Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

078e13b6f0...18.exe

windows7-x64

7

078e13b6f0...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

partner67.exe

windows7-x64

7

partner67.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01/10/2024, 21:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    078e13b6f025ba620001b0e49b170157_JaffaCakes118.exe

  • Size

    196KB

  • MD5

    078e13b6f025ba620001b0e49b170157

  • SHA1

    bfc3da294e06acebbbfbb67535600375f1ab321f

  • SHA256

    a953b96b3a2a0e7a5f864dba710e7b27b4bcb4b938f314ee34ce42d1a023712f

  • SHA512

    6c2f4c222699e6d4c5fdd328a5be97a68bffa3bf8e02bf154d86f9a09ce9e0702f1ec0aa32ab2f4a86a01dde7dbb1f6f5fbd3249ed2532e3834b6c855305d265

  • SSDEEP

    3072:AQIURTXJWNrYp0nu1sWEJ01ZHoaYK+BzK94LH1pVFciChLsK7/hAS:Asshi0H6HjYK+lGi4hhF

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 21 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 2 IoCs
    installer
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\078e13b6f025ba620001b0e49b170157_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\078e13b6f025ba620001b0e49b170157_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2132
    • \??\c:\Temp\partner67.exe
      "c:\\Temp\partner67.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2108
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.crazyloader.com/firststart.php?ll=YES&cl=1.1.7ll&p=CL&s=10229
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:608
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:608 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e4a1f296baedbf4781071e5cb9d450de

    SHA1

    7892f3fe28cc1bb3a6c2a8daa488e8423f23d649

    SHA256

    75f2227ff651e2fb00718c72ffbdc4e1fae3b479a8a35276a01da7b34a043401

    SHA512

    e832ea0d27459f213435f1f24c4170130096f64240e6f9ff195c0a08d10a5d2360b64dcdbe145cda82d8b0bcfe92c99a6fab71d8c857b79fa6bf4d71e0559d64

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d6b72aacd3e446cad96237030ffeaee

    SHA1

    94f53e841f506d2fb002d918087e53f22b062024

    SHA256

    a448d5aecb005faebf4b6c09e067e04bc316d7d8543b96745e230ce11c8b319d

    SHA512

    8256d70309e38478ae6241e844e6e1f33897781e2759d70b3bfa6bdcaf7d0d4fc2063381bea248c68ed7f07f5bd333c08e87a13a9e75a11b056cf0de0156322d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6540281b82e8bdeba24ae45b25a5a29b

    SHA1

    3b82b816f1626d0df546d87595baff9743ac680b

    SHA256

    9f3d9dcc8bb9709f7ea29b34c6697893920e3e6685f179ac77190dedca76abe7

    SHA512

    149fc94c9a122d8755b4113bee6f745fe00df4a9b0744a144d15c466fceb478a3327bbe76a1e968ab18f1988f926544b14acab13d2d29ddb51689734b762ccd6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    afe5048cfaee7cb3765a56a34e36be97

    SHA1

    6bd089c961e01bdf13b9feb98a66bc6295a5199e

    SHA256

    56bb13ef5f2fa1eafaf27ccaff29bda230d98be971f46523b76b6ee89ca0e4c8

    SHA512

    96454299819c3fe0c32a2e135642af8c73b8d7fe795d2bbd648dcc016663392bce5e44078ba69bf28501b030bce0850951a034d56d751250419725d9ff059a08

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    27cf1df690f429d6925e5d801010e006

    SHA1

    1e0fcafc4d6bb62cacb771162a00ece8d194e1b2

    SHA256

    77a14935d2d88418f5fccfb3765434029c3ae030e54630df128a3149c7ac2e13

    SHA512

    55631f2164ff8b04b2606c564d7036c23bde2c5727e08708ebd7ca80afbdc92b7d3e9e713b5df5a9836b3d11294e158c5de26d9c9ddd0ec8e40317461a47e1a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    42e6d096553ba673ad628c2e2b9cdb86

    SHA1

    026d7d9dc56ad933e2bdb39520e7c69ddde669ef

    SHA256

    5f4afefaf7bb48ed149dd2fc9821b5d2e3e43d2da80f84055d921728ef3e5bc1

    SHA512

    ac16c2f66e98a5e315fa570af146b5ba05f45d4587b7cded84ecdddd65a75611c7380e95fd1d0e6fd5d72619c08a0f3f075ec87896eb47f5bf1ee18f24156d23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3f62bc65765b449ab76deb43958c22c9

    SHA1

    c4016b2d56a71b42a8fc0416b6bf687650ace955

    SHA256

    77eb9a30813292b0a24dc6ad628f6c7d7a4dfcaa168cbc749443d41fb9c2cdcd

    SHA512

    b844ca82fca23c4f5e46390069862123455dc9ef59b9a3ee4b7f2e772e7d1ad5c3b457849ab50c847e7752ff8238a15e75e2f94a171fade1382a6b85f3249463

