Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
02/10/2024, 08:33
General
-
Target
09ca29c8d8573e0c4b4d034ccdca7ddb_JaffaCakes118.exe
-
Size
768KB
-
MD5
09ca29c8d8573e0c4b4d034ccdca7ddb
-
SHA1
55721de238b7ea9b2ec32a76a99c0a5fb0faf817
-
SHA256
b0a01e8e961e890c3b16c319c551b7309cf6cc2c14a31a0ca61bc7746641f8ca
-
SHA512
ba9aadda048c7695ff44946e665f94b61d888365cab5dfd3ca9b3cc6f7c87f5ebffc018c06af367cb4d9c6d0127212391859fb40ec94adf2c9728fb892df835b
-
SSDEEP
24576:Y7ZFFW45c3dj5dP/EVnlUgZ1GzAgYJlaLF39oRx:Y7ZF80c3tnk5fPoAgQlah38x
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 15 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\09ca29c8d8573e0c4b4d034ccdca7ddb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\09ca29c8d8573e0c4b4d034ccdca7ddb_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\pxinstall526.exe"C:\Users\Admin\AppData\Local\Temp\pxinstall526.exe" /prop PRIORITY=Y /prop INSTSHELL=Y2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.prevx.com/3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2772 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
33KB
MD533cedf025222001bf8e6005fe5b5ccb2
SHA1dbcd5ea64c46761c51f922c53dd33e4dd472a165
SHA256eaa444d316ffc17dedbc427fa584479f10e926c776fb910820dd28d3174d096d
SHA512ed3ad7fcf34da46b9809a44f2382f1e6703a78095403d94d3fbc1bba00b226754d6ebc8e858b1cdcff4ed7548c2d66047b3497198660a7fd0ea3e2391125f353
-
Filesize
342B
MD57423f1895fecc308de65a9053880f050
SHA1a5755db3cc5a504f8e94cd9ab4f39adb988e1754
SHA256d1b1772f392c7295468d430fa3406961374fffa634c19e0dd798084578fd538a
SHA51250441cc095a2366f930341ee5effb4aec661cdb8891a74b1c31863ae85c4b26b6c9022306515fd6a8ba53fe0901aa26ccd0c8e7919b022fa53d8973f70280907
-
Filesize
342B
MD53a9e3184f33f34471bc5da87e517cee5
SHA1501f60ec93eb745c1aca6b1580f2d5cd4420a909
SHA25626b71178c848658fc1e0c7c278f65332ac8c7d17bdf8814238ab12fb982d7e19
SHA51212462f3a3f8b305e8f7841658a0fddc30585eb755eaab98e466714755478da1ffacbe78f9f8b263687a406772285fb1b00d0bb35e087c1f4b9017f756bae35a6
-
Filesize
342B
MD573daafef55ad1d6ebad7c0c7cf4c7f3e
SHA1e372df2ffb7eca8239f304d14e4754b73cd95418
SHA256f4d92c0a62a02273f03a325cd181070d6459900a096972efc4f9e4af201f3aa7
SHA5126a9c86a86b57da7a8a372ee926f9f7cbb89616acc7fb41924a8a8b6da53d83146fd71a01b66023a7ef8ae4eacf0272e427b20790bc6d61527b1616477efe6aa1
-
Filesize
342B
MD5d76d109309b9de076ea6c20f4b928d50
SHA1f16dc7c6681b4f52f4f4c15b71aad81eaa4ec495
SHA256715312203be58b983c377efe463e0ae066a41c57f0c2648816d482654f74fbac
