Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

da665f559a...18.exe

windows7-x64

8

da665f559a...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    140s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11/09/2024, 13:00 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    da665f559abd4989a80995dd6dda129a_JaffaCakes118.exe

  • Size

    71KB

  • MD5

    da665f559abd4989a80995dd6dda129a

  • SHA1

    4b19ea54e57b8902585624d137c10273a339cdec

  • SHA256

    dcacfcf53c8ccb10edff0852d750fef02695884b407bc3596746af9df358bdde

  • SHA512

    2cf3d6f31bd52f1f3dec4c84cee64497839fca8ec4b21f8bdd5419ed355edd70402f054a6ba361110c249a11284fc6f2ffa4103ed3dd93bada24b00b025a5994

  • SSDEEP

    1536:WBej95nI6HSpc+UIqnEixqOLaJ5bODOHC:7LnI6RoqnxqRjUOHC

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Runs .reg file with regedit 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\da665f559abd4989a80995dd6dda129a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\da665f559abd4989a80995dd6dda129a_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2904
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c C:\Users\Admin\AppData\Local\Temp\a97171.bat "C:\Users\Admin\AppData\Local\Temp\da665f559abd4989a80995dd6dda129a_JaffaCakes118.exe"
      2⤵
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2376
      • C:\Windows\SysWOW64\regedit.exe
        C:\Windows\regedit.exe /s C:\Users\Admin\AppData\Local\Temp\984.reg
        3⤵
        • Sets service image path in registry
        • System Location Discovery: System Language Discovery
        • Runs .reg file with regedit
        PID:2736
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /S /D /c" echo y"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2820
      • C:\Windows\SysWOW64\reg.exe
        C:\Windows\system32\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Microsoft Genuine Advantage" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\MicrosoftValidate.exe"
        3⤵
        • Adds Run key to start application
        • System Location Discovery: System Language Discovery
        PID:2836
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /S /D /c" echo y"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2840
      • C:\Windows\SysWOW64\reg.exe
        C:\Windows\system32\reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\systemRestore" /v DisableSR /t REG_DWORD /d 0x00000001 /f
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2844
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" "http://exibir.flagradas.com/"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2884
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2864

Network

  • flag-us
    DNS
    exibir.flagradas.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    exibir.flagradas.com
    IN A
    Response
    exibir.flagradas.com
    IN A
    3.64.163.50
  • flag-de
    GET
    http://exibir.flagradas.com/
    IEXPLORE.EXE
    Remote address:
    3.64.163.50:80
    Request
    GET / HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: exibir.flagradas.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 410 Gone
    Server: openresty
    Date: Wed, 11 Sep 2024 13:01:00 GMT
    Content-Type: application/octet-stream
    Transfer-Encoding: chunked
    Connection: keep-alive
  • 3.64.163.50:80
    exibir.flagradas.com
    IEXPLORE.EXE
    380 B
     92 B
     8
    2
  • 3.64.163.50:80
    http://exibir.flagradas.com/
    http
    IEXPLORE.EXE
    583 B
     616 B
     7
    6

    HTTP Request

    GET http://exibir.flagradas.com/

    HTTP Response

    410
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.8kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.8kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    779 B
     7.8kB
     9
    12
  • 8.8.8.8:53
    exibir.flagradas.com
    dns
    IEXPLORE.EXE
    66 B
     82 B
     1
    1

    DNS Request

    exibir.flagradas.com

    DNS Response

    3.64.163.50

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b882ef4d79bdb1b3922db1f2b77ea4e1

    SHA1

    432f2da5e0fe5e39c5a08b6aea56841b84effd7d

    SHA256

    7091fca5c993ea3ddff8be48d12f0a6070371a392875810fc2ff550e4d442344

    SHA512

    838ec6a7b53af1c5a0366d49ff5a72a1d31c1d351ee3b75998729615a778eaab2a8ba26036d0f58c3b5a3df1c75817e45852dc580f57f41651d88fb1da6646c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    438e6dbda2732dd26f03fb1779d17cab

    SHA1

    3722d2f48294162a0af694a63aedafc614ece370

    SHA256

    e8d9f091ffc73bf318c1161cb2bc1be3328cc2d45a66ec7dc4e38daf218d1302

    SHA512

    5499016bfb4bfd4a84645921f8efb70c7c62f278b62b00c52cfeffa54486d566f0a3187922d4f2b30ddf55120bc93eb33bc732e0bd036ae7cd574c69a2dd839b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6a0ad280140bb749c16d0c350eb188c

    SHA1

    da247c32c30927c2269b08f7edff6655ac45dbdd

    SHA256

    f024c6b1bc8ef44c54f4e1bfa6ab68a37fe3e59f4d1212c6e6fd8d2f41fefff0

    SHA512

    9ecbb330525f5389ff18535f11c2a3b0b8f165e0f25a3837f281f917328e48ff798cae232fba8ade7ac6a8acdee6c3d022a9acadd2d6d2d653a30652851163ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b9792be1d42d8985dd7c38ef1ae1557

