Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d54c0d3c13...18.exe

windows7-x64

7

d54c0d3c13...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    08/09/2024, 23:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d54c0d3c13fdd508148a787ea54166c8_JaffaCakes118.exe

  • Size

    346KB

  • MD5

    d54c0d3c13fdd508148a787ea54166c8

  • SHA1

    8fe62a4d00f47e3e8961e7c52682ca643f5206aa

  • SHA256

    51081d1dfc23e9c70da4cfa8a79815dd28587d92f087168f91e9684a01646049

  • SHA512

    470ed178b5afbecdc966bb6a2f7ae0f0b33ae22103e57b9ba0e6254974dddd5caaeb398aee513dc75355fad11d57d8ddbc1163f43ddefe7da14ef99d5d7d041b

  • SSDEEP

    6144:ye34InvlhNC7JuyKAs8LG9R3HNe76JvML/9c7Cr7Ob+FV7:jF+YyXSvi2v2ICvOb+FV7

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Modifies registry class 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d54c0d3c13fdd508148a787ea54166c8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d54c0d3c13fdd508148a787ea54166c8_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2904
    • C:\Windows\SysWOW64\cscript.exe
      "C:\Windows\system32\cscript.exe" "C:\Program Files (x86)\EditPlus\kk06.icw"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2780
      • C:\Windows\SysWow64\WScript.exe
        "C:\Windows\SysWow64\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk06.icw"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1364
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
      C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2864
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3004
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3004 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2580

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\EditPlus\kk06.icw
    Filesize

    132B

    MD5

    e8827bf20ec554f76c1f3600aa9625e0

    SHA1

    059482bb6d7c305a6ea27f9de13b4d4cd2fca080

    SHA256

    ad80a854d40aa49d6024a558bdb3ac20fe6476df3c1e9b76b87bd2c782be66d7

    SHA512

    edf990faf8c3f30fc0ce95456d0e224deb780b9d4ae94af912e85b27e933c92817f5ea35f524481aed79d4bcb9d8ae8749aa831253645722ad316a6eaa126ac9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3b009d92f3c2da081c48d01eca844e3

    SHA1

    3bd1efcf4e0778d38bb0832f4fa463b1062265e0

    SHA256

    c64e674bf10d43eab80955cdff30658a9f254e7e1077352bf323e86218e6c9b2

    SHA512

    9a5767a969c40093c240e5e815de2cb58ae9b7618baaacc5a330f9f2efdd630e8029fbf5ef7ac91a1e3ff93edebf2f51ae66a84b6ecf6930b344b88c8c7155f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    19ef3d3451ed5f0c1baa818b102afa98

    SHA1

    21710e90611bbe6a994626734b53c7438ad62a5f

    SHA256

    217b8e29684ef3acc86bbdf8ed81a7d1b81b7f56957e80d649ce3034e3b17e4e

    SHA512

    12299ba75f098d0d046309391cf544f31f709518500d4941e08f314a0952c5fb4781eacf4139b9a417d1842de7772b0a0f1db9bdc9f2d779549281ed96d95e6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d7f81337d891caec5029d900839eeb1a

    SHA1

    c1d578fe6bfb2f45341fd1d495c71d76c80299fc

    SHA256

    9f2d74e2be1390a86371f4663410fff1b113c78c485b5d9a3ed1438b445b92a3

    SHA512

    1ff3f830beaee5cd83bada1c6420e701e52962c4aaf2a76d9070ab5b22e028c0790cad3c51846127f82f5001bf304d03dd57ca73a1ecb790591c0fb8ddf040d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06099c8456c766bb2feac92128c3f777

    SHA1

    947793cc84292fc2039077952624c9972460027d

    SHA256

    56ccad01a81d48ffa460be73bab07e97c7803e55332802d28a44801bd9a2f67c

    SHA512

    003e7159652d8a71535054da6d7d179e940be8e4e7a9b6ec19f0d9523ed77b0f8a1a2cb3625b73bd129507917c9dbe58721d58fb3b48c9a4e64a0984ede540c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    64e80442a1831587f8d29efcb5c53058

    SHA1

    518bbf2a7f01f4d744fc9c0bde5e620f138427cb

    SHA256

    68499371f1e4848672dd05335edfd73ab04ab32486b85e06b3d9c2ec8bd6c342

    SHA512

    018e1fed2e48cffa9948dfe33694af47c0277a6560e7f6505f346b8e3d1620922ebc9187ef5765770210d32e875819e8bdf4cc4191007ad1b45be078f46af00b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ef0f0268296a2ddeed0774de0a4ae36

    SHA1

    56fd3413206035ff0e9362f720aa0faae8cd2003

    SHA256

    d50f8bdea6a5d4ae035939df8e5b8e23bdeb9a942f762c00b6f11d9a7c8ac7a0

    SHA512

    386ee56b3ababc23fb87ec4599e70d5e8be1339763dddd9cbe3065bb41136c43d6f6512565afec52fc6ce8efaac28149e34f9d4071f3df84387ceba9945e006c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dae0d94db66409a65d0f85d83cc6e19d

    SHA1

    739d27cbe3eaae87619df8e103dc3d3ef96c266d

    SHA256

    b72a2b6d45a977b71c307ba19681f24c094e4c827558989f3aa14f48e63bcfaa

    SHA512

    3576e7824f81f7b2dacdea4684e2882b06c91865db9ddd90cc19c79ce3823a13737e0692873a16612fd76713411ef9d4d68164df54ed6300dd14fa2d610f4822

