Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

eb9fe2fe38...18.exe

windows7-x64

7

eb9fe2fe38...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 15:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eb9fe2fe38c3ef87ceb72baba8b7e110_JaffaCakes118.exe

  • Size

    26KB

  • MD5

    eb9fe2fe38c3ef87ceb72baba8b7e110

  • SHA1

    17e12abefe7780a9fddf9f9b23f6a68b646c54e4

  • SHA256

    3cf911cac6b490ad18203af9dfed5873b0511dbf511ec1a64c17c1b4f4d95361

  • SHA512

    faa094799a8be7cce17d86ed1a86f5287cbd19b7f434e2c4a3d72da0604c6814ab0511b314ce919371cc18a762ee1999dc4117f1a61cb116e91d710ac95f28be

  • SSDEEP

    768:NujaQ+Cn/SIvAC0NtFCdZnnOHdnDZY9YaOi4nPz:NzQ+CnEtKoda9BZ4nb

Score
7/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eb9fe2fe38c3ef87ceb72baba8b7e110_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eb9fe2fe38c3ef87ceb72baba8b7e110_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2644
    • C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe" "http://flat.trafficadvance.net/AccessMySQL.IVRMobileEntra?D=11565&C=37&MP=41
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2668
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2756
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://flat.trafficadvance.net/AccessMySQL.IVRMobileEntra?D=11565&C=37&MP=41
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2664
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4a66a7bc82d38b6681cdeaecddb13e60

    SHA1

    656dbf7a2b22d8a105d00e503b27cb6702547f80

    SHA256

    ad4642c661abd0ca5b545e4a4c9a7bca2c43235524a8b52f229c93f1c8baf2ba

    SHA512

    19309f4ef3caad5e3db1549354f004b8b35af5d6b20353f695c8de94b97e81b38f9404c2f2ca10ca79ad36d713f53d748b37970124b7b4627a222cc72cce7936

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    542bbf5a61124ae70733568f4ecfa036

    SHA1

    8abd766ab5bc28409955a956cdbde3d6adcf3cfa

    SHA256

    de0abaf6a899b239c103cb92b3e11c6749983e5f1afc68b1a3be270acaa9eec7

    SHA512

    1e45ded0aab6740d84b09be7a4581ac9729051a86d46194677112349edd89d836c4b4689a7ed58358babb732801c0a6b1449df811fdd9360958fae5a45c5abf4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cfd5378be50bc51951fb8aedfa48a5e2

    SHA1

    1587715568335db67456392dc13c3f7f63cb158f

    SHA256

    92bc43b24a0f0542d95c9c6b63f2b0ce3de625384a537598a1d4dbbec9fcb456

    SHA512

    171feb9dce9b457a6bc30e96ad89ab73500abd0a93e74fe5392dfda063c3957577a844acf5c874bdc49d14fe0a573e455f1e12e5de75a2bf9a084dc0f2d50329

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fce2366b50e807941e0668b0588ae937

    SHA1

    4f9cd90defdacc2e638655c8d40579bc5fdbc3ba

    SHA256

    096dd5a4f09a88d385dc2f7e85cb0e9789138605a5ce437dd3735664cb38d99e

    SHA512

    a8b1daab59160061f645f33cecb017377ab78a08bb81ea6a4c07aaf078b97f75674ef5a14ee2ca5533b8398799248d5cc75bdd13d39a2a64d537ab53bb4e6d46

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ade4dbbfb750d837c5ec4872f6e41b32

    SHA1

    be8e4654cf9f03384fa4b4f24fe24649cb4e079c

    SHA256

    b35e3210c094e1f8ca5eaeba579d2ab7a29ed32ac3a22831f09cf8cacfc48f2f

    SHA512

    c5d25fdd3d9fe7363a3f0ae7d6e109aa9ce3be3b3eea3d88bea5f39e81b96d2b0dd6ab1bfc4e4c1529b2796f1b90918ac4c251585763bfcfef23271a8cee7a9f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da769ba063b8fb7305ca836c53988d8e

    SHA1

    ca58a9da6f836548e3b79fd040641c7ea72ee074

    SHA256

    d7fee8bb60b2410f9b65b86d8ee2a06b4d2d27d4bdce9887ac185d2ad3adf8af

    SHA512

    862842be016fcfcd67c5fefce46cb0b4bb5d2e33301bdfd8398deb5cd46957606c578c107ed93d348e0b7437466b52d8ec261633932e4a9303d0c30c6ab139bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    17e0bbb703313f519ce2952beb820b9a

    SHA1

    3fc553163ce2aa9eabb1b3096f4cd58a62069d56

    SHA256

    a5c81a29b77baa59db9a1298ca55a3bbbe94ebf9e8479a0e101832b370476410

    SHA512

    fe9248c8747cfb08a1004f00d506bfe279efa91e3e705e615139858dbeb3849c31a0d56e42c77159518b932a63155ab2fbdd214c3a6c45a078d0ac059b3eb646

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    600b6bdf636bfb74a0ded5f4da34552a

    SHA1

    eca94e5d2045ee80488f835f7a77b2d9c0719b39

    SHA256

    d183f091cb8a1d9c6bb7041070ae94b082d7e3f4b57282bec603896110c5d56c

    SHA512

    b20644d3e66111cbf271b08fda62e7ad2db66ee409f4fd3cd85a7412ce606836b5dc0a5ed0493d6fdf43d01bb5e94fc6c8f955c7ab6f6daf5fecc9273d206c8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73511778decd8610df38e55f085110e1

