Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

dcbd5cd714...18.exe

windows7-x64

3

dcbd5cd714...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    12/09/2024, 17:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dcbd5cd714ab4e5a4a0a3c301238dfbb_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    dcbd5cd714ab4e5a4a0a3c301238dfbb

  • SHA1

    22e7619019a9dc3210743fc5f78b7f3f96bd6686

  • SHA256

    aeac438f399b83b1c3c345dcc1f22e6df0d393281f8c72f63a4830b89d9e560a

  • SHA512

    a4261310e9e30a1f38ff59c73ad6aca0c41cccc76b90fc2a8a62e73c66ddfa621ec0a2cbb5ae1c2802832e978ccd2d8326b1112b5f4082617b6d35eccf5131f8

  • SSDEEP

    384:XeQh2vDZIPYD+iaj/aR3oj2JX69lniCP8yY40:X72diiaj2xhE8yY

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dcbd5cd714ab4e5a4a0a3c301238dfbb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dcbd5cd714ab4e5a4a0a3c301238dfbb_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://125.64.16.175/login1.asp?QQNumber=10001&QQPassWord=10001
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2808
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2808 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3f69df52020f4f3f231284a1e3292a68

    SHA1

    13964cd6d07e592cec29726270c622f491537370

    SHA256

    439cdcfdeb25be34f40cb6e39c96c1e17abe0c22406f92f09495661e7d1afbcf

    SHA512

    124cdc885a72080095e61ea0cc660cbdfd9e0a966b6c8d9af54bf23b144f10c24afa61a5f4ba3da9e200fb08d845e0f3c944fdf543ca6c7944658882880e0d2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c777b167c886f7969e9e38f863bd322

    SHA1

    bc3f9754a171a2dd084b477840d99bb6704b2ad0

    SHA256

    31f13a0f8d979240210e31040ae3ddfbf8160d4a10aad41538407c861bfde9fd

    SHA512

    8ff0bd42aa0cfedefba81cdace5e8d13483b80fbf32cdb3552d38ddcb84d026b78a0d78aa67398b1103cdc184a4ad67efab85ec23aeb480bc54b66f2e2c3a78b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    58eba3ebe961ed02663d737400c80f80

    SHA1

    b217407bd3b0737461f07dda93e2c85bd70cef0f

    SHA256

    2c7beb731eabf198388b82eb93775778bedf5b5976a246017737557d8961ea1f

    SHA512

    fdedb1a54a30f0d01cd08951ec0919f3c1ca59e69803c8bfa34027627ca5be3ac4e289004ed393384848a267832614c903afe1c9d16d8cc7f0bd1d47476031be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2e3fa6b570143b25c5c64b677f6e2aa

    SHA1

    860b1251ae423b3652c4113ae2b7655d3cb6ef1e

    SHA256

    9b9d6b87c9e976bd51d35634b2845269b7443eb29f2b1065a4864920a9649e35

    SHA512

    79a2b7f914d231346afad253c28998099b46a6263822b05f5fad7749bdd379ac5cf47c88d74644252c856411f5f7ccee78f6d5c9c63d7f59d1aa103cf3b8d386

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    25604442c360652a590091633e9e7ca1

    SHA1

    73e03c91322af2c414a1114c1eee3cce79fd2616

    SHA256

    1ac18193379b60066c0659776bbf4d59dc8dd12a3aef24b221e95b1144fc6447

    SHA512

    a999688d197bdeb9083a82fed7aea607ad86c61fe4be8a0cc5ef2a400a655042518c6ee25bf4987b4988020f3ebb2494060a9ec02fe4b028b124617eda4d4967

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c33eaebf232ac6f50fcffb3c6509c12e

    SHA1

    5e63345fd36328e0d3146215257422f36ee6ee63

    SHA256

    6e2ed3f86c2d486cd6f79f5ec1c051cad7f117a6a2a558db2504bc7f2efa799a

    SHA512

    32b3bb5fcf04fc37922532a3700bc3dca1b1128cee30e5ab6867e69d67aa0f3f2d86d3d56a55bb11961750a22ee846ef13d427a44ab09caea5d62d2bf927e167

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    84aa869523db34e36af1185b6d6fb805