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a2ee01ffe0599d7d8652a7b0dcb7c74b

    SHA1

    3e62b421fcdf9cfab2b81a965190c93a2e6030e7

    SHA256

    d179c0d51790c135c110c8a9797f466b5a7bdc290f2f83960335ca53be7b413a

    SHA512

    85698651ab813d1c09a8950b4e8c3be75c7a910379cae18c8103cb2ea8b31b6692b55871a7751f48b6630effaf70effe8c1e74ed11554eb9e87c3861b38e327b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f36f85511b3e0d46c01718e03680d1bf

    SHA1

    9e11703ef580ea2159527649dc0c6b2009331ae2

    SHA256

    b94accf6f2da8663d4f1edf8d6498181d1171f5ed9b57ecd8cbb6847cc06e426

    SHA512

    0df4938881e14c6bd558d7058a02e0c2d49642c4a18849c1a2e5d78f2bdea628adc54320ca441d16493a48f97a703762c087f1122c66a24d269aecd090b525e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fbd74a468578a5ab33d478f6200d8ada

    SHA1

    44c7688f66e87dcd10c37bb4b290db37405a6e41

    SHA256

    be41cdf465fe0e1c25beb5622cf4a378e4cbd162b71c2c607957d8789a5c8627

    SHA512

    74900822fcc20c04e3d68bc616f336f597c1091d24bd78128c7f42e6b706780998e7b92cefd0213088c82272c9b29aac7f81e3b6ee687f968161f6f170a2221b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    395c5bdbf58c7dd8a337e5fde7bf5032

    SHA1

    bfae51d89b743b727d500c6e8f786dc71d226b3c

    SHA256

    9ada962fa08b01191c1d0ac1e23a38453f1ab175dcb20cf91476f62975925749

    SHA512

    0a5005f83da534f3ea4c8f6e51a6caca116371ad74761ff0a6aaa7a28623160a17d028a516eaea9eeb0d332b3d434781e5a8afd8741132e850e67616795aa3a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    adb3c38665108f05649937a39fbe9b77

    SHA1

    f7877a63dad862397e905f068b909c9b26b5d1fc

    SHA256

    5002d530a78d20b6f15f25f66b7fbb30a89f37730bafc4ff6dde3d939e8413a6

    SHA512

    e9e9a81c0d14595fc04f83dcf49c843bc65d0c407d527a1fa36c91b7ed44e8d1b1b3905c3f20daeba515b82d39b59f3b41fe3d441b2bab024311eeb3e960cdff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7438218f7f32bd890856f14419ced647

    SHA1

    486a8e633e23419e40ceea1411940078033eb7e4

    SHA256

    6f466c08176474a23eeef8edeecaf3cbafd189145ce001c70ece5ae2591c2ad8

    SHA512

    55ee285965a072b50c0dec843ccca08f5bafa89322467b60f830c1cdf196d49a1f8406361ed5a89935e3576e2db8049706c0bf150dd672618a7c6c1f7a8aea1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    19ffd81f8a0bbeb4a7984d7adbefc748

    SHA1

    1566b93d9a0bee55dded018ffd8ef84e2fd3941f

    SHA256

    89f392260bd92ac7ff2f7d9beb31dd86125ee83592c1209a4a64e745a01112cc

    SHA512

    219fcb7231a99cac94955dc2edeedb90dbc2d4d0b4617e106974ee7064f109dae968a331dbe762ec4ed5a5bdabcf9db41309cc80f17d17b7b4087f8bcdc3b435

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0cea7b57fe5ce2664916f9811e52bde0

    SHA1

    09bfafd9c5273554bc4d96362d62c22f1056200b

    SHA256

    3d7c322e2a396c72c8a2965035ec5a455912cd95e62d3cdc03d8f755d4687e60

    SHA512

    46b22ca9b01a972e36772b0280593e7e6a6a4b8589955aa9f60afbdccb3532498bb68bb454f391fe32fb3fdfc4ef3e37a50a7d443df5e3ad46080248aaa9cb54

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c20593bdede2171a54dd2a9f6790812d

    SHA1

    baf76b214bc4fe76d64130f33b86217e6fd6d575

    SHA256

    fe2459450db58f11d5d7a0207b23c9269b654b5aa8cb0820d2e487eeb7f90f3e

    SHA512

    1ba2df6e01717ebce8337159f19cdd2bd553981f2ab36b16b57ea81a1febdd90228a8d96d1d0a7dd267c76cd9536c05c4beb2f9476cc4fcede0c5ca8473014cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef51daf3d307079b3b64736bcba78d09