    SHA1

    cafe2413077f149619dc4741d038220c23443850

    SHA256

    5fa1ab84c1102736ce9efed98341289e8e17f795c9f70113df52c1691e49b492

    SHA512

    d7c812d002639ef77b3aaba9031c374b8b2444a97c73a3416fe3dd75011889c5e6fea507940525b4b12d593070b8a2a0c7f0c09ae06a0271bcdc8f291e4b17da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d95024e18ac9fcdf616fb7fca272dfe2

    SHA1

    9ea31e8c5982ca06d15751f76d1cef4bc9804275

    SHA256

    0b6d3e4be91bd3a79fb4137ed4ec844bfe40d0da1174c49b4ecdba0ef3983aa2

    SHA512

    fa0d63d2c046ce373981bc072b57dd1672a5e94dfca3bb4b4c1cf6f587e8d8b48761aa573710f9ea67f5af0c209929f133216aa69a75d32b15f0a5fdcee6a553

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    418d7c078a6222c5a1ceb4daff0528b0

    SHA1

    c9857dd63db5dc4c274958d3f39e7e8dea40aa0e

    SHA256

    ec989cdeb1b42b6098728029b5edcd282e37088d4959c019d01376822a35a4ef

    SHA512

    8e28e5225a7637bc1fa0b5bdd0fff38ccd6c13a94f3a768f0a577725a992d0f26c6aa5fcc59aac4a25cadbdbaab424f56030df235fcd396ed3f0ad25bc874505

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da4f691c30451102d00d92d907f3ab42

    SHA1

    515dddb32cec472788d2d019d3d17a651c52205c

    SHA256

    fb3b1722f0b58cf7dba491c4cd47c6d3f40830192d8308828c9a14485e71a4e2

    SHA512

    657a3a2fc7d6309e3bb00240ed2e4c7b87d3c0b57a512a8e8c6f9769de842c61d0f36418af11e7b3a07f90f840042b38a5de8b55515b9d3e4a4c3b7537f7a2d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    00ec56901c0f2cd9814af6ea52c7f54b

    SHA1

    3d801e5c59d776f506b1055dc1217f6bbdacc877

    SHA256

    0ad2653020fcd57093bc680c5179206822ba97d66b8f71c9dc4ac481a5710fed

    SHA512

    9b666a6bef1199d6531fa7ebb2f7a764d9500472a9bdadbc1ce74b4af5223257a2011d5d54b543ee40a059f6ea2eca36c1a64ff9dc88e5f169bf7d510095b48f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95c2b7ae6ac3c07b731730a4084d5fc1

    SHA1

    c622bdcc95193693e9446a60f956414da379aea8

    SHA256

    94400426c23256a1c88b73406dd66b1adc2afa309787782eb361143c06d4d2a4

    SHA512

    6f6ca8a6464c2674fd38c076b4802269d4bb95ea3c8cf7ca18918b52c0b3441f842c753751d3ccebfcefd6e33a77602e3964235d0221ecef95f75ec9a40339ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0bb7c1e16314dbeddb636e54c2f2aeb6

    SHA1

    469d3478eca94b5a92e281db59899c75f418d2b3

    SHA256

    bed0ada1554542f7f94cac6fc6fd0de792961c24c6e34cb8c5c722649a6094ee

    SHA512

    f59b7fad6ef52e6f64fbee82997945c1767ff4fab2b7e2478a5b9508dceef874fb71ff1082f9197871c6dc06e65126137a64d5f2cebe73b64e2c33b59ced7c77

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9594cceaec76a90535d9c88c85b302b7

    SHA1

    d35f8ccbb6cf1d25883dbe4aa6dcf03239eaac4f

    SHA256

    3c686cb5fed967f1936aa3881eab262a5fccf2273990a82ebed9f09e57800e46

    SHA512

    31b319de71baf7ad9adf069168f20ea31f6296a7024d10df0c6dc2a505e9bf699f9c997f649aec9fd57d7f3935bab3c747bd571214b3117a2e871e8c55aadf1c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6d1113b9fbe98f26e77a94905580c42

    SHA1

    a3bbc1c9f888263cf3d5abc1e21ed7d0a4f57d84

    SHA256

    93e566a896bf40b93c1a540aae8aa6bed8fcb618d54609f5f5396d4e1a614068

    SHA512

    e9897adf9b051d8dcafd0a6b88ad85c9f8eadfa2b5b32848cc86c600e325078ff4dfd23d02adaa39a4c3182ff588a17fd633b7535cada750edd18a1a16c1068b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cf85a78105a073d35e92e56ef4682d0f

    SHA1

    3a170a595097defa4cf2aac358ba4acaaf8e9b55

    SHA256

    0781c75bbaeaeb4bd883c8e1848156527307be8645ea87bdf20533ad45bd755d

    SHA512

    2db0893eb64c818888052fb4694e24bcb62b8b8e36e84db7a9ca7a7cf20c6f2addfea406ed8dc1f83bf72b9586755dc8a39cfd16d446f8adcc4a81f87601e437

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b420350941e73358644301f88e8aee58

    SHA1

    45515e6fe15fc9f39be33a06f670e3ae9baf3265

    SHA256

    e1dbd8f962719e3b3e3260cab5d4df1760e97ceff503093de3f9c8faf893c7c5

    SHA512

    83ecc3d3a34c3c1e921eb5ad658259db9c16bac66783a1f6decdd8d50f170d366a02f52a5abd5ee24ac49f0c46b3dea11814b3da0114b58c7e435c2e6229f08f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab35F1.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar36A0.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2644-7-0x0000000000010000-0x0000000000024000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2644-4-0x0000000000510000-0x0000000000517000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2644-0-0x0000000000010000-0x0000000000024000-memory.dmp

    Filesize

    80KB

    Download