Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

d5e299a5d9...18.exe

windows7-x64

6

d5e299a5d9...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/09/2024, 07:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d5e299a5d9baf61afad93188d24dc8e2_JaffaCakes118.exe

  • Size

    153KB

  • MD5

    d5e299a5d9baf61afad93188d24dc8e2

  • SHA1

    be5f441550c9c159404f9a7e0fc3638a4ba52603

  • SHA256

    084ef1100d5e69f727b43f74660fd06c50e90ed95d75b1d68573008cb24d518f

  • SHA512

    efe3de6aaabbba8eec4ce4bafd683f6c46f804c62ed444bdabc9df4c59ecf876c009e3a7df2245538546759a559c6ea265e22611b754c7a1d2f790d36881459f

  • SSDEEP

    3072:C3XvauEVtwUx1Coy1tHrHAuoyazFyOI4AD8cp1pliMSi5Nw6:evau+t8SuoyQylwMSANr

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5e299a5d9baf61afad93188d24dc8e2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d5e299a5d9baf61afad93188d24dc8e2_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.flogao.com.br/bendylima/foto/024/72757151
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2740
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e8439bb9c08fc7c28a23e212542111b

    SHA1

    6e28ef8f4632aed2ac70701eab0d8f02246f285c

    SHA256

    928a80846c3943f54affe173324445fdb2d29c5ba4ca0f5f3979d799cde43476

    SHA512

    395a1d6069050ca26db974df25bc7249d82c8deca93a62e70f387e9d7f8be7f4a9f9187664cd7303f55d246665acdade569338d4b61bbf1e65bd3b247214c6b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca4a62a70bbea1ca22e68892e1589835

    SHA1

    65e993e5352f09e2028efc765613398736b72621

    SHA256

    b56b9d1a0a262ba24d1b57b6ff96362040555ea26274302b6f926aed5391e312

    SHA512

    d5c79c95d885e8d0f15b3f2afb707be32e24b41d912c16bc17947f0b4b7fa46f33a39927b3965623de7eaf2cf47f900409b8ed3ba0aca169c3467e2505c15aa5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c0bbf063eed6a3da17f306487b2c7b4

    SHA1

    5d650e1eacc167188852c2595609f7cc9086bdba

    SHA256

    c49637dee640d38ae53d6d19878d67d752da1492e33caf85cace0d377052692b

    SHA512

    0bfdcf54d8f9bffd9041010caf3ce9ca2fa11e6bdbfaf01b9a5d13f72970d528244dd857bd88da94d5ab4c459f7381a20978540a83be41ede10bc033f4006f53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    33115332cd3b32ffeafbcc9b92c3f1f5

    SHA1

    6663c0cd39313af7ec6d4bce593c39eea0e95d0e

    SHA256

    98b4e8a0ab13f30e042a9e1b2b5a3542df449c1808f0e2eec9fac6233ca610ca

    SHA512

    26c22222566b6a46a52a4bbac2b0be51418ec2e39ad8b52ba2c3193cd84dfb68f7d575cd3a0ddca6ea5b1b10e23ed9b9afbdddc3f0c670f296315696abbf36e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    78f438021fd010e7373f998d0087e7fc

    SHA1

    4e161d51e08a7278bbf621081dce9d6e800a592b

    SHA256

    2a469e37433c904d2e00208e497b3d3a34757b15af4fdc8bccb8e9d20abde8c3

    SHA512

    4451c16b3afb6bb8a588e387b62f66af11438c7eadfcd82cbd1dc79302444c03431d8390301479ce6af1f4d68ccba2d93a39323909e42dd22144bb862bc41ee0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe1c38f3d068f89365e522282454e959

    SHA1

    cd2e14d84cda59ad2cb82d147661128e14a6feba

    SHA256

    60ecaa6986de59a1f5f1398c8b68e98389450bbaf141ed7e93f16c336e08a925

    SHA512

    095b8a738a15c9a742acae23c167fdfded1b04d9a194fd535b4944ff69638e149e62a4fa1e505d05978aa1ed7f4e0c205a167eb46b79df4876ac4b048ccc370c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    76526347ce9c965c26af4b1fe909ef32

