE 2840 IEXPLORE.EXE 2840 IEXPLORE.EXE 2840 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3064 wrote to memory of 2840 3064 iexplore.exe 30 PID 3064 wrote to memory of 2840 3064 iexplore.exe 30 PID 3064 wrote to memory of 2840 3064 iexplore.exe 30 PID 3064 wrote to memory of 2840 3064 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d14a60082497c144f0f5a0a9e15baf1e_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3064 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3064 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2840
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD57fb5fa1534dcf77f2125b2403b30a0ee
SHA1365d96812a69ac0a4611ea4b70a3f306576cc3ea
SHA25633a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f
SHA512a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e
-
Filesize
436B
MD5971c514f84bba0785f80aa1c23edfd79
SHA1732acea710a87530c6b08ecdf32a110d254a54c8
SHA256f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895
SHA51243dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
Filesize174B
MD5fe2f889ebb499c3b8dbad2be6efd3862
SHA1fc9ca273b857cb81d569d1156498a949a3c772cf
SHA256fb8788c1952ffd987115d29608ff7a32e912686b7354bb6222d94b6ecbe6302a
SHA51228a32d67c3e3aeb361f38e0524802c51c7969adcb90a9f1132cce348348aef6c638112413e1cdcecf2d54293f9e05ca1176d37809c7a6c1506564b1df2e26bcf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ae248c23f8145a6320a7abaed212abbf
SHA1b2b5018da86060c4af542247f90a478e62303e04
SHA2565114edc91f29f7ea1621afdd20f6b05255136eb09061dae7faf45d7988934bc8
SHA512b86f353472002599171c5ce6922d620a70df870755e05bd4f69130cf5e17139977823a5422fdf44b3664051c9ebb6545dc745aaf3f097afc2fb8a4df49de9837
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5318c530b4aae793d51968fed446a2727
SHA1fff000995dfa64bdc2e914b0bdfb01cea89147fe
SHA256fe6333fe874c08ecbfe569616cbaeeaa269a8f2990b7cde7a36ea7b93c59904e
SHA512b08d1cbca65d9e99171d6d94f83ca9fded02b4908f368dacb60640ed3d3bf51de42f15e39c481385ea6f3cf80ec74038bfa567b56fac6da9e4586c9b70bf2200
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD578bcf84bf572f49be1faa40587700dcc
SHA1b4edabab81a5828907ad8a52c01d53148b5550bf
SHA256049b24121f678ec3b89e92712e5288a6bafe01a924a70ad69f9326aa8a29d5fe
SHA512f19826ac5002b631e61e703a50493b2fa77b4bf3b94f73e2634530651124027eecb9f0fecd05c94aaf69479192c303aad62360a279cfaa5c95b1aa441b74f192
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f29125021d08c71eb1be14918dc7db44
SHA17adc406cceda3d09fd3fb6434ad588ffe1c98d48
SHA2560526218e499748abe5c0d936ed35f1dd05066620527ae3205b33eaeb9697f3d2
SHA512d9a8579fbab60acefd9f8c4f7110148619743f5f09383eeb0f2b74a07fb5b9415e08fbc914fdd550945cb13ccf8635e9e84406a398f77639754e5ce0f5397351
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58a1685db4d2d4898bf56fc7345b2dbf2
SHA17bb142225ab23fe71424ec9662c8d42142f4365a
SHA2569996ee3d2922f89fa6f92aeac5ed07789c186bdcd456af1e61a01b00d8d18bd7
SHA51202227768d6079affcd5e013cf8eb4f971c6014f0f24f71d365027c3ce4e25df9729c909b155fb7ea34b72c9b82feb2507d3200cd80f68a79c474e2e04369397b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50d3dc9a1ab80859e32edb22bd5a49861
SHA19cb21517a625389e9d046497519c382f9d642219
SHA2563a2211f70de4a34f72c1d74dbbc3cfcc37081bc54064684ba6898365fa495755
SHA512c83064a6247bd975c1b9adb1885502e113aad8bacf40db5d985ef87fe0aae36a19b90ce53905d740410edc9cf5d7b42ebd2c7829da26e48a25cad66f3d311ff7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51d30b6f201fdd1a04dc250b9e0a9b151
SHA1f05355d35082d79ba109a2bf7cc922fead0bf1f3
SHA256aa3c93dac7cfc7d8d30a1a26b8bb885331749867b922bd6b44d0a01797a0d3c6
SHA5125022e5cd1e01a45fc805d92628bfd7b84dafdda09dc462fa6b4a5f209031a099d874c1dfeb6b94f77e41a3874c066466cfc85c439c6e1ab4c9a0a0384c6043b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD546cf1b202cda195817bcdd772de998c4
SHA1f8df142db26f4112f9c675669b4e3bade93c4707
SHA25603ef7618e0651ad76199fea6f085f8524db306c2225028b9321b698eadbf2f97
SHA512e178bfaeaa793724b5da4dc89e571b0111bfeb3003af2ebf703a30131042f708c7cbe15de394feac4ff78a6e64a4d2fa668c94993c5be47b138bf51d00361e36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54ec01cde516db12fba6610f32f32ca27
SHA16078137a051cfc648987895a74c433628e81a18f
SHA2567c05678539d28a1c1c9e1f1223c2d234f410666c6a95c1df961ec41c5068fb99
SHA512c4589f1a794b73b685ad5a95fc5a9ffcbf221bd52a3bd8ec35c5129cb9ec265d9c202415a7c1d4fd57e769e641d62b1f71d923c1da9f59c4da8482435b819dca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e9549476d526667b9e6e6c5852ddc0b4
SHA1a6138effa83d693b8ebef68915e8811068a5c5c8
SHA256766703e5b28e7632df8cf6fb2c19db1b91680459b214a0c913d8666f4ce51139
SHA512ca138b5f63b92c995382868d37c2143a3af64060168cf10b67cb99ec15e6b8fa920e3e078b23448a521c7f623ce1b5b9f09643ab7d3dd900f77218bbcd95d570
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a5f8fba08488f796ade5dd7453d1d3ac
SHA127d73c6a9d8df1c9237fefd034f7efcb1064cf7d
SHA256d67a5dc8dd0eef8219c9ef264ced3b4682974d005e44c54fec18cb55357ba622
SHA512013461a71d091293f6347c7991d0d1aacd123937609a8dafc3576d0e30c73b5635db07ac6364eb9f18d43c91efe7a4f1bef34efe161c1f1ffa6d32981968aa59
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8H7UVK5L\domain_profile[2].htm
Filesize40KB
MD5b76e2959e041cb2b172277b33de9bd86
SHA166a3d3bf707905a5c065f057c3c63a0c79e9f99b
SHA25621a28f121f19edd0a6ccec304915835335e88325051ecdb30fd2ffcecea0eb7c
SHA5125e1f97b3afef3a67c0a3129fd197fdd8143a561ad22ff0cc7fc90fa48bfee73999f74c708c5963d4348edf0c99e0eb9dce07e1d5b6c3156ddafbafbf78e96ffb
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQU8S4LJ\domain_profile[2].htm
Filesize6KB
MD58df6a341d4fb7314beedec08d51ad768
SHA1e0166e5fd12462f601e202613945805b25f246ae
SHA25608d7cd3719021a1ee00f63cd9984dfb26638b1fa15cf01edc47cb783abbef6d8
SHA512346ecb3f51d7d64e197b85884831e137694267d6f95bc2c37c4fc0736a37c2dfd3d74fe082056bc8483ee3c55438e9963d0838fc4ba3cb93de3a2581565361e9
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b