    SHA1

    06df71f6d2bac1799e12f3f259297ec0416d17e1

    SHA256

    060299e0e6e1b8fc8329e86e5d602e2b0a4e39170cf739d9241cec38a5e26f79

    SHA512

    347b7e9f3d84bbc63cfb9fc613124960a18afa0717d51f1251d91ce5a56a2b8bdffc3381f8dd0a177ed4a2eedc6964bc197fdd3d315e0c69526194b785e948f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43ebd4e5309652b8f36785cd3f0f292d

    SHA1

    47ebabff49899ea9ba25058d035085bd3072339b

    SHA256

    8f483467b17376deda9358f356e3e24f9b5fafdb769c7918efcad91c61d4def0

    SHA512

    92e5a0d52578ca8fe446cf99d6ffcaba488651e00ecdb49f532f1f53d1a4bbeeac3acd701f81ce143fd8fb0d96cec0d1c0c80498b11ebc2fbabe75b97a613805

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB241.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB2F1.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy4FA8.tmp\header.bmp
    Filesize

    90KB

    MD5

    43b68e1955b8d5eb71a5e115f1b70de4

    SHA1

    922ab5c260dc3925ec4440b5a86d43054c50f535

    SHA256

    33a94fd2aef8234dcf1c8ad996c617d0554cf968256849b965b16ba73e313c82

    SHA512

    77e6fd9a5c4352b8c6a257cb2bd0a149d0fbb7d0eed840f7d5905b3c2b41b737cc5eec3db739ccffb22e0f5a5c92c75214a6ff98d902d2c8bb923a8f4e1956c0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy4FA8.tmp\isWelcome.ini
    Filesize

    537B

    MD5

    3b7297f326ab2660d311dcd28c5051b0

    SHA1

    0fac16234dc00284b4158c199d3c43e028f55809

    SHA256

    86adc44a36669cbd9d401d3c5f344cb4abfee2a2a33d5fcf01ba59804cba24ac

    SHA512

    30cc162e86a2018e81e9b6215a5e903764005c6699c157513d963e0ab76ef9bcabb54c802db6f84d617bd831d721955391c99fbb6575d0cae58df566f9efe16f

    Download Submit

  • \Temp\partner67.exe
    Filesize

    53KB

    MD5

    8f341587089816847049072f2f9f436f

    SHA1

    62b5142ef987ab18b0d9c8bda76defa4ba6fffaa

    SHA256

    23ef89b543c84c379975a044ae20b7b156cd74ab65875c0029b1a485927d1d7d

    SHA512

    59b79c09895edef799ed316b96935e2e48a2d464db0bc0c98df436f607cde0c4f7879fd60f3778ef06a09eaef723e73398ee128b3b628046f2a87031ed0e75bc

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd9BF2.tmp\Dialer.dll
    Filesize

    3KB

    MD5

    068ba6a2cece65f680895ea627f71e39

    SHA1

    27070d0fa949a80360426f37b3dfe9eaa0ed66f4

    SHA256

    ef649d2b3daed72b0778ab6b3f22a02e288fd009cf9e7e76eb1991451e580f82

    SHA512

    adf99b31790694d8ad02c56b1cb7c9dadeac49d492225a2d297654bfcd617f3afad23990d1d695fba03af1c355456e2e7c3e972eaa9b5ab1770bbb6eef0e733f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd9BF2.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd9BF2.tmp\inetc.dll
    Filesize

    24KB

    MD5

    1efbbf5a54eb145a1a422046fd8dfb2c

    SHA1

    ec4efd0a95bb72fd4cf47423647e33e5a3fddf26

    SHA256

    983859570099b941c19d5eb9755eda19dd21f63e8ccad70f6e93f055c329d341

    SHA512

    7fdeba8c961f3507162eb59fb8b9b934812d449cc85c924f61722a099618d771fed91cfb3944e10479280b73648a9a5cbb23482d7b7f8bfb130f23e8fd6c15fb

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy4FA8.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    325b008aec81e5aaa57096f05d4212b5

    SHA1

    27a2d89747a20305b6518438eff5b9f57f7df5c3

    SHA256

    c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    SHA512

    18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy4FA8.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    88bbaee1059dcba83cce60777e90a423

    SHA1

    a0369b986bed181c9cbd70e573754d48f7930119

    SHA256

    19add6d77910f00709d52d1118765d9117246beb3d40ed227376e3a8380f8307

    SHA512

    9d6160ff34c6a7c9e91102374abd6611defc9588c7ce7dd8238d4023b2db79ff127aad9dbbffae68651de9e8206acced33b9960ca4a21eb7e6dcd6aa8c39c805

    Download Submit