Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
02/10/2024, 05:03
General
-
Target
0904efe9f63a556f1ea8695cdabadb96_JaffaCakes118.exe
-
Size
1.5MB
-
MD5
0904efe9f63a556f1ea8695cdabadb96
-
SHA1
0b7eedd5052276e02008f69cb85e7e4d7c5b3535
-
SHA256
4d4a9dd8b239d394f1998b481cdf83f869be2af2d8d568fcb47648d0d42bb71c
-
SHA512
181fae5866bbb2567a43a30ffe2e5ca7a8d016491a66f2b2fc0a725c772cd2e46f806d23ba23946c223ecf7e510657d763f748874f2e3247c035eba1942c3618
-
SSDEEP
49152:NEe3jEfDI94myN4ghZ1KX82Bh/Dd0r/P9JPDdabvwM:NT/9S4OZ1KX880jPfbd0D
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 7 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object 2 TTPs 4 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Maps connected drives based on registry 3 TTPs 6 IoCs
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 6 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
NSIS installer 4 IoCs
-
Modifies Internet Explorer Protected Mode 1 TTPs 1 IoCs
-
Modifies Internet Explorer Protected Mode Banner 1 TTPs 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 64 IoCs
-
Modifies registry class 10 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 30 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0904efe9f63a556f1ea8695cdabadb96_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0904efe9f63a556f1ea8695cdabadb96_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\netddee.exe"C:\Users\Admin\AppData\Local\Temp\netddee.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Installs/modifies Browser Helper Object
- Maps connected drives based on registry
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\wmajsqckmnbrtudjm.dll"3⤵
- Adds Run key to start application
- Installs/modifies Browser Helper Object
- Maps connected drives based on registry
- System Location Discovery: System Language Discovery
- Modifies registry class
-
-
-
C:\Users\Admin\AppData\Local\Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\setup.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.ardamax.com/keylogger/3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5f85554f0a779155fd1795fbf6fc30f77
SHA12fd5bf05ff37e30375a3a0e9d4ce94979146079b
SHA2561188bafd5697bb8c366ba1ced91703e9d3f25d5bc6accb42cd83731915a04821
SHA5121cdd30d2c21c5a835cf3f6e5eae3559ad6e3d0fdbc2b644370483c994ef9a967e073795e8bc1a7d3acf409bc473f017c63caa107fdb62d05ebcda70897ad48b4
-
Filesize
342B
MD59f64ed2e45c6d16475192719f65e7942
SHA1554df69d5908def53b544226a4324904035f4add
SHA2568433e90d2a04629836f6ad00c2cfd776b82eb8563893689799c365bfc0430e50
SHA512b91b08abbbc7be491757ee23ec4a328636c725f8e1baa4b6769bfcba57c899aa6d1d48721387171914bc80ccf3d2227d517b553d56bcb9b88534c846c84b0646
-
Filesize
342B
MD5413026cd8c5b8f2ab2d705bb499e0014
SHA1ccb00ddec59df5fb4a17d82e4cc3ce720379052c
SHA2569a2d29db7117f0782828fd1f33b07f4766bab54141e52f2f18ac696497db886c
