Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15/09/2024, 09:22

General

  • Target

    e229ff62afa93ddabd2a48c9165b2af6_JaffaCakes118.html

  • Size

    149KB

  • MD5

    e229ff62afa93ddabd2a48c9165b2af6

  • SHA1

    e13404376d438aa2a7b4082e8e5413af27eb365c

  • SHA256

    a6749c4f0fa00bf1d898dfd21fd208e6e11c0250531b13ecc130de7513f5834f

  • SHA512

    41c13dfc314e527e94d8426d6bd9a0ac5a20f362c0309c54c3528aced62e7935ee9eaf68d5e2ca32a733ba6e0ec3ec9a6717e8af485e9e8be04607c7eb7d0831

  • SSDEEP

    3072:vixufjKqmyfkMY+BES09JXAnyrZalI+YQ:LjRsMYod+X3oI+YQ

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e229ff62afa93ddabd2a48c9165b2af6_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2520 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dd05e596aab65909036cc6eebd49105a

    SHA1

    0129e12fe22a2a6b121cbc29d12fe6f2978002a3

    SHA256

    8fcf4e59ee27a7e95c6a16a6812845898a8e6f8cf187b64679af4ccc0a2127c7

    SHA512

    667efec485fed97d593e86fda64de66f6aaa608414d14cf0df3f8008101b654284ceca6b307a2f2a649293ca30c05989ce466149648e3a8dd6e78d41c81c69bd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f43e516f1008c006b9454f16fa715d41

    SHA1

    ff6609c40f0f9c30678799a7a86fcc664eff1d8d

    SHA256

    6e8e39457a322457616c8488d080de9f565183993b3870a2b4b454b042a8b227

    SHA512

    e8a9a7a6f92746188d3cb5258a5758c8a5bf859edaae54c15c2ec095382df0f89ed31853d4b390ccbbb6625549f2a4d46f2d1ac90a1efd0e068aa42b330ca51f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4ad9c1d86d3af80f54bc8b4e1a87fe7c

    SHA1

    353226521128de3c232c785b88761dc4e2083a14

    SHA256

    6f51f943ed6dbb7f7dcb3c9d7db477e8b6ccf10ca09d61f714636a5a070ea3ba

    SHA512

    7ade2672b6b17008800aa3544f748fc685eff9902b415fd34527830285e4b13809b416dc25f524652b4a4ca6f62d170a5b6456cc040a9360b682e485cf23ffde

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    733ec67b86e454b144a713dc78e73167

    SHA1

    396e4720585a5cca60251e5be043dd6d2fd8e8c4

    SHA256

    366b17a9c36b74bda1c0f10b475efe66b62320b8df3f495085b050f15a45abb4

    SHA512

    af92db1e09f0d9b5b1235cc8e701e1c2d40d14ed239c99923ec92f1944a8709396bfb21da6c43168081cb5b5819ab71cae330297a64cf8db122749c7f0b88c74

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ca67df218c6e25177e99ddabab9d26c0

    SHA1

    64893efe1a04626a53fd93c8e921aec8c8644e7f

    SHA256

    b6f12eb3b7870657716e9836533264647a4b6d9c6e063e8d4f5d1ee452f2094e

    SHA512

    2863440ad9b76d757af5fb32c4299c5a58607a4981d9c20c0aa61d9506e01921c8cbcb3765d8f933fca6137eaee22d0ee38614ac90147e2b9f6497a09547adcc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    eb407148c7c29763e5177e3ac8c0fd92

    SHA1

    6bafb581305efb5afb5800f46f09419a345379a1

    SHA256

    705d814239d73e584fbc7b9da8b1c5cfbf99f391366d35abd40003fd9a327e2a

    SHA512

    e3ec355405c06ed5d192077e6aec8511e7db53b79c2f0d95231119ff6d1231c57cb5ee0ac7788a15f90264262842e78340554c266ae3a280226e2c459219c0c5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    94bc119bde72c39835bf8b3b045842ae

    SHA1

    e274b7d6edaaedb91d8e0d2a66414c2deaf15b6f

    SHA256

    9e4b2b1c635af5d0c3b2d36f298833791c31102e44369424a52be63c85078378

    SHA512

    f2738de3caaac59236e00974b0df0af7f8a54471ef0856c2af682b6d175a8bf409e3fc9cc53ca3315068d24476a0168b2646eca2d88d51eaec95d8f285bca569

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    caf537f43e5fbe36af0b6ea7e5e43a64

    SHA1

    a463cfdd39cd5d038ea45726970df8f523444d59

    SHA256

    02f12b38c20969cf418b6bf7012f6b3e138c926098de3c9e13ec2a58d254eefb

    SHA512

    7fdd8188139b8d5bb0f316549ea46b20ce8fb5af8d1942b8b02d2b9d111e7708743795df0737522650576657aee7e68a49fa89262b4bc876a22777dee95f0588

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    958540548f85ddac946be997ebcb348b

    SHA1

    d3af28d8836b3f45b2963b028c95fd8599d960df

    SHA256

    19513b6797dcd4b8fba8285edff2eedf0ce993dbf73537c1ea465e98ae5adfff

    SHA512

    be8909aae47a7caf833760b1c60a62ce33388c9b209ba0b7992e2e98970fc08e015c4bd82705b1f1af33a222252d686e1002f0ee5aa9be4b80c3103576d0194c

  • C:\Users\Admin\AppData\Local\Temp\CabCD1F.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarCD31.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b