Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
15/09/2024, 09:22
Static task
static1
Behavioral task
behavioral1
Sample
e229ff62afa93ddabd2a48c9165b2af6_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e229ff62afa93ddabd2a48c9165b2af6_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
e229ff62afa93ddabd2a48c9165b2af6_JaffaCakes118.html
-
Size
149KB
-
MD5
e229ff62afa93ddabd2a48c9165b2af6
-
SHA1
e13404376d438aa2a7b4082e8e5413af27eb365c
-
SHA256
a6749c4f0fa00bf1d898dfd21fd208e6e11c0250531b13ecc130de7513f5834f
-
SHA512
41c13dfc314e527e94d8426d6bd9a0ac5a20f362c0309c54c3528aced62e7935ee9eaf68d5e2ca32a733ba6e0ec3ec9a6717e8af485e9e8be04607c7eb7d0831
-
SSDEEP
3072:vixufjKqmyfkMY+BES09JXAnyrZalI+YQ:LjRsMYod+X3oI+YQ
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432554004" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FFCA5561-7343-11EF-BBD1-D686196AC2C0} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2548 IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2520 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2520 iexplore.exe 2520 iexplore.exe 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2520 wrote to memory of 2548 2520 iexplore.exe 31 PID 2520 wrote to memory of 2548 2520 iexplore.exe 31 PID 2520 wrote to memory of 2548 2520 iexplore.exe 31 PID 2520 wrote to memory of 2548 2520 iexplore.exe 31
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e229ff62afa93ddabd2a48c9165b2af6_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2520 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2520 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2548
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dd05e596aab65909036cc6eebd49105a
SHA10129e12fe22a2a6b121cbc29d12fe6f2978002a3
SHA2568fcf4e59ee27a7e95c6a16a6812845898a8e6f8cf187b64679af4ccc0a2127c7
SHA512667efec485fed97d593e86fda64de66f6aaa608414d14cf0df3f8008101b654284ceca6b307a2f2a649293ca30c05989ce466149648e3a8dd6e78d41c81c69bd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f43e516f1008c006b9454f16fa715d41
SHA1ff6609c40f0f9c30678799a7a86fcc664eff1d8d
SHA2566e8e39457a322457616c8488d080de9f565183993b3870a2b4b454b042a8b227
SHA512e8a9a7a6f92746188d3cb5258a5758c8a5bf859edaae54c15c2ec095382df0f89ed31853d4b390ccbbb6625549f2a4d46f2d1ac90a1efd0e068aa42b330ca51f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54ad9c1d86d3af80f54bc8b4e1a87fe7c
SHA1353226521128de3c232c785b88761dc4e2083a14
SHA2566f51f943ed6dbb7f7dcb3c9d7db477e8b6ccf10ca09d61f714636a5a070ea3ba
SHA5127ade2672b6b17008800aa3544f748fc685eff9902b415fd34527830285e4b13809b416dc25f524652b4a4ca6f62d170a5b6456cc040a9360b682e485cf23ffde
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5733ec67b86e454b144a713dc78e73167
SHA1396e4720585a5cca60251e5be043dd6d2fd8e8c4
SHA256366b17a9c36b74bda1c0f10b475efe66b62320b8df3f495085b050f15a45abb4
SHA512af92db1e09f0d9b5b1235cc8e701e1c2d40d14ed239c99923ec92f1944a8709396bfb21da6c43168081cb5b5819ab71cae330297a64cf8db122749c7f0b88c74
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ca67df218c6e25177e99ddabab9d26c0
SHA164893efe1a04626a53fd93c8e921aec8c8644e7f
SHA256b6f12eb3b7870657716e9836533264647a4b6d9c6e063e8d4f5d1ee452f2094e
SHA5122863440ad9b76d757af5fb32c4299c5a58607a4981d9c20c0aa61d9506e01921c8cbcb3765d8f933fca6137eaee22d0ee38614ac90147e2b9f6497a09547adcc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eb407148c7c29763e5177e3ac8c0fd92
SHA16bafb581305efb5afb5800f46f09419a345379a1
SHA256705d814239d73e584fbc7b9da8b1c5cfbf99f391366d35abd40003fd9a327e2a
SHA512e3ec355405c06ed5d192077e6aec8511e7db53b79c2f0d95231119ff6d1231c57cb5ee0ac7788a15f90264262842e78340554c266ae3a280226e2c459219c0c5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD594bc119bde72c39835bf8b3b045842ae
SHA1e274b7d6edaaedb91d8e0d2a66414c2deaf15b6f
SHA2569e4b2b1c635af5d0c3b2d36f298833791c31102e44369424a52be63c85078378
SHA512f2738de3caaac59236e00974b0df0af7f8a54471ef0856c2af682b6d175a8bf409e3fc9cc53ca3315068d24476a0168b2646eca2d88d51eaec95d8f285bca569
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5caf537f43e5fbe36af0b6ea7e5e43a64
SHA1a463cfdd39cd5d038ea45726970df8f523444d59
SHA25602f12b38c20969cf418b6bf7012f6b3e138c926098de3c9e13ec2a58d254eefb
SHA5127fdd8188139b8d5bb0f316549ea46b20ce8fb5af8d1942b8b02d2b9d111e7708743795df0737522650576657aee7e68a49fa89262b4bc876a22777dee95f0588
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5958540548f85ddac946be997ebcb348b
SHA1d3af28d8836b3f45b2963b028c95fd8599d960df
SHA25619513b6797dcd4b8fba8285edff2eedf0ce993dbf73537c1ea465e98ae5adfff
SHA512be8909aae47a7caf833760b1c60a62ce33388c9b209ba0b7992e2e98970fc08e015c4bd82705b1f1af33a222252d686e1002f0ee5aa9be4b80c3103576d0194c
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b