    SHA1

    82654f8b9a65ee0f3c40a880f836dfc500cd2079

    SHA256

    853ac3109b337a6792411c899778b98037e725aab44420b0b512dc0837b23a28

    SHA512

    94fc2af2bb12472bed82fc053d8d8fcbf05c2a66a2cfe73a1a04032867a54f3fb75def105f9dc7234369f3ef25e8294803f79d629abc35d902240a57168807ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0fa86cd48fc74a5876f84913e9513199

    SHA1

    8362d42ca344f7de3292bd8882f5a6e45481b47c

    SHA256

    e76c980fc264320b5549f103854a11edf01315d43a78619337a4eec6ef46664e

    SHA512

    bc36589d3eff15726b4c756367238730330d4ecb372be3b413f59c7ec8fba8300b2489ee4c2ac122320a255ac0ef7c870b807b1ffbe2f629fede34c6315b716a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b52fe0be08547c5d15749f5a296e3d36

    SHA1

    ad9e6704bbdfdeb6ef9efe22882920a1faa3cbc1

    SHA256

    fad3c2636d2eecdc8a696d8caca670eecba8e7b593cbc694eea51f3ab04d2f6c

    SHA512

    7df1684dddb7b2f0e16edc46ca47c912765db629a85ea936b3ee60a00c5d30601457c054074ec90bc79ffe86897d27a049015ad9ff0a3e0d26ff32cfb1ead47f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a0dec8b596c4011777c2c867d791d921

    SHA1

    1e48c284aba12a63add44020d8134c5a198ec9f3

    SHA256

    627341027f7501036541e23f6f7cc57e84a7e62b3e0cbbf7a9d0090a29376492

    SHA512

    d30d49ab4683239bf59cdb1b5f12cff6c03e77ac588f41d272a4ff04ae5352ee3ff567a0441d59bff343e0de6ce64a00cc5cddf3ad3a37108237c56e635d678f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    37f763d8f4f6ed70023e82d6c27cc747

    SHA1

    9bcc6d7383430f0d3cbb26c47afbebd373295386

    SHA256

    c6dc6c7c82f87b1a3147bbf78f2cef6675701acb086677a50d59581c4211e16a

    SHA512

    b59ac5410b2feea4d4be810fdb40db0ddb753116a756ec35dd6dc4d26a644c929105fb53469e276136f0c6db0a5b586ab365bd29c6dc4cb17e2b2cb313f77960

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    86fd4c750b81523a0aed8f8717bd98dc

    SHA1

    55588c86f5714f554ce7cf0d04d285095f118ebe

    SHA256

    9ac8f9ba85010dfc1a97fea367135890ab1dda4e9fbd3813f18725867679dbf0

    SHA512

    25fd4600ef11b85eb8cb0c2966e50cb63c9a0f6207a82976750a734521138a09f8925480ba5ca149d3aef5e6b2223d54e0e440aeadd8435a2bf60947599edfe8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e0a10b4505083abc9e7a15e8854a3e5f

    SHA1

    b94ee6a7d57b97b49c7e334050c438a91069a869

    SHA256

    34a04a5080077c1900bc545a8de9867d75ed24f10c5f31a63c014d29e0ddae85

    SHA512

    fbb94dd01c7b473ba6876c1a1a7b28f0d630bc74762b1a58bafff5a3ce053dad683de37f8b98c5de991f9088bc677e5246355146843d76718133e89763700cff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    37fbcfba062d885fe54d4036ff190c11

    SHA1

    862882658e697a592f265a9e6f28aba72a11ce42

    SHA256

    9d245d3df0528bfeea9867fd0c798fad45d659f2a33b83392079f6b7303076c3

    SHA512

    4df86452101acae79f336b41dba4b335fd2349852e82be07f1a7fe3d0dd4d462f98d95a1d1e3459203e43150b6101114d8fcc4cb0326ea13fcd0cb841a5f8a8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7e8bd02ae617a1667bd74e9b5ecca264

