Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
129s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
02/10/2024, 04:40
Static task
static1
Behavioral task
behavioral1
Sample
08eeb0b5070f0f3e9fd079b7293843ca_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
08eeb0b5070f0f3e9fd079b7293843ca_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
08eeb0b5070f0f3e9fd079b7293843ca_JaffaCakes118.html
-
Size
18KB
-
MD5
08eeb0b5070f0f3e9fd079b7293843ca
-
SHA1
fb1eff0174f4d75565ad322c07e1d774ad83123f
-
SHA256
e0db78b38dce6aa9090ae12050e07f5800f527d60e4afb6554ae7591499d7079
-
SHA512
f770ec5e7b7608f1af97de3c52e245b543d8d83c7c19c2790b71963181bc230e794f7e39acbea38843b02ca9124d1556b488d0d2077469749421a84e4aa7cd5c
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAI34xzUnjBhDV82qDB8:SIMd0I5nvHlsvDuxDB8
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434005920" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{81BC4971-8078-11EF-A540-C28ADB222BBA} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2384 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2384 iexplore.exe 2384 iexplore.exe 2052 IEXPLORE.EXE 2052 IEXPLORE.EXE 2052 IEXPLORE.EXE 2052 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2384 wrote to memory of 2052 2384 iexplore.exe 30 PID 2384 wrote to memory of 2052 2384 iexplore.exe 30 PID 2384 wrote to memory of 2052 2384 iexplore.exe 30 PID 2384 wrote to memory of 2052 2384 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\08eeb0b5070f0f3e9fd079b7293843ca_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2384 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2052
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57da7d19d936f2963088812ea5a5bc74e
SHA1c96fafb59701823cb8d42d5d10c116f52251a1e7
SHA256b52f22b592200f7378640934dd05d589b9c0f0c0111ee74243f7cae48445cf9a
SHA51280e0128a270b7860828ffc350805b6244c1115fcb69b23d859bd9b72184145959be69460295f27ebaa871be56d5155838b54a23e214c2026063e666d0b7cf170
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD528fdcc1fcaa7a895a0b5a6359e6e4fc2
SHA167a7912238bbf8c610aa4e4ff1a18d079af50a50
SHA2568cd956a216187cac913fe604567cba59672e7feb7a1288b3fda619e7a82e06cb
SHA51220d7325ff138720b5a4beee9c0f38341b12a0673e1099f8d72384361f0f0c7f60282410ac46bee762eb5a8df8cfc85d96c1faffa26b5bfbf922b7013d4354e22
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51744087798624175bf2d7a4177d8c225
SHA109401f4dac212d2e737d129d946e132de29f0c47
SHA2562d268f52889c9a0dca569ffcac0ea3bc2af07fd4c694c3937b06d66d29cd633d
SHA5127cbc8e22649465936af1df2c07ef2b895f2b2743dbc66629012f7934b229c4c5d1b1553f5fa41694d80f2380159d06af394cc39c48e5cc77332849f94fa8d3ae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57ad6fc5f37bc93213dbefce27f6be526
SHA13fdd5ca33c5b9930c20a428ea5cab56102326e37
SHA256ce8aff31ffe50287aceadf6f61cb8a0eb3a1b63de103e8f9987d986836842ded
SHA5129f980ce55a79f16730dc8c2b77b6312fcdfcba2f1ecf3fd6495f65b8518085105fae2464910ff1442b9e5f34ef7425a83602fbce3610b54c8a05c81f2ca37607
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD556a3ce9cdc0a47bf5b815027031c4d65
SHA1247a0461efd34aec2922b4b268dc0cb53a851f57
SHA256cbd0796b2c6384e7114a2403227a5df219d4879e6aefd7bded94ac385cc30997
SHA51205eba3441431619d468c8b3e01868b1d6203efb46fa26c25d88cf26f1c985eabe0924a329d6e3f3d6268b8a0661264c1b54dee04f210c567c5cbfff04c097ae6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51d6fa35efbb2f552ef70cda2e46b40ad
SHA1ab9bc3d0ed835ddb717fe5d0b5fcc8a600532e56
SHA2568d1836e57c07e8939bb054633870ae32dbbe95ed174c2e42853fa34722f4bd33
SHA5129831e572adb3cd4f73e858bf197d766a21374e3fffcfddb60bce18630573d0db513ba94dfa2c702c8091a847a9548f71530f51092cf86f328c68e7504a0dc85a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d0b537df33dbda99e05b12ff76def3f6
SHA1dd75d928a959c5a2481c76c5118d069ab88872fa
SHA2567cc883f8c0f334e02a55f3d0e8910e2a15ff1568647e807160f867686d1414ad
SHA512908af4a46c9c237b54b6a6d6cdc9b3539aadd3591bb707ceb8477aea828df509623184eef60cdb54bdf963daa219bc435eee42278d52868c2b61925df8fe2e7b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD514368d5532f3752187d3fe4ccc9ea992
SHA111f0deff4e86922f9c9a29e6a90e09bba798ba4a
SHA25625b1356145102633094d4607ead48b98fb8af43ec9f2ac0c20326138aaec0a8d
SHA51258910cb5225183999a657c6dcade5d60b712a2589927535f7c5d8ac4fa40b71777582384b1efe0c747682f5b6dd69082ed02380b198936bc6b8c9be508338d14
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5565c6cebf6ae5a94086ee7f284f064d3
SHA199eb8f59f94852eeb0b70efcc00a637787562b3b
SHA256ec2d183b060f2b194a5410c975c07fa728596a4fd480fe930a356d3a3f817c3a
SHA512017315eb54a73d0f09438a14c98fb114af80d94bd8bcd056d01e05c62d81b99d526b3cc7450e2f3132396c5e6e8613f24649538c8e257e7eb3c08a3a2e8b413d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b