Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
130s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
12/09/2024, 03:49
Static task
static1
Behavioral task
behavioral1
Sample
dbc21acf503483a2fb05f55faebcba18_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
dbc21acf503483a2fb05f55faebcba18_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
dbc21acf503483a2fb05f55faebcba18_JaffaCakes118.html
-
Size
18KB
-
MD5
dbc21acf503483a2fb05f55faebcba18
-
SHA1
1ffc91d5fbe736b3502200a97a02c41fb0472057
-
SHA256
2b7b4306afb369f1e3265975462ace76e553a2064299b1c5e9f8d67260674db4
-
SHA512
099a94b8c183d346d9612f37e9f79156a0651fa84872af69ccff03328b7b221870d7e32147c2c2a04b448a4ff6dad69c3433136ad4ab38fe3264dc022425cd05
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAgZ4BzUnjBhPh82qDB8:SIMd0I5nvHdsvPqxDB8
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432274829" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FE7CC081-70B9-11EF-856C-4E0B11BE40FD} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2904 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2904 iexplore.exe 2904 iexplore.exe 1632 IEXPLORE.EXE 1632 IEXPLORE.EXE 1632 IEXPLORE.EXE 1632 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2904 wrote to memory of 1632 2904 iexplore.exe 30 PID 2904 wrote to memory of 1632 2904 iexplore.exe 30 PID 2904 wrote to memory of 1632 2904 iexplore.exe 30 PID 2904 wrote to memory of 1632 2904 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dbc21acf503483a2fb05f55faebcba18_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2904 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2904 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1632
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD585db96af9b9a74f8fd475884a1408565
SHA15bd67c6547311569dd34e209d7a505af2889c1a0
SHA2566a2b3387c96346a5f0dbebfafa73d1c83a7bdd9f16720903aec9019519b84596
SHA512b5b6bd143bea74cfbdfb12f0c2942d9219914b27843f01bb4438153d997faa1ef40781ee47f41cfcdc942636a77bd659b79c43de9cc7938bb5bcd8c705c90989
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD599674a4da8da27f285843aed772c799c
SHA1513eb01e1d7a48325a4c4eb8d1f03b74e32cb9f4
SHA256830b040c8d1ee89960ed7313a4aff710a9593c2942700682544b320cc08a7e34
SHA51274aead1747bf3b03b83184aa35f7cf5dc1ffe03955d89838e3e1bfa4eeb51a5c9141c7a13f454df37106e99f4e8da74c0600e5049b627389ba472f94336e04f0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5344a1acc73d93d46d63d64495d38b2fc
SHA1e48d740fc40e34dae66d7e84b068c275db86475f
SHA256df4d28b8375535961cbebcf5e324b8526cfc68aa481722d6c87257ed14fb82e9
SHA51250cd47030fcb72c5d3705332d5963389d2ceb8c72d2a18d62ae3ba31f9088aff02a91faa955436e1a854c8f21ba17269b9e740e600a858a19a42415c5d67a4c1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5687ab728b96d916b4fbb1c2978e803ca
SHA12917c8d8d07f04b3536191ae894dec20b33499d6
SHA25690961f64e77ef59d756e1a4d6fbfdc84f445462507b7c9b4c3075260750561d7
SHA512e7f13d34faa4a16f85ac7984fa73a4f6f23767bc758121334f22bf9d08ac6b232ccd4650b242241d010624c4789a755e303f813341ef041c9f36619bf5c5c9b8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a8b3a57f79411bf1012d1829249a397d
SHA17391a520525766a8054a8bb7561481d5ecc6750c
SHA256e6581c8d069adf4ddefe2bb746b9035a82b7932aca7379adcb90c3416c162049
SHA512983796dda367fc334ecef2cbef9d072492d7d8aa54899476d5eb3ff5339e307f22120bda171956a2b4a2435546417e2e9821c38cc7603d698df526461115e7d4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD540e02bdcf564571f25914dc0c656731e
SHA1f48d46af80fb2950bc313099fc355414245bb9db
SHA25643aa7a954c4a7bf3c0c7732d07a9600e1e0459ceec84fb2682df28ed716b4662
SHA5127a7e6761a8c7d45d07c014dca93c5bf4f486aa28005a5ab7500c555bebbc669bd68542f711661e9912639a9a6451a017f3c183226a94c16490dff7ae4932913c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50bfdd88d6ce0da0b7efaa7073212a23b
SHA1b5fd180468499c208ffc4c3e7b956798a51000d4
SHA256948a1198e41270a0fb75cba76fa297f43dba2c3f681e6f7a177de1c174c2bd39
SHA5128b4fedb2bdcd1e04f204c4da10eaab5e6e933e8366d51076b1248ef0f4785739d7cd8b51c650ae904e6e4a20f0ead932ff699adc8bdfa4d41621792f2250cb9c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d63221be802dc2952510f3ac29cf0888
SHA1e6236ed975f0578244a01a8d39e9ba91626570c0
SHA2563bf218ebb097e65ec49752182fbfd41ac9ab884f2b2ed5218d5805790384200d
SHA51296cae1ddac000f0fe2a7d88b7c558bdfc1dd3ad3108c959935d73e1903e59844fefef74ffcdc6e40f495a9c5248ad01688afdbd917768eb82f51e8966a65e968
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD595762767029345b033b0d3e5a005c503
SHA17c699727eb6c925d0120c77c8556d912710fd32c
SHA25673d0b342b1046a2ce3a3075beba82175362430ece248146cb8f7d0b3dd744e13
SHA512b0c9037dc789bd6437f64cfc786ac0a02ff09cf8320000b42d8c1656b11290ba0c8379da52a11fd12ba1e51d37fa2b99daa4d897689f0817fd2daff44b8c3f56
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b