SHA512027373694359e79f91b66827ec474bfce4906aba65f901af1735679168de4b84aca8b625d13d749c7eb3455b9ac8e056261484538d6fd6680315f9359eae8f43
-
Filesize
342B
MD5fe00a5b8c8c76cb3e1d9eba830c41ca6
SHA1d0d94c0201c6c55206d805dfd03c959469b22e52
SHA2567fdc397a448ad8c9d07df99e462f01852bd73d9f1cd6fcf6a43e4f1ec646c290
SHA512ab367b6135750f3579be18bda56d2d390b03186e7abde90a2b806f063e8615986f04a6f7bafbb211fe2695d6b660608531e883374283d182b86f3b918b2be31b
-
Filesize
342B
MD58f5421824ca996ca4d9b34e1fa7c43f8
SHA1a04a2005ed1ae646981b3bc6cf6bad35b4eac107
SHA25693ea61430f8f343fe3ee7e84a257676b49b24e354da7000272ac813d8ff0ca76
SHA512f4bf80fc3c73ce33809520f2b4fc56a161e4215977e53490596f9a568c9c82b1bf061b693ec75af68710287076239528656e5dc8d6512c9956dce53595118bdf
-
Filesize
342B
MD5ebadd86daa81db72fa8dccbae7ffdb45
SHA1105062b9275423dd6668f8d7f49ffe06241924bc
SHA2564edb7d3e370d30075c5e0482891c0929dce635a9a5900736176423d349f3a5fd
SHA51254ea3dad90f36bf4cc1efa4766c738a065c280fb2cbaab35e352a2e2b88b891ff3be01fb11a2287d79f5883dd80b9631166645e5ba3212032a0240b8fc5385f6
-
Filesize
342B
MD58c980483a08056caba6af1821b8bfdcd
SHA11dab9d2b725b29c6a84a3e5f657144b2c413e6d6
SHA2569cea481f6039586057bc2474fb4da12b003090d7f1ac2410059d7a1b54db1fa4
SHA512aa0fdeaa21160ba0babea64e77e5c487e962b726f349e64ed09dd067515d43bd9ef77a02524b48b63017c4fa3b59268f4d8154aa9acc2c31152b0b131acd66bf
-
Filesize
342B
MD54c94065899adcca25baa999c75239e9e
SHA1f3faee23350c3c78ab3c6c543b8dd11767b3fd2d
SHA25669ee41049fda10f8eec4ceb5da7abc2c1405c29af9dc199540c58ad9f8178619
SHA512cc0e547ee98077d9440f7f74d0428d9fde6a3c896831d7a3faefc5f72790f9b3c0af3da444662e7a56737f5e8651be17e8f8eaab6721f93d8df835f2a8379306
-
Filesize
342B
MD5f5fb311c691b212e3ac4d3aaf21c6663
SHA1ee511717298b3c2f45ea10777dbfe88355389bdd
SHA256efb40f282ff641454096dd7ef519f03d1469641842e39f271b7500b6022ff77b
SHA5122be248fe925342fac3aa55710fd977b0671827d1cdc3f74f6f9754ed5dac6782bd7c6114aaf3baa7c651846b09d8eabfd7b38a81a2f159c467b43c9c2dbb9a85
-
Filesize
342B
MD54e1ac064ed57d28a813ead87043d8025
SHA120c48877ccbfdcb3b86bdfdbc21a6b3d7eebc1d1
SHA2566dda6ccff798fea939ca31e939e2cff99be7f77aad7315b55fa16ea092d7bef9
SHA5129b7c5b8a6b02ea4c9b27c0417a8df1a06739a5be8f2c7c66455d2dab26af132c239e96c20bb38ddf519e4f6741120b81507237f97dd3e930dfe723e4bbd9a4d0
-
Filesize
342B
MD50c05f8ae95fb7e90a90b523ea4bbf77d
SHA11668753f0a9bb023fa4b7f6e0fee068ee317b9b6
SHA256d27998018e3c2ecb99a9e93d43e4df3f716747fbfd70d1204ae6983e0dadd234
SHA51208c3d633feac467034adac9ef1eaa2e78430ff1f51bbd362e1e8851777c8ba036c9272661dd5029df284ec20f6d72c4e647b580ef5a0b0bf491bc5278cfcf77b
-
Filesize
342B
MD56abbc4c888ffa9668961bf473607d61e
SHA15a7019aa1d18747dc56afe0058b5fee730201ba4
SHA256b8e4980230530a5b9fbdd15200ac04f96db0d1f464848854dd1a485a2f10cae0
SHA5123a494b2a8bc9a1b6f2df2b1861c5c562fffc2e1aa0fe67460fdfdaaddc25096633136a8c494aaad40b783e96bb443137930bd5fd0137a5dfc63921d82eaa2329