    SHA1

    0b2e075927aa4760998d5c71e8b62de02b7a3ddb

    SHA256

    a380e1aedeb7065a0377bb9bec5bfafb40bfd661be8056f31b4256635c2df6d8

    SHA512

    2d8040b2da848d95adb989924af8e9b8625314e50c94a81d39e420942933b398e3fef46909b130be003fe97a314d7197f8825203936743655752120a5181f0d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    636e0f6821b70c200f7d4f2c3a352235

    SHA1

    667a6590b384155867b0c4acbf9d70e69d267188

    SHA256

    8d3effd210ec0d5acd93bc7237e2c5c23fd6f3d5eed406dfbb3bd1bee18ba1ec

    SHA512

    e4e62e36d3c20fbc7e8a437f6fec00039a23873b30c738ec59994413725a76bb5872a24a6c97de457ec5017e49d347198d400db30dd133f64d13433e3727efea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7d9d78e514deb2e6ad8a0296cda17c2f

    SHA1

    0f5561f633adced9b9cd9c7362e45b336cc35a56

    SHA256

    9dec14af35b846b9e45e810c921eb44f3a10fd6ae34469d9f15a2eaa438673a4

    SHA512

    2d3ece236f57fb0f7eade8c36125f167c953ee4753314fd785bf4f9b6666589d18b1af3d9733df00561c807cbcbac40b17517ba09eba5cad186ecff24d491fc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca0316c73ed0d485ff2fc7bf5965e435

    SHA1

    e83b8f50ee4b47c7ed66b2e08e3ec476367edaa3

    SHA256

    efe703d17fcfc94f65dec4148e7fae8aab0fb0afab66ee7d48720fa71aa01eb6

    SHA512

    7d056810495336863b0a36b0da6e757ae4936461538bbe147481940b4d40bdaaffd6326d0497fb0fcaaac9ff95becabe1a033cee71977e5ddd3e9eee5501f8b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c7b7409248f46225bb1aca9c20dfb66a

    SHA1

    80e94a8d787d885a0b6965dfd69a6bdfcd458ecb

    SHA256

    e41635b1a1578cfdc875350b0704a6cfa5079829fcd8890d6d972a16c517dc48

    SHA512

    ef6444fa3f00c499942bb7eaf9b673e0d11f2a00cb689232cbc7a5ef93b7b3d660e8da9c20f7a572e299e8fd3bd7e20b969240aa004447b990328727a2ebefe5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73b471316ecf7c95ab6e6297055bf5b5

    SHA1

    b970fb7dfc8f9fc4e31482e98926d356fae52695

    SHA256

    58e2c66d9c4a2e16f34718fe7321064d28302e0c329edca8890437a85579d05d

    SHA512

    50ed00f201a538e28046aabd945f71e8d96aed5df2dd2009271734a7bbd1d9abcb0f37f48666c495a7de23622e47680ed9a068454802acfed93968b1d222832a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    569fda0bba018df74221073a7d0ab13a

    SHA1

    977a4cbb79e30a89e02a2cb8aa1203f989368078

    SHA256

    4066abe32344613a7ccd8727b26ef3dcf370bda1ae98da8fff20ed4a8a17b46b

    SHA512

    1416a1586dbfa8ad84f723ef13ef9d545884acc9eda1cd34f5bc30dc0a933d5dfdb94a94dfcac4e11c774177926ce4af5669bd68c5e7a90d5f336f17da338273

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c7f92a3b2f97b4c86acce7197bb38e90

    SHA1

    6d64f8533ba51fe5afef098139e1cdc882c85bd3

    SHA256

    e52e0f441e88886004b3b2c1ff080a4c8cde5863e4b90661115f2d7d3062cbd5

    SHA512

    76bc643ed952031f43b100a601637644c937ce141eac9d37e4ca38214da4e0c7b40255cdc2728ac6b4160628951d3e8cffbaa8bc2446785942fae303537415f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18b4bffeab8563dbd4befc7d52e068f4

    SHA1

    27ef600e1b1ca1bf772b9b9af57c769190914952

    SHA256

    59071eee19199b22d06cad7723274c6223445326da2feb6f3640ffe76e269b1f

    SHA512

    ab1039cf51e20fd6b9327e0bdbd944f5d5499e17fac2915ca388f42abe73dcd24816779bde5dd87c66273275723ca318ba0af456fb7f2d6eabbcec238cdaae77

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5d1c83bfb4bdb59b1117cd0b6146afd6

    SHA1

    f7ef39184bf3e480eda9d701742e8c4f8da1721e

    SHA256

    0eb71b5b80e7c7fbccdc8492af77c6773647314622743a231017b96777f7871a

    SHA512

    688efcbbe377556cf0cd0b270ab2909deae9b03439819cc2b78e18f02a92e423a430d5b39323d6329abba71e2f34a153db22c69a1d4d78c1424609ccd81aefa1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    00b6ca2971e47b995514fad1f42075be

