Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
08/09/2024, 22:24
Static task
static1
Behavioral task
behavioral1
Sample
d53129a10b8b0daae91360ae40194bba_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
d53129a10b8b0daae91360ae40194bba_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d53129a10b8b0daae91360ae40194bba_JaffaCakes118.html
-
Size
869KB
-
MD5
d53129a10b8b0daae91360ae40194bba
-
SHA1
b178b4cffcde8f6596d1c2e35196c9fbc2f3ea77
-
SHA256
0cae9eca076963b0d2fa1d57491a41df80882eb5b40a4dd8b5164566041aff7c
-
SHA512
65d28fd2c043cfa4743e79e5dee60316d18c75b4f30d6e71c3c89b767f1e57ae59a34514a14a338dedaf79ad0b480b626c0e1dc79cb76fba5a7c81b0cceadd5b
-
SSDEEP
12288:H5d+X3R8mU9jFi5d+X3R8mU9jFe5d+X3R8mU9jF8iS5d+X3R8mU9jFk5d+X3R8mY:3+Wt9BY+Wt9Bc+Wt9BPo+Wt9Bm+Wt9B3
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1B69A541-6E31-11EF-B961-D22B03723C32} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431996134" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 856 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 856 iexplore.exe 856 iexplore.exe 2440 IEXPLORE.EXE 2440 IEXPLORE.EXE 2440 IEXPLORE.EXE 2440 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 856 wrote to memory of 2440 856 iexplore.exe 31 PID 856 wrote to memory of 2440 856 iexplore.exe 31 PID 856 wrote to memory of 2440 856 iexplore.exe 31 PID 856 wrote to memory of 2440 856 iexplore.exe 31
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d53129a10b8b0daae91360ae40194bba_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:856 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:856 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2440
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD502dc4004e9fdc77cf8d6f92432cf7513
SHA12cc81714725ff7b9863815be8263e37977b70f9f
SHA2565973e6091c9f665e63e6b98097eb665aaffd97f124d27b62b4448c404ab7d549
SHA51252fefd2e4a69f41b8ba5c7e2d57d9295a34ec07eb58ab27296a30186ff8a90b5e355526c89fa511e8db3b47227f3aa437e2080a9c423cc532710bea305d799e0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD546bd2a67a73916c0ddf86375be557e5c
SHA1bacc82c3eb5f79392be5deb1d308e5ba723db792
SHA256c9a7e1ba06b662040a508615d2a33877539197da8e994cb0d9b9f649ea0818e1
SHA512f376b6e3c0b1ca1476bc9cff800afeb33bda7a9a8e531dd2e26582bdfe96b1b1b41a4f3d867e863d2d606a7be36ac2bb5fd66deed237c26498faa86b1acb8ef0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55cc67c5cfeb86ca63d665e84c5f3979d
SHA1257e3c0cf019c59d88e90497013c657847375889
SHA2566369fdbcb64bb409fe982268a1745e7063f8d570abd47230d65183c1c0f8e34e
SHA512c081c9b7326404292601fc9f5d50cae4b32c93f97fe9dc67e34eb84b4c3cd89611513e6e312d8268db02a2ed4ec89ee4e9f9e5e0e4cc50bff8ec7cdc87442536
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57ca0b28791e88a873c064431fded95ed
SHA1a905066558703050bbfa37dee309dabc87ad588d
SHA2563e4a32a457e933369fe0250deedf4164476821ea3fadfe1767ac379e699ce56b
SHA512c838108b2488760ec5635559fb96f4415a03847e2af67c8b1cbfbf06d1778a55146e11e6d61ae5655ce27faf5b97a6148548f5c44d5a785b62c0056ef5732bd0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5415bf8e85355f4e1603e79342d057759
SHA1b2dd555ef273aa26db37c72dfa88aa7e453880a9
SHA25696d06332ba1d2a27fecdf326914d17bce69f11457f6269d451b19c037564b009
SHA512b4e35c2becf698b0f59486dacfbfe04e0be3b2cd16b03c703742d2531882caf02fabfbb134e245d48587d4efd4c425639c99fd2f93b33f9180716b123b1d6a87
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fa8c0a839f7bcc151cc93ccf8a416b2c
SHA184ea20bcc6e37a2a030b9e299d883212c20109dd
SHA25602fa933675e6c344767f2e5a4ec23193af70e0441b2a17590eee314efada6d76
SHA512d264e32594dc5671e8f0f00579ff980affa83f5fc05a002a4834625c751cef65cff597a3d80933583fba45ea9aa77af11ef2e8e6b66d60aa374ce1f6ccedb447
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53559574ccc683aa0c1d7b0f2893281b3
SHA14297cc4baedd86ad2e73b81dedfa933a5ad96cbc
SHA2569215888107c2badda12353311d4a78455a0a3fc8d8ca8e52c5f54b1f2b4c60b5
SHA512c3630535bd893b3d901c9c4374e071104782dabdd305a9965f095c9325951141739ad758e9a203645bb80ba6cca436cc2e84ca2332a2aea084b473740c02eacd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d2b905e57fe090297fe8ce4f90c07d22
SHA1171343d93d54b28983086daa12cfd4c24320d7ac
SHA256af4055fba8fc73096b7c341393fbb908df319c435a3e05c56329d148f9de18ec
SHA5122801dc7b774d3a2c277d90babae96e4a0434d6dd56de6ac95163da265d0eefa03c9913937c32402814e3d7fcfe1f8cb79395334e2459257309918f6dece514fd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ff9f318d55de6b34178675f74585e300
SHA17867333252e388f56a57febf25bf538baabe8376
SHA2567d9d6ac734106f6079a93f3b40d29f078ea37a8146a32da48d943dbde34c3f42
SHA5124447494b4deb61d4509ea2820a6f9bc077cc85f16b2fedbccafe05f468be9ce162253797aa0d2382f12945a8c5d1c03efbfb657688e18ba9eb8b96e4d665831a
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b