Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    13s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 16:58

General

  • Target

    f03de4eb3fe357252988d27cfdfcea8a_JaffaCakes118.exe

  • Size

    439KB

  • MD5

    f03de4eb3fe357252988d27cfdfcea8a

  • SHA1

    de6c1e6602dd6fa8ae3838b3bb945c5dd14fe76d

  • SHA256

    37a9e383f3c4374c2d1d93036e5fb14fc8e18112a888580d2165c0619b3f4a0d

  • SHA512

    68a651543d6a1adb76ddd54e7e6a5047b94c6666e848f56ead880a142b2401c4505cc10b12e4de08d0cfd3c1a626f5a949b9a1d8b10a76eeac7f27d294815f08

  • SSDEEP

    12288:6xBrte102j3bdINgI/RMqIzyZlHNdJtdPQ5meaqC54:67r2hQp/DOy35tdP3exCy

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f03de4eb3fe357252988d27cfdfcea8a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f03de4eb3fe357252988d27cfdfcea8a_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:904

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files (x86)\PricePeep\pricepeep.dll

    Filesize

    472KB

    MD5

    f819dbda954138c942d2432e6194770c

    SHA1

    55a9b245b5e0589f995aad5b3107b3442c6132b4

    SHA256

    a7f29436b45c6901ecaab7437389736ab48117e8a3685c3d7642feb4b1860eab

    SHA512

    152a337e80ae20a81af2486b556cc055b97e829d436d11ee28f23ae2fee48d66e974fcf43016590929e6e9393b1ed7e5123fc66e86e143d98132895beee46bbf

  • \Users\Admin\AppData\Local\Temp\nse978F.tmp\System.dll

    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

  • \Users\Admin\AppData\Local\Temp\nse978F.tmp\UAC.dll

    Filesize

    17KB

    MD5

    88ad3fd90fc52ac3ee0441a38400a384

    SHA1

    08bc9e1f5951b54126b5c3c769e3eaed42f3d10b

    SHA256

    e58884695378cf02715373928bb8ade270baf03144369463f505c3b3808cbc42

    SHA512

    359496f571e6fa2ec4c5ab5bd1d35d1330586f624228713ae55c65a69e07d8623022ef54337c22c3aab558a9b74d9977c8436f5fea4194899d9ef3ffd74e7dbb

  • \Users\Admin\AppData\Local\Temp\nse978F.tmp\inetc.dll

    Filesize

    20KB

    MD5

    4c01fdfd2b57b32046b3b3635a4f4df8

    SHA1

    e0af8e418cbe2b2783b5de93279a3b5dcb73490e

    SHA256

    b98e21645910f82b328f30c644b86c112969b42697e797671647b09eb40ad014

    SHA512

    cbd354536e2a970d31ba69024208673b1dc56603ad604ff17c5840b4371958fc22bafd90040ae3fb19ae9c248b2cfce08d0bc73cc93481f02c73b86dbc0697b2