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48583098970ec5e16f9a5e3f31d455c3

    SHA1

    0973bc617fa813591df78e39141cf2f6df6a34de

    SHA256

    4f550cc51290a4bec26dda68d2e4dc96cca4899728596a10ae403c6c700c8f27

    SHA512

    668223f0fa09148aebbc47b4796cbb0b7f29f73d03fc5048e106fa4df3d6e25d0f36b33e0c54d6e9a99052dc264c5ebb3a1663e305539ac2837122ccaaf44e98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8a0db430004bd7bb387d321bc85091e

    SHA1

    910059b00da02411e11b98cd35348bf14d7cc7e3

    SHA256

    5d87b120c78bc7c8609ab4cd4c3ceedfcb2b01a0f11b7674c98aea311985f377

    SHA512

    6407a4f56be9e4904105668b876fa900021f02fec9d1a08415e007392d205b991ddfbb97aa0c2c3345911277c8c5c9c931e7ad492dece7f27e93b4a8f413d365

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    98da6f5719e2fd168c97002cb58905e0

    SHA1

    6f683026742d070a558a3eac6dda7eb21b5f9f8f

    SHA256

    e29f35054df983d7d82e90849ce5ade85650eef51ff3859b6c638185bab42f5d

    SHA512

    1dbf898f8a2b642399649e55fac44926eb963824108b8551ee433811c27753509b53b22acd17ca216422913b9210668ea23ed1b82a87a93869ae0b74a88662d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9cb71d18672ef87871884bf97932161

    SHA1

    7b807d8f501b4a41f8b7e3b46136b4f2d9aa6ffd

    SHA256

    3f550604820e195dc2995e2ee96693992bf0f89e5f394eb262aadbb947217e06

    SHA512

    d4947d52fd8d87bfd65e0ba3848ae21e9f86fd16122b826c7656b83e1bc780975dcd2c32825e021ebf2f40882ffff414a9aaf5f739814db42e0e4ca95e2b0ec6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fdd40ab7caa3357f8dd5c24de75efbfc

    SHA1

    10401cc51649cc0f03f173cb46f5ba69b92c3596

    SHA256

    e7bbcef146f9869d66484e31b76fa2aeb6f4e31136671808e3d57908237b881f

    SHA512

    3efdbe023f861d7039bf3434aa5f06585bb7b50e9a536b6dff97010c7d201d9a8699c6ce0ebb9bb0a46c3c0598e4ab447b1ceda6b7af8179ce09cd2ec982d87f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5558cb631e428bff30cf08417377e7c2

    SHA1

    0db7e83b7b0e5901bfe839784db6dd57e59c640e

    SHA256

    d5f61eab278c21e408254a461f74c23e3332446d3ce55d2447cf4f1a008c2b79

    SHA512

    ee2103d7006ab6ae57c88ec7d3fdf51506e57db4a3e5243453e8a5fe26f701d2d055c1eecb7fa98b461de3d09be8815985e812713e8d240d6de71feed53fe6f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    454138e222e5fd0666c21d837027e244

    SHA1

    2b870c3ec426eac0509ce6ac27918028372da0b7

    SHA256

    d2d8d3e553db71a3d22444d546ad428564e4ad556b7bde039891af65c4942f62

    SHA512

    be423efcb07b92cfdd28df65fb42e0d25b7d1691b5c4776527578c806ac0c889a2eae2e0fa16963e67384f58e279e0a04b11b1fe25161d5d7a460fc7b2d71421

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4685.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar46F5.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk06.icw
    Filesize

    840B

    MD5

    85bd7d71eedeaa01636231b1231fdd06

    SHA1

    c8af1dad859076a69209538f427edb41233f6d96

    SHA256

    580cdb16937503cabf08764a9ed6aa6aaf8c2f6ab55f8c175dd1ae164303e3d0

    SHA512

    b7fbbea1d1dfae2e7cac52fe7f0f8b5683d9aace3ec2c62cc40c8dca7522404263b842581a6e60e4cece8d338c0ca9ab0cfd04d39c793f9d63b00c006d802200

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\statistics.dll
    Filesize

    80KB

    MD5

    53258ade28629afa8fe6125e56e26533

    SHA1

    29a5f981763391d167fa60d8f0ce0523879e8e8c

    SHA256

    54532d963c2850c58e0b35a955e12f5e81ce188fc3609af0571a75bf21375571

    SHA512

    ad9e1b7f391a612dd8d7a9175d86a22ffce575104da947afb99e834cb63c198df170693a8cfe576119473006869aadb0debf1d8651590efb0256ead1beb2d606

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst1BFA.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst1BFA.tmp\nsExec.dll
    Filesize

    6KB

    MD5

    acc2b699edfea5bf5aae45aba3a41e96

    SHA1

    d2accf4d494e43ceb2cff69abe4dd17147d29cc2

    SHA256

    168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

    SHA512

    e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
    Filesize

    44KB

    MD5

    7c30927884213f4fe91bbe90b591b762

    SHA1

    65693828963f6b6a5cbea4c9e595e06f85490f6f

    SHA256

    9032757cabb19a10e97e158810f885a015f3dcd5ba3da44c795d999ea90f8994

    SHA512

    8aadb5fd3750ab0c036c7b8d2c775e42688265b00fe75b43a6addaefc7ee20d9fa3f074dd7943570c8519943011eda08216e90551b6d6a782b9ed5ce20aa6bab

    Download Submit