SHA51264d30bdb9b85763af0078731594000c7420501168a121edad64bf0382eb160edd6c0be9e6cd84f4ae5838edea4e99650fc9de1666fff0d96d612b7d544862b61
-
Filesize
342B
MD547082a60cc8e847d0d2cd97e5a16de88
SHA1d1961e46bc25e1b76df9b71f09f892bdaebd4908
SHA25693358b5b7c147eeaa081249b8bf7a3d6534d343d34b728b485f4881c333495dd
SHA512d5eba7923a7fe4abd6c3a53aefc0d5189f4ce67954748eee73d1a356c912ce9f9d001258d76f50b484cd25782b0e52c64e116e5d99ce44ed0d834d53d10add01
-
Filesize
342B
MD590a7fa45256bc452fa0b08bce89f19bf
SHA136ec05128f9be9ed193c8f93401afafaf38f49c4
SHA256b3bd3ac5ca62e3a17122f8082b79df4b6d223dbfa3de88c9d1b74ea310da5ac7
SHA5122e49bf3134f385b0887d1520042c5f7db49d4b87a0b8b69049f3aa2482a8962ab63c470019a72a076b57834227db4c16085342eb10def9adb0f57fc0cdd3806a
-
Filesize
342B
MD501934f2e1c6b4f6d00f94d28306e1337
SHA16653c22066f88c685b81e0d0517c68979453e8a0
SHA2562db6ed17a909c841c1ccb185f27fc96a55401618980d1abc02e9390fb733ac22
SHA512fd920611199ff3cedf858f6fff625211913b26d8863dd1973a1793a5ca84b5f2bb891b07a28ebb21d430589d9780311ccf6644ca7f3105a5543317b5df64a6c9
-
Filesize
342B
MD57c12f9e9db67ba40e5f7c813e377dd63
SHA1ae87af0aae170c97c2358e6aa1a16a6e61dc5757
SHA25605e24deaffd06b26fe7229ed913555e6751ff5a7712d9e48ea5a82481718c917
SHA5122f0ccccbad360b3fa6f191353eb9014c8211b83058409978daf752364da3cc275e2e786d73e2a6fae821548e62b415c64ecd3ce21fd1c9af4af73d2b1e382ab9
-
Filesize
342B
MD52dd324e6c787ee2e15be326ad80e8cf9
SHA1f527c72f8f62f5e1f539133397145f89660bdbe5
SHA25603597757dacb2d937ff09abf16ee87ca0ae91f2bbb670f07be1532e8c648b130
SHA51203415dd44780bf10b56f7a33de65f5eb9244119d0d5865ebf620282dcd6cd0217c75df4a0f49121fff35e9211a9441a159da5219cc370c81ba473874063dd777
-
Filesize
342B
MD5e6189a2343e5b3da480724c6e34a99e9
SHA1384e1e083b1574f74b3db14d31a21d087396e0f5
SHA256aee7cbb5e1b38f221fabee3fd64a7b7677666f61500e55fef096df6f63d20829
SHA512e3c76438cdde5862b1e41112f4a03573ef4f38936dcba31467b1a6b8d3b36ada71b9d3a0f818d78ec3e9db511a93e6c442b1f1947edc35847287a769991253db
-
Filesize
342B
MD582ce267609ceb10bbf4b535c85859de7
SHA10156bdaf92b3a9450f14d91261044725a71dcac9
SHA25680f77a58fa0f4cd0384f7422eeb15f4878341b00b2a9d874442221ad02e988e0
SHA512edaba14a3d246f8f0ed09e51517c0fe0d02b5f56ad9a9d5ce7b84933799f01b495adb87bd5fa8bc34abfec08c04a8befd2a4e785886870be2c5e3c9d54e83518
-
Filesize
342B
MD5d22450902cfce59d59ca0202ab15f568
SHA173fcc3bd823a026d67b6387ed30849768ac19e57
SHA256810eb4e40bbecf5be165cdb257571d3fc1f53422d33465982e2e4e72c0197d07
SHA5121e05a48acf3c1a88cfdcdf1bc7b228015c6eeeaddfb996d17759194d31aecb4637b2ff5b5297cc80ef18a66071065da46f00eb96279c009534e7b22c64072279