    SHA1

    30941e4384f8929df68f36f55c6b7855b79e0656

    SHA256

    cf84990b17c956882da224a70182e5fceabca80feddf68a9c60b5202d1b8ed47

    SHA512

    553c3e9fab61a4e5eba24bc758ca531a64c7a957e2a3851319e7cce1772eec49cb5f9131852b24af09bcbe0c1572b71724d8841be7f6f45e34208ac25c51745b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f1285f4ea08450344358cffa0db7b14

    SHA1

    69e534bf021602cc3885ac8d1d504999b3cdf318

    SHA256

    55b832d26aaeb6a751568898ba47d15b9f2f22dc028fedd095ea4e4338fd374b

    SHA512

    2d3e52d57f183e2c762ee11b90a4a83cc23b551045a58e1a232017e06ff643b043a7388f23c5426423c2f74c9dfdbcf63a7916d94280afd7f9a4c308e24c315a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    14c8fb0ea1c1745230cfd364d2e57533

    SHA1

    4cbe12384cc8eed4f1b94c83b23db496ed4e4279

    SHA256

    4af7094781dc79704b6b032f3d01f14099e52c92694356b5f7f000e0dbfb7213

    SHA512

    2bb0e8cdff2266a445cbf960fac1d564499635600d60377e78a7951db83b60ac44e851f1733aac89a575870320e018f18809c7febaaeb1ed08bf8a5339ccf386

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db6441db08193cd9144de4c61e807142

    SHA1

    550d533d437e35af9ce60c323e5cb30ea8b927b1

    SHA256

    8dbbb98655511e54c42fa3c9a55475b3338c8eb53a3c5507c53363929f23efd1

    SHA512

    36eb9035263e6686652dfc3c030ba90dd9817178cf2da38b22fa524cea86c417c9c3091e119e5c097be9f21d6e8cb940ac23f1cbad0625ae71bdfb952cbd0f94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    957f6f7228c3667e563bbf055e968809

    SHA1

    0c7a5099801a73c37a9043ee7d7f212f8679bab3

    SHA256

    46cc68ccfde60242a571c2fbbbd4952c04a932a71e734fbcd4b7d79461fca57a

    SHA512

    8fb0af95b766c3e81562ce4d5dfd58fe75368795361755647bef6936cb8c0f9fc382bc77300519dccfe8e3d53a684ae80de86f4ddbba590cf7e1115e5da77e3b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d2a432f016fd6a3e297be1e74b72c402

    SHA1

    7073a898bcbf1c5bee012064019f4739f7db94d4

    SHA256

    3bf4a23a72d880145e9f60caa37c6d3a2c21d27c65dcffce66a0189574bf0f12

    SHA512

    a44dbd874eeba96d9221de3fd1933c7a84a1b4e80f9669b05f967c99bde9a2158f36233f2e1ed3efa24c499dc4e4f44e9987f2326c119535ca9832e9cbe6f7c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f307d6e99f0fbf418a462f5139f4c635

    SHA1

    fb3edfdf94f42ad1379e8a4f14d829d5b3cef538

    SHA256

    83d69198e5d0a51337f8481cced0db8ede0a46d20134a8f73ba98ab3b9d98b0f

    SHA512

    ad4b0e3d9a967a0861329b332b0321277738beb3474bab5757515d15931d60e26d2bca1ab30a2ff3d2ee011467c51ef1c8190c5823f518baa172ef17855f3645

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc910bb44af9da945c00ead8b648694f

    SHA1

    21b95ec7fa2b24e7924fbead1cb06054ee3914bf

    SHA256

    fd572cc4c46c79caeaa12118e829840379ff4f58ce5a365b661b8bfed543ada5

    SHA512

    e3b48aec0f7a27ba0905abd461283ae3967bc1fcce7d89d9a57e90d660762c45fc65826a0be2e3f128816ff2ab79dbe7c72c1af2c557f2bdb7b3d8908e1da7dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f951c2c11530f038a8766c7df25eadee

    SHA1

    aaa44ce0261576d1d7882a48dae6a302cf37e3e3

    SHA256

    e024f117d2d0417b8d7d10bdb25fdea77928152b3e34b1837f40198e313ea575

    SHA512

    9d4a47a1b150cf09219b73cf4e07639e0d777faad8b789005f9912ad8f907480a378bb72baff125bcb06a3f66f1408f715bc502066c23d95a805aaa46dbb61eb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabAB11.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarABCF.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2192-0-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2192-1-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2192-2-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download