Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
12/09/2024, 13:02
Static task
static1
Behavioral task
behavioral1
Sample
dc546b2bcce3112ddcd2a517f2a56b97_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
dc546b2bcce3112ddcd2a517f2a56b97_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
dc546b2bcce3112ddcd2a517f2a56b97_JaffaCakes118.html
-
Size
19KB
-
MD5
dc546b2bcce3112ddcd2a517f2a56b97
-
SHA1
10b225c56f734a55823677dd9d3c17650f0ca50a
-
SHA256
40d89331903312378724c1f9ee0776fb00af46db4c5bfc46fbf39b6d73ce5e56
-
SHA512
db3e7e965b1d1a168b57bde7eedecf4406ce93b0c234a45cd9ca749dad70873fc127d754a64589e5d624b5de997f9c85a35560f734d68861f7882b53696412d8
-
SSDEEP
192:SIM3t0I5fo9cOQivXQWxZxdkVSoAIQ4WzUnjBhSU82qDB8:SIMd0I5nO9HLsvSXxDB8
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432308016" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{42F2B9C1-7107-11EF-8C8D-7E918DD97D05} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 576 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 576 iexplore.exe 576 iexplore.exe 560 IEXPLORE.EXE 560 IEXPLORE.EXE 560 IEXPLORE.EXE 560 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 576 wrote to memory of 560 576 iexplore.exe 31 PID 576 wrote to memory of 560 576 iexplore.exe 31 PID 576 wrote to memory of 560 576 iexplore.exe 31 PID 576 wrote to memory of 560 576 iexplore.exe 31
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dc546b2bcce3112ddcd2a517f2a56b97_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:576 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:576 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:560
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5303279a5ba4583821ee3ad1f008eb8c0
SHA1cce0626df4f4251df138ad3c8e8fe576cd1d764f
SHA25644a62ec6e4e4d52afb526828fdc8b7e47cbc28ef959d974c5973395256da36d1
SHA5127bccb42fd37864ffa419a0af91a1e9df96a2d9350e2dab6664401083465b970e2601fc2fdf755a0e1876e89bdfb291258d62b597629180197138be226ece7001
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD578caa20b3020d1a76dfe6439364894dd
SHA185d80145a6948b67d6c4cce94e3dce2c6e5d37bd
SHA25670c4af32d0ca14d53770e5e1aab03e368b02b22303b6521f0b0b1d85d1d2553b
SHA512cebdb4c1819d6a9aa31918bd1dfe32d9d1dbbd4160e5968993200786558c1f7a06bec500dafb58581057d139fac93a2149704c3235b5eb147680f33035a0c990
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55f9e2ed31383d0f4ef4721643df1fa10
SHA1a6534643f9e59cb68ffd2c804b967d7644d5089d
SHA2560359b91142433b1461391288e3c7cb22b4066bd29c4fd814a2422fab06d83753
SHA512d06ea7b669bccccc56dd0807db968ed4a3e2196f1a68b7a6c319bf030f3ccb777eda82fdfa97f3d6f87d95bf3d264834f055afa36840efe7236d90bdab4f4b0a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD550f78a430a0d556267e56064655eb5d4
SHA124e64d025e238e5d5d25d39e0816cfd3b84fa259
SHA256ffe3809ab912b41de7806ef368261fe39aeb2fcf4f42eaf224354ec617a4444d
SHA5125cdeb943d291f98d3cd8dfab4a01e21c6613fe558d506b1ad2dbd5c03817403e73f6d8921ddd072e7ebbb46b8c677b99db530c3bd9fa35b5215a5e132033c356
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD594fa56ecf020ba8fd4fe066c8678e97b
SHA11f3de4da1bbd36efdd6974641e4625cf3db4d6eb
SHA256d5fc26aa47140cfbe413cda072563349e62c48528183406fd8ac96f6e1287575
SHA512f60e8bd05da97393d6f1201291a97ab1e2c1306a523cded65bce4f02172dc3a76ca24db89aa0364cc0bef7c403b91f6a48d8f573fcf25c523c82333552ec8dca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52a48c83a07b8559f9393a18a0ef3631f
SHA14eea3f0e3c766a6f3b66ce1d108eec1c05c8fa4c
SHA256795ab09f3ee28439e2a881756cfc21a84c2b90f8a9bd9812ac99ff96449bc145
SHA512f8c3c76138ed80fba2d0077977ac05d2276b84c41943c1af75c1bb2eb1eb9a40c700b3393a0fbb9272e33fb491a1339c59edf7bd421fda4ca8fa12a88d5a8fd4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b71281f3d09f89895d314273776b6a1f
SHA1407b490849b51f430729f6be697e710aa9ff4092
SHA25626435f3b9c23a975f9e957ed3b0d6a1350f03110ba96498c174aa6abacccd52c
SHA5126f024e6d887e3fff37ceaa1cd793cfd6f2b53b460ab07aff2dee3cf5b0db685712caa36d00b5b23177378c60a3e4c9807e5063ce63d337d126b1853dd9e6affa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52bfad9e6f675b7104627273a76eb6598
SHA120c66004a95ec9527ec3a01738560c3fa8c2de66
SHA25653f058e6e7d2c06d3f25b02da712a24b543750c6b6424b6cfb5b8c250e6dcfe9
SHA5126ca961ecb6532a7fe8d73f170c78240fb68e541dc394e016311b2f31d971d3ce02d10cf47f1ad9fd0e2a831805fbfb386f1813182c4d5bdc99cdf07386496eb5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5903c3fa0b073d61adbe4f0c837e17e8f
SHA116ba6c53f93f8de56de2bc22424381be2a0ffca6
SHA2567decc353f799e3d7fd3af7cb409991a471fe09ce97578aafa2bba15d2131f67b
SHA5122173eb703c2368f89830e284cb9e343ae87c9f04cf88d8fd22fb17d2cacc7139b954f0f06d0738e419fb3abb737f4f42e26be0406326bdefd50fe51468d94f35
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b