-
Filesize
342B
MD53648b86c12ed425c51ac50df2dd7f83c
SHA199da189c39bb5aaa143dc43b1a29533c72f63e85
SHA25680a7abaf295ed9ba395d749e2e5580443fe55a23b5f2f1841ffda95ff442efd9
SHA51297a0b973ab05b7c5291fbe30ddf7aa55200521ec86dc78298ca631de2559a9c60b94e91f1e25db18ed43fe1a3afff1846c3673c6cf7914e85a6f32244ec0b4d5
-
Filesize
342B
MD520169083a3073954c20da52eee128e3b
SHA1c9d12a8c879e3cadf7fff146c72bf48315305afa
SHA256d988133b041b40d7f240f9c4c9787cf7682ae094d6ea4ae6e24aecb5c76f4b4d
SHA5126caf91a7fd57e5003487b805073d643768c389c0922843d04d0165d5c78e4e34ecdac7a7801f2843409ab6400d07d28063d2f906056eeba56a2e9fa473b1de03
-
Filesize
342B
MD5d36f7ddeb5ed322872a8f4a1e3611400
SHA1c3d39901af87417ab24b3afc3dd2b39bd2ab4449
SHA2566c639df6779a9479db27b54bd50b2c822ec3459c460518ca378b05526050878e
SHA512e8f937dd0d6f8980c6cd92325bde79b0c648f92475ac3a69b26769dc7ae0c1f153382249ff5b5be147cedeafa031d38102030363e1b3dce624e67a938947d480
-
Filesize
342B
MD5d2fb11617c7f97e4a98c514796fad5b3
SHA1adb7eb71abca7ca1d99650218948c7e413798922
SHA2567174eefe857a35e26c063c598df89681b3100a8286618ef38f092135cff39a93
SHA512401faac106628a6ea824256e8a2083c8cc016ac25f0fc7d4bbe43a664287fc52b1516889685ca9b1cb2a6b48d2b91a89bdc4922b5f4c9b001627680a845dab6c
-
Filesize
342B
MD5666168137d651b81b73e64874609a73e
SHA1fa2fd02b5fba9ab3337233054e123992947f477f
SHA256c8c12454ab2402ff345bb6a122689529fa01e084e8ffbb21836ea670ebcb576b
SHA5126d94a5aef03c9e1e31e46818f9f42c5b6f00bfa4e077db4116cf58a225a1b8114b634c85f121c4061dae33e7d2e20aa3389ead8ca2d199ed4d4b37332709b780
-
Filesize
342B
MD54ea4d92266a1d709d06b1dcaacdac34a
SHA117ad79d7d9752fbaea2f1f73649e933485869dcc
SHA25665330cac8efde98f54a05f707be8f991e27f54add1c250fa8c27d5aa9295c11c
SHA512012bae98674ff8f7d36227b9a67e34771aadbe3969910d5ecdaf658db67e2e504dbf043b38e969c8b5f2c416e6bb4454ce745de79993288679aacf593ff46c09
-
Filesize
342B
MD5783cf4cc5ae7d164a3cfceee682dfb1d
SHA178ac24cdcf807bf7e11bef2fe20d2fa52eb42fc8
SHA2563bec005b256358102e7f4c8db1901bf8807d4576f8b2cbc03f3cd8d22f44ee04
SHA512688a818ca7aa04738a1ccd90e5e448c4ee5b506acff760db2271cad8293c50d1af9bf0817eff838bada53352ea925a5aa7bef109eefb360820d547826db69b81
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
4.2MB
MD5dc6dcb62ef19ffb6e19eb806d53e8816
SHA1c3cecf4467bd0b38559bbc5df7a900dab7315943
SHA256833ba8848f93cb639019b6128a64522b343f552d8664e5de460037279e9a70d0
SHA512cd503482e798eb704ebc9f1ea16f72890d653f5ba6053c8323187cc7e4962ef144b158558f4bd968115195ecd4952a38d534341e89455711bf6a944da129de35
-
Filesize
832KB
-
Filesize
832KB