Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
132s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
13/09/2024, 21:12
Static task
static1
Behavioral task
behavioral1
Sample
dee94838b42d4fa049ca73033b663050_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
dee94838b42d4fa049ca73033b663050_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
dee94838b42d4fa049ca73033b663050_JaffaCakes118.html
-
Size
162KB
-
MD5
dee94838b42d4fa049ca73033b663050
-
SHA1
adf9936f84fc1cec00121534c996b9002f2ad3f7
-
SHA256
0945931669ea18cf6c0f6b75e2e9e5dc473d7eb7da23424f3e644c481d01f438
-
SHA512
8f868baad2ae44f36115138e3046f3704e5f9be8fd4f02a93b92b765fefc6e5db85ae93f3051e33342a99df3eefc3934dfe8354688d0a2a56a6108869040f68f
-
SSDEEP
1536:QpUYJru0sJRjZyDStoibovSPTBioegjxR4Su6Oo4yoyosoG2R00M+V+A0zu6JA2d:QOYtu7jwW0gjnEKJmQ3CC
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432423814" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E112B251-7214-11EF-B36A-E62D5E492327} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1732 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1732 iexplore.exe 1732 iexplore.exe 2268 IEXPLORE.EXE 2268 IEXPLORE.EXE 2268 IEXPLORE.EXE 2268 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1732 wrote to memory of 2268 1732 iexplore.exe 30 PID 1732 wrote to memory of 2268 1732 iexplore.exe 30 PID 1732 wrote to memory of 2268 1732 iexplore.exe 30 PID 1732 wrote to memory of 2268 1732 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dee94838b42d4fa049ca73033b663050_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1732 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2268
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD561d00262de780a40a9b50928eb0485a9
SHA1cc04183f30446721c98b2894742c3eb174f49302
SHA2560b0b2b50112432498b258ba56e9e21c89f625f28d3fe964f2edc8cc827f78884
SHA512e33190098a4506cb4834452e884aa748f0efb0ac27e3539b0f4158061c8b8c6298f2456ce4dbbd5d3e3eb1b2dd099091c6f6cfb61a8ba5df527015a64bcf9e51
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d15c438106d1e1dff78232196e6b8238
SHA1c8ee0552b53a553f25b53c4b12adaacbc3ee50bf
SHA256bd9786eb9986db493f514ed5c666878ae9f38bc5829e34f331445dc4442277b2
SHA51271ced4cbb6d82154de828203558a86c360b233e328a496811599e739a59a1e19c81b18876e3f9aa0a5fb99362f1a353973a50ac69f809b0c58fbcf10a6e4b35d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dfc3ca1f7ddcaed9ba182f80a4ccea9c
SHA118737176896ecccbef124fa135b44f8531a38838
SHA256d7171d0070849427a2e50c42548973b4e48820fe0212d4841e3f7150a770b076
SHA5129cf5e0d71d37e8a25d3b1adfe280e376ef2c24ccadd8f955a2b2e6ab3b530a9fb8ed01fb956ad2733c94745aabfe8dc7fd74c93652432df55effb77b41e14f01
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a3858ca483463bbcd282271afe5bb74a
SHA1eee8943c59ff8184e426a9145eec7d14972f41b1
SHA2569996382a7445fe7f59a22daf5663a3ed6e5c2d47d499f7f72eac15c94cfdc8b4
SHA512df1da79483259010e4e457b88943fb13216baf204862673027a6595bfe2a0656540558e1e6c03025bd86eba2ed2098893dbc3bb8a0a5dbc031b9c83982d37151
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5871b08574042002880cb373130d659ce
SHA12f69f695e43c4206af7168b5570c4dba93549152
SHA25643ce03c998b798972dab2453551a19be9d81338975552b753cb715ec35a95381
SHA512f540749947a9589870e05b0c9f951911419a007300b31bad734aecb4465958008ff547638ed16cb15c09d02d45a8651b478547630f458561e1f468557dd7d39e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD559d9d8ef4b83e0866c1555625d8b80a1
SHA1b2b0a202100a42bf431bd0bb1bc9a10ac720f142
SHA256a2cdc60aded6e1072eff0fd314c0e48661e50877d3565b9514c8eadd7b8c43fc
SHA512a2a9f7025493dde464a0499dbf74981b67bf9c1394cd0f78d9357ff8af5e30990d808c8f87ad8aa39a017656ceb0fb1b259cb6dd3f5cf6849b2cba339fd31c43
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a0ce2b3fde2d3d22e359dc421b4747b9
SHA118a6d787b7f8f2bd3ecd040b244ccf56491b6830
SHA256d5031b07f1041f4911ef17b0836d474d42d0c9da54a1c97c62729b3c922b6737
SHA51221d42a8d2a0190152833c5ca5aa379a3e277583190e88ddf56c2f3f868fd72464ad726f3914f0f462bbe10998439549f14752cbf44becb8ed4dfc9fec5bc2ceb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d777f7428ab4080c750f95504bfb7d9e
SHA13a4496077259c09f91589a2901204dbbf5a2d01a
SHA2560039745c397c45151622f010475765d64c8d20b84f69aea95e99737237f3a242
SHA5124033e46491db385bb458e7e5337ff07bca57cc305a0fd8e9bacf43e58d61b325294cba0283e7bc90568e39af18b3f1968cdcd29c057532d4acda9ddbb0bd0ce6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51e6ccaa61517388c30fd46b7b17e94d9
SHA183ff158507b0aff43dfc9ac855d99bf587bc448b
SHA25619afb794f0a742f4a5ca29ed2340f7f832026b58202df31cec8dddf40c84769d
SHA5123db15496cb35741226f5bd754c0eacc80c81f332071f8585ed9bb0f0a41330d3d4cbd89bdbd77d2f5ac5c2cf2f6f8d75220d90abba7378cbbd9cfd072ad4a08f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52ac644b764b3473a565886118819a530
SHA1f8472698529c27f8d67cd3415efc56d5235830ac
SHA25606d213044f8dfc848575a4522c313d1141b8a2b9a33e1072839701d492f4899d
SHA5123db24c49d9328844eefff0ba3e8444811cbcece4fc4eefece5a04e57a57baab8375f8036a9699e79f61276529617e4f1d81c7ddf40ebfd4f775d3ad8b9afd4f1
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOGPI1N2\cb=gapi[1].js
Filesize66KB
MD5aa012028297a26c039c37ab25a4bd17a
SHA125f23d01b5f580c00778e1c010225e5b8c73b66c
SHA25655cd2316edf7159b623e4ec2c9e3a334027c01e2d1cc386f833ebcd35ed87b38
SHA512d346eb082674fc26d562da9a12f36ad2cc7db1f1b35c891a8734284cf1bd052a967137c1281982070688b2bb2e06c7f4967d1c9397311a31a11a8560b9c45fd5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b