    SHA1

    1939043e99a1240d24aad910fcbf98bfbdbb5e6c

    SHA256

    fe22c227babbd495105749bee46ea0212d037b74c75e59afc33a5759d94b37ce

    SHA512

    1a7d910ec25359691868b13224f65a9e46ad0ea4a0b12fade374430a1d5dbad155f3f0d3d71b43bf628ab1da4e100149bc235c161104c7495d858edb3bd81132

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7fa543824442b4ddd348204ff80bd5cd

    SHA1

    9a9c723dd71b701ec0b4e9e9c9cdb80c1644520a

    SHA256

    2efcbbdbff7af382d22cd6f4531bb22d920373c44168ce66b39230558399b6e3

    SHA512

    a909697f02e7dc37a093f57bf084f2fa1d7ab801490812b302c3b0ff26588e0a976f4afe65bef8ee81d78e4e4fb586d89f8f1f79e0bd3ea59a300f2e2b628d91

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf5aeb553d82b057eb9781d21c9cf830

    SHA1

    bab880788464e676ffe6ffb07ba3adb4d623c0d9

    SHA256

    4f68739274690d35438ea156507efe5952f59b5482a6abed617b2554339ba5eb

    SHA512

    2c0c68413563b4473f79a76aaad323f81018bf2708e1d1aa10e4506039075d037f5270a939ff6728f3630e8004c7b9b2e3438d34dd21c2f9e64246b8a1f18bab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f1936775df70ffc6ee4c424b0b267c8e

    SHA1

    29895ea901cb6d55d1741e6b5885e412c16d9228

    SHA256

    bcf618926a4b0b75d5fabc5f9f8a505a020f184b29437a2f41941600f4d3e9b2

    SHA512

    30ee4ec2fdfa5179ac8894d1535bd6109a938ba4166f2c55d31d5e274da8d3b02f346475dfd542ba9ef38b9c2b16823651abd45cd644be6d70478b14ae440f02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    22d27e18ca7e26b659efcb4cb469faac

    SHA1

    4b869c3350aa6e2de67261a823eb96cc09dc02ae

    SHA256

    f2cbf632fbad7466b4b292e493547eebf67743efd41e5b38c9d73c85e556d3fd

    SHA512

    cf6f979c4e038225a1b1217c1aa88479fd1f401081b0b1395e100dbd655112d604445ab38b9bbcecc7e98d91ffccdcca3b6d19b9278057edcee942edcb7f4876

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2396267ba76f10b396bec78be9d5194

    SHA1

    2b6756ceb4de7ecb64cf6c86de3a9f47c7d0aec1

    SHA256

    da5f6253669d5fbec75ea4aedd7826dd83481c6031f6d925678d1450ac22b4cb

    SHA512

    a080d55beb9c898a32113b7baa490e37d0f57603cccfef955e0d23b1e6b385196141d513389cb58e5c68304131b79cf5e39db4ec92691ba436b116b68ef342f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    380ada80e7a4b3a0d9cb37e83613f076

    SHA1

    3cba063a69e7eda0d0c38ce58ba5895f2ea80340

    SHA256

    716c69647957ce223e23741f25e15ecea0d15d2c352d06a9401f57a644dd2f32

    SHA512

    b857e448d9cbfa0bca5adabf05c0fa6fec75c11f2ce2ae3ebe514ff0f4583c6761ccb0a5719ea6297ccaf9559f72ebceb53182b0b9d356517e4afd96de768184

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\984.reg
    Filesize

    2KB

    MD5

    cc111e6e1a7900af3474b6f9e50fbe40

    SHA1

    b3d744183d24b6ec34b54e96939fc3261c20f86c

    SHA256

    920d5540ac5fc921e8516557305a34b96e54d6455ecffd8509f460c10f8bcbbb

    SHA512

    ec4c3cd4622cbd89d7a4a5b2939d600bf9b2f6a0eff5a38814ba223251c1ee54c8fa8dd04664e8d170eb2c74938794d8d856d7d55700577cc9b33c3d7d7bdcb1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\984.reg
    Filesize

    181B

    MD5

    9d6a89a0e8909362709eda9cc61276dd

    SHA1

    83d744703a3b6f982749918180bdc946e5d82f00

    SHA256

    2094f95a488eb1e3a1a87463e26dc401d7164f6f4c07aec05c4be2bbbd025d4c

    SHA512

    32466ec4f00a965602aedc7c2cba953ffc68757a3ab5e6e7a965027882e609d23fd3a301db0ad94d456a4cacaea02271afadb495795935e89aa823e4ccd24bec

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA9CA.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarAA78.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\a97171.bat
    Filesize

    8KB

    MD5

    6cecb0267a0de523981ae80c652d19d7

    SHA1

    0e7dbce5c778fc6a2cc45ca74fdf3bb7d2d9b806

    SHA256

    56e20093bdaf961edcb9eb281ea1e730f6ac4d1e4d7f9409ad1b6150cdf16ca3

    SHA512

    441b7bc8ffefba3961637d78c27d5d6dd19c189030af844ad1c2d19d212ddf516049a7cae3dabf68b655e46a7ae968f3f3927cc0c62e325e389103e0d97fa8a6

    Download Submit

  • memory/2904-63-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.