-
Filesize
342B
MD5f158bf6d56d458fdd708730a7426dc3e
SHA1af32e02e7855d454e3c6b4a2f206e7ab05d3f1ae
SHA256b503591b1e5ae6a95ffa3c8234c9490354e7ee98d4605a38983e1c818c2bf146
SHA512a094967576e5a1fb06e2d74a2e6ce64dbb2dedd196649141c40278a9f282fbdbb37f1431620dd07f55e7adf6e0947ef8daf62533313a5910a9edd31c605fb58a
-
Filesize
342B
MD5ad12e6a9865aa4538628bbf41d3ac830
SHA19411462f4558591539ac8776a06b5e0a245abbad
SHA2564d762bc23e72f3107c62517d41896941fcb586f0694b0ebee7c32c1496af5f94
SHA512c8320e866465f974b15761d53127ffc6d1da28712010f6159f03a06352eba7524eaa49a614468cb590702068357f07de6a2509439765e6dd7ce041af4913ce7b
-
Filesize
342B
MD50dc8a05d232232c9fdff699fabc3598e
SHA16895d3d87e19cdebd6307b7d55343805a476d590
SHA2563445656d73245fdb98d9ca5552efc6425840e4147d49dafe5fd3f7032400f5e9
SHA512b1cf5c9ddf99cc0e7d9f8b9ac87c675968ad9905a682044254f420f91b49fd5020dc397f02ac1693c1205119362d26b439782bb2abd5d1f51a70b487c967a6e8
-
Filesize
342B
MD56ae2e2e7b924417f65af996989134ca9
SHA1aa19e5e8fcf36b5fbab700023e29e3d67cc0e246
SHA2561f43e6efa8f46fa622d57b8ff67791c702486a523e3c096ebd5b3badc75a71ab
SHA5122185da1676a3ac620e7bfbaa2671dbb9459c891fd5a9b037ffaa796c2bb9af32deafd867f5b5701594451871b73ea034e7eceb8c04167f36ebcb0b83d6dbc7d4
-
Filesize
342B
MD5a9dcfdf44dc0a39161481d98941864e2
SHA1beb4042973194cc17b91bf64ecd8677e8cbf9d4c
SHA2569488f4752454ff636827eca68121f8944d383f7350c37de5902b144d47dbd365
SHA512940b4278396fde1980ef7b4b4bdfaa01a60775d7000b3c3794a3c57b68960f1309623f4edbdc4c2ec6bb3b25a93858bba6ce0a6c3c90aa44661adb6d120e5370
-
Filesize
342B
MD5b66392569b6b6e84acbd9aaebc4337b7
SHA1f5449db7f623dc8ac7a22eacd863435ede3942c5
SHA256a99df01f13db06a2f9224ef644b83f99844a68bfb782faae23b15a05722b55f6
SHA512be027890e66752306f7853d32961f13c9b6c25dcebc7fb78fdf82ec7878b3be29163ad42b1a9ed9f7465c13a3aca83a1c47d867cff79bc589a87da3bfc08ad68
-
Filesize
342B
MD5943a06feefad70afa32f582aaebd0088
SHA198966aa8c30e1fade5a3531ba863951413a5e242
SHA2562879ca7caddce72ea72a779652af193957ba29b35c2438493257826331bb7eb5
SHA512b8a3c457188b4028bbcc69c0a664dee413036359d7d3999a02ecb643fff35189c32e6218dbf0b2f3cc86f58dba88c2294a2420338f9d5cd392e315fad9537c5e
-
Filesize
342B
MD5a3dedc59a77d6cdf3ddb042489c995ea
SHA1f653624237753ad1952d1aa0667da7f18fd4826f
SHA256f909ec2659caae24f83ebfa19a0d03966dd72b117449e721aa74b9a6a0a57542
SHA512d4f1f917629e8add652495d715297b7d14f3172023f8260e2473c0bae98d98b5e90e7463f98acc2cbc07bb6f99e70e2ddde18aea9b5d48f27c9c099cb58ac8c0
-
Filesize
342B
MD55b1f15b54de2bd4f353be8dbd61e4237
SHA12e7da0a0a0d2d76aa0873398c55969c5fc00c420
SHA256bf698108c160ee10051bea67fadaa8d1f289c3f34e7ef21b1b32ff71a6a8a8d3
SHA512a78e87bad6425baf19c530d452e6b670161b79056afba1dca811a218ad7ce21887a58f879ad8df4632daa6b651c54230bd9b09c4548065427b659805e02f3f75
-
Filesize
342B
MD5c9a22e697131b128788ebbd201295c39
SHA174468bcad02fc56d83a4b244f7d5f42d0b18b45b
