Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
138s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
07/09/2024, 21:02
Static task
static1
Behavioral task
behavioral1
Sample
d2d4cb35bc1de4d5093d8b50fb5cdd8c_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d2d4cb35bc1de4d5093d8b50fb5cdd8c_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d2d4cb35bc1de4d5093d8b50fb5cdd8c_JaffaCakes118.html
-
Size
120KB
-
MD5
d2d4cb35bc1de4d5093d8b50fb5cdd8c
-
SHA1
2a52a097f72f3fe9fc1ed2da96018f0a9124c120
-
SHA256
5d8e296ce729d09ffb498bb27577b1d420900f8ac7e3471a6a0533ef8598b6fb
-
SHA512
2ca16fbf6927a496a1379ed1591fc65301d9fbc8f6849a0b5b65d4ff37bf0c4b1627fb465c0177e7765201267a897b750f79a746fe4d0172a0b239d6a403eb2d
-
SSDEEP
1536:4ptJTKLqa3z3xRwTfBMQizeti3krM+ZN+Q5CKr+:OuLtrxoN438DlCKr+
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{87B4BAD1-6D5C-11EF-A1E2-7E918DD97D05} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431904836" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2644 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2644 iexplore.exe 2644 iexplore.exe 2688 IEXPLORE.EXE 2688 IEXPLORE.EXE 2688 IEXPLORE.EXE 2688 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2644 wrote to memory of 2688 2644 iexplore.exe 30 PID 2644 wrote to memory of 2688 2644 iexplore.exe 30 PID 2644 wrote to memory of 2688 2644 iexplore.exe 30 PID 2644 wrote to memory of 2688 2644 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d2d4cb35bc1de4d5093d8b50fb5cdd8c_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2644 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2688
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d090ed6e5d107bf04d7dcfac813ef2db
SHA12465310a1cf9ceb981b4825d220b563c1b06f546
SHA2560ee2d0845a4618fec3906beb59a41908d6d09603f396a446e1b0bfdbb4909fb4
SHA5129023540ce41d0fd4d677200b504c86f678fd70447ec357fe5512095ee724de798fffc111df06cac39db51b70d18a1bcedaa84137e39d882a392d8a9d620cab78
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD530c0d66af6b954be8fda9df8ee6a0a04
SHA1c2a6501ddf84fccc5326ab13dedfc430f0402e4b
SHA256e635571e864eec78804d5f4aef8c02e2a78434c18b356b120108efe33be49483
SHA5123a91b0521ec72653b66e1685d0ba860dc508ddfc23ebf101334f7cea39d98d1616a5dbf19bc28f77d811c6950ee5af2fd8d6cf54cc736f8edc8783ad64ce7c3a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5de9f383ba6d8046cfbeef076527fc4c8
SHA15558e9a29dbbb345e2bdfc628afdf8676d1035c3
SHA2566d8d5762ae8df70d8d11d3d61ca925d9e272d403eaf94839ef20f51f41cec831
SHA51208ad1d852c6ade79538fc52290d9190892f36679c1db45a7c47c10ddf5e9b5e0a10527a67ac5d0b02c1757b61c8f70a17e40acece91888b8b8bf0f14e846bae4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD599ec08f473e1c3c502440ba969c0afb1
SHA12fb3a302687278f67dc27bddc0b8171ba830e600
SHA25648bda1e00db424262386da22c218ba3970c17e2f43e6b75b67f83537c3fd6295
SHA5122c1977ad803050cdb0c90418038adce2dfc72fcdf5dfb9f238895822a1cc320afb72e9bc45c45940c84c4059d92ddb56df6941bce870899c3ad2fadc4aa5e464
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59a90721dca34e3e1d3345c6c62c2afa9
SHA10d9564921b3212ff24f99adfd6e990fe6abc8eca
SHA2561fecae91fe9e3875808cb4b60f34f4d8d930257bc723f77185becf4ef568da05
SHA512b85f66516f4006c242eb005952d9dc16c6cb641cb0896a947f9c7e26bd7026505e8248ff80385175d9a6b0e834076c49155d7c1217addd6ea5c5a5822f851a0d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f3d6bbd666f8ce4a2ad423baadec8ab4
SHA1fb6b789b471fb5711f19e2fbadc0e50f35a3c4e9
SHA25612dfe7de49768dcc3250265abdae52e25bd4c36a0bec3d67c2a4878b57d2ef2a
SHA51279afc11633ea5240df6021d43794a14c89d3ae2f112682feaf28573758d704e5ac8311ce06d3a458fe545cb226a69212bb6684a522eff1c370e93df957f84714
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD583fc384a90954e213f8171ea6d7ad24b
SHA177f2ad1c6b624d76fb2ef64b03a220fce028eb9a
SHA2568ecd96ba8b3a1c7a58fc090855ef367b0350890b083db6c8b0d91b56c9f67d0c
SHA5124e8a5e018ac2f3b9a84730407f06cdafabe6da3838224f8bc1e59d52309914d70d9470d5f58a6ada76f87e93fc3ad23d3df650cb6766c82b5d36c1e5b7bf263f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58f3d402bdb6ec5e615bb324e03e242ef
SHA1663926ab48d343f56cddfa545d684d7f105dba2c
SHA2563c7d814aaed19632e18fc49d374667a3b50bf608268afffba621fce2075992f6
SHA51217c95f654049dc398ebcc5bd809943ec867b82f40225692d8173126a7c3769697a93829c63a228b57e85008f235d1a4eaab81cd24212359cef182b48300298ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5610cc8265a3870edccc5907b824f7636
SHA1ebd366a44c56e69d02f92715d37b605011cfe677
SHA256d2f76ee5ae4c456b4f12341c2995d81a8af4b78b0ace6d4c4d3020c65c7223b5
SHA5126b2b48d5b9d4a8de579f02a91bcb83942dad4de47aeaefd9b2ecc09f68b8aeadd3dcf63a54efe0e4a9262e120571239b8730ccfacf82776f956f526fdad92e2a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54b8cab1b99f2cf57804203e15e00f7bf
SHA1ca0b9627f3787333ae201433a976c178e0cf2412
SHA2565aec1de191a04978546ecbf2eb51e2265fc66246cac4443d26fcb1422e9f037c
SHA512d2bd5a618b30dab77b5514825978af8007be34bad6f8cf1bb141fb12c45c73c48ad69453132ba85763c8d56c9bacea1b7410fd2db6458013eae23a265d7603eb
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b