    SHA1

    6eb9ed7c4df92863e13d0f889065ad127fd0141c

    SHA256

    f9f0a3230be1232d6f50df14b8fa9dd896da2f48200fa9e0ea5870e3bb75c0c7

    SHA512

    fd53f8b72a29577bb588004da3a3b8439439548666d22232277306200c06aa7fdac293ef0cfc5817100a82ee5c9a11099467ca351f2b8bdbaf8d15e5609ca092

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f15a39d9580e53b4a09373377ea0c36

    SHA1

    cef1b0606577c99cde8a8024ac09885414deb7c8

    SHA256

    791b89f355d8892c3678dbf98dd04ac98b777074f8e27827c149169b363d6cc6

    SHA512

    6a2dc043af8bf7f0e76b7ae660f57d050036c57dedc0fff18dd14bd0995db80311c6739ac60aa97830032d7783594f2005511330dd947bf08de919ab0a02fde0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ac9c94466ff6653eb7ce50567ea3299

    SHA1

    333d9434fa68cdf0fdca1d8184004026af9aed47

    SHA256

    826576e85ba89685bda70c95dd9f885939d9587fc89dd9b81743b66da2151f74

    SHA512

    594cee1d5f388eb2cc3f3dc7cd9ea941db29c804ab30c71c9df8bb65793f04233763fc66b8fc49311ccc0d68895e908589db1df85173883cd53f505c922b1620

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cf0439b7e1e53ad260e47732d67653a4

    SHA1

    893bf54921fc7ec34f77970c117f4b06d07972ee

    SHA256

    07939db979a38d54b7f24fb6aced713d183ab34b2a4ed9cb0e6cc8245211cfd0

    SHA512

    0ae9771b1c88b95b99add6f73c165c7a060af2e331ba16fc34daf6e5bccea72e856593ebf8c50e4433c6aec8fbe8c2933324955ae724d0e582e3fe739b476a9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fadb762b05b624183aca6c146c4b16c0

    SHA1

    11753a5181381e6ffa0fdc3b81f94d05c3b837ca

    SHA256

    7eb5afb2cbc8d7d068ea781fc49d1f2b2da634341a609f561a9ee9d281d305cc

    SHA512

    97ed8eba145aeb8070d1eb9afb6d7a9a4ecd378515bef4a157ed30cd6e022564b7071d28f4597bc571d76b4a8de770ee5f2f44c2957f591071538784ed874035

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3653ad0568a8a7b58fd489624789742a

    SHA1

    64352cb36b5dc15920b6ea64c70fd41be72cabd2

    SHA256

    f0976a3001d2d5884f42cf47babe1db644ebd043fcd6bb90ce1fb59d86cae015

    SHA512

    8c8304d3095dd621fac8d0be3e36ce63c92ff49e3b2ac69e1876adfdbdb751c0f357439e9cd1d39bcffa0adea8e02978733ce3537e772f21fb36092ee084ab43

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\recaptcha__en[1].js
    Filesize

    537KB

    MD5

    c7be68088b0a823f1a4c1f77c702d1b4

    SHA1

    05d42d754afd21681c0e815799b88fbe1fbabf4e

    SHA256

    4943e91f7f53318d481ca07297395abbc52541c2be55d7276ecda152cd7ad9c3

    SHA512

    cb76505845e7fc0988ade0598e6ea80636713e20209e1260ee4413423b45235f57cb0a33fca7baf223e829835cb76a52244c3197e4c0c166dad9b946b9285222

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4TQDAHL\styles__ltr[1].css
    Filesize

    55KB

    MD5

    4adccf70587477c74e2fcd636e4ec895

    SHA1

    af63034901c98e2d93faa7737f9c8f52e302d88b

    SHA256

    0e04cd9eec042868e190cbdabf2f8f0c7172dcc54ab87eb616eca14258307b4d

    SHA512

    d3f071c0a0aa7f2d3b8e584c67d4a1adf1a9a99595cffc204bf43b99f5b19c4b98cec8b31e65a46c01509fc7af8787bd7839299a683d028e388fdc4ded678cb3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7233.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8D63.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2792-0-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2792-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2792-2-0x00000000005C0000-0x00000000005D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2792-452-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2792-155-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download