SHA25603be9ecfcf18e465883736d6ab6cc51be71c243088c8f36096cba835562ffbd3
SHA512fa6db43029e25f5c28b4fceeee6a610f6e2b9ad0961abf06704e4e52992461124b26a39ad6596b2ae1843b10b88e10de5562cf135c91e660668bd9eb7110b94d
-
Filesize
342B
MD5f9cd8e67b0fb50c6f9b3ed56b3eca262
SHA1baa81a8992f98d835253092a6d595e3f709518bd
SHA2568937865550f3ddd30a1c867dfe1380fc221b3c034d8a2ce99d802729dfea3dff
SHA5129fc36aad9f96f801a75cf63a029eba28151ad8c6ca3966ae57ef98c10734e8be89898ae0b5dc341e1c8c517a1e56e8a954944646de263cc6e56f38d4f026d47f
-
Filesize
342B
MD54b5c603f5db1782299bfb705dcb563d9
SHA15d7738a51ac7e7f04c086427f23153f73bb1e560
SHA256204dd57ded02b64f7019ef3b33636766a472b5470da51da9abc2ffbbdb23c825
SHA512e43d0220e7d6e55c39f467469a22bf3bde3819024c7f1d71e72c1d3d8fed7889979b8d5cf5f9af3411fd1bff421aac37d12834db3a5347fc4f9f43be1925a555
-
Filesize
342B
MD558e5bd2cc937e8c1e6ab7d43c2202095
SHA119b04de0d869904c8ceec592c6ec65b87443b79c
SHA256f7cb5de3a0f1ca9f63281807ca3cbacc1639a4518b0b2360770bd42a44d0910f
SHA5127cd05156c0f8e2c3686cc791730e0d9afcfdaa54018ebd1b24d784538c9e874d600903268802789442d920850a5c14d099fad9c97834cfab18f8bc293e5960bc
-
Filesize
5KB
MD5db8f5e2cb19aa87b1d6b6a41b672e33b
SHA1c0b6dd1ab91e598c6094a1461a310e9a9bae28f7
SHA256f3f325cf29e3098196d90ea461d6a063026f616c29404ca414d82fae5eb17cf9
SHA51272ae4c32ac251e292acd6c0f156e8ad2b44586decfaa71e14bd0216e681e0ae209f507b6942231cf643c1f14a8afe814bb8410572e6132810bd9620788adfdf1
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
507KB
MD5ad4b2243c131ada12b25cb0334690a62
SHA1811da77cfd2021738196ee13cae9ec9f239b9118
SHA256ac7891555a255a9b7fe04b78ecfb035507414a6a8598422dab771214d1410a46
SHA512ee207f92b0d45dab82b486fda7e5baf7e3a476a2418b866f4e00a15152e0a95284916c04137b19e30e078544c391a84840f6a88efe5558e78058e24b7501d049
-
Filesize
13KB
MD57f56c0d6a8733dec142814ed5a58b0ee
SHA1c119e66f179cfb758966f3cf878466057bea1840
SHA25686445396775370aff5834f10bda25e505b6f89efc69a04fe1ce46f5d128be73f
SHA5128b3b9bed985b3583b7be8b2197bb068e5d5508f8b5c4a7fc1278b2662dc8d9a53fd6df63f636e44bfc5aa37f030ac76b8d259d6b446bf87d5c72b74ff5b158f3
-
Filesize
877KB
MD520a9c78acf901dd4328881cc067e336c
SHA1e39e2011c8504dbea9356a0dee4770ea30d95509
SHA2565dc895ed2436461a93e3faf2e89332ad78507608d8249c58b4c093e2d2d3b71e
SHA5127e8483e19bcd1b03099eb7290e4fe32d1b232162da3da67cf29142c33fead4f82e3e6c26094ccb0aadcb7949d8cbb07db5bd56df8e9069a6c67fa2a8c4d51b72
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
Filesize
1.0MB
MD5c54a5bfcba4d9fbe1642188b068bc1e4
SHA1f75f0f4818f53882ab4816d6db8043ecb7306c2c
SHA25657cdd25b0f1d9e6db58d10cdbc49850e2fd71826ec637646703d97df9c148353
SHA51292bd4b7317306f6aebf2f5b72f278908b1326bffe4c4c18fa4d82c9ca4c91d167412b3893c24c12bc0d399d48faf2e4159c60fd7f8a80bfe566258be1a9350ae
-
Filesize
904KB
-
Filesize
8KB
-
Filesize
904KB
-
Filesize
904KB
-
Filesize
904KB
-
Filesize
904KB
-
Filesize
904KB