Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
02/10/2024, 10:34
Static task
static1
Behavioral task
behavioral1
Sample
0a3ba2e4344794b45ffa5c07c14080e2_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
0a3ba2e4344794b45ffa5c07c14080e2_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
0a3ba2e4344794b45ffa5c07c14080e2_JaffaCakes118.html
-
Size
85KB
-
MD5
0a3ba2e4344794b45ffa5c07c14080e2
-
SHA1
4380a471a16f2fe1235ae4f7c75768f617a260eb
-
SHA256
cec1b430708a092cd47a833dc019a9a495aaef16fcf062af3e099f783ad7f459
-
SHA512
3c5c3d7eb64d769f6d36cc72d051c5db2fc1aa89cdd9dc09897f382d1bf79c11d3abf6a7e04848db14961cd427b5a50861214d4c667a50ba2a1c4b983a1c4994
-
SSDEEP
1536:L+ipVn1BUNqvLKvr7R/knVpWCU3So0mjiMpbqqvmznhKv++nPLB1VV:LBvLKvr7Ro0iyuznhKv++nTB1X
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434027131" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E3E36E41-80A9-11EF-9982-6A2ECC9B5790} = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2028 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2028 iexplore.exe 2028 iexplore.exe 2716 IEXPLORE.EXE 2716 IEXPLORE.EXE 2716 IEXPLORE.EXE 2716 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2028 wrote to memory of 2716 2028 iexplore.exe 30 PID 2028 wrote to memory of 2716 2028 iexplore.exe 30 PID 2028 wrote to memory of 2716 2028 iexplore.exe 30 PID 2028 wrote to memory of 2716 2028 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0a3ba2e4344794b45ffa5c07c14080e2_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2028 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2716
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5240c8478de38245b7b86ed445fb3f5f1
SHA1d93dc3d1d119d3f8ac428a5ffef3ed28b82e4384
SHA2565838620b323433d574a5eb80cafdc0e08f4d49fde5cb6c9513872543fc9d528f
SHA512254503efb47d490fc5946a41308a11830e16095f8a6f4610e176a96457d1407015c5ec3fb83885834a7178f537b3004946424f62da300f501450f352a373bd9d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD558c41a42d9ae353967ba13a036545e5d
SHA1e221d707964265e2e0c69ca2a8305c51623c6aa5
SHA256f47b61126232d52266fb8500375fd18d0918906fd2c90d6d1138831e75a64dad
SHA512a8e8fd13c532909278dda55334967e9ec9f8130f05376f3e6c7bb3c1c0019388f3f22b431c56efb8675a8225da286a319c1fd99c11c4f81e0b9a37f9cab10f30
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5333465427576bf657759b6261605d06a
SHA1aa6e8645bc4e0c50bf46229c5fb5ba6239227d2b
SHA256a894e3b89c5e505da2d97ba2d9940540da41ff33a496717fd07abd1e18fd29d0
SHA51202018c0e29806bb632028a6650314faefe3bce9d56af62f42cbad722cb8c41575a1baa23d62bf69164ee9981e6e9ab8f06aa6ba3b6d0863613d4fd098357cad9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5599c82016cfe04e7b530b6ad5de2111c
SHA110e7afa40380e541d7be07aa04051b3a3df1e71f
SHA256a2d98da4a1567ae3ce309c2d35e4b088936d93c89bfcc6470d0e3e7c3a28551d
SHA5128cfa85f066add33aef349a7fd2476c245ac737787787dee93503bc3c0a9352bf298b7a154f7a7f8f0bd212f46adb203fbf407fa281023bd8814e724845cc2c12
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e5b7f43949b31d30db9c2899d24a7bd3
SHA19cba3f97ead81ceae64e36514dbfb28824aa415e
SHA256272545e89dcd4f4d2d13dd0f9ce500bc8bac75a7504743393b768fde5b6fb7f2
SHA51263d21ff2d7e54310b75cca751cd85cf59da9dc40203fbadee7f9eaf85c08ba50fd13bc160d7e16193ef841c75dfb02b5b5507d6ab41a73463358189dea37f0c2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52df53a8d34d1f74e6d5b3a713d18e472
SHA102c35b39dc4f57a86ef0ea5a438625ef9b87ee3d
SHA25642865bacaaff44e091d17e2af3d9749403523a0b929fef2861e094a20ab49a25
SHA512286453a675467845ab77789008f8ce257f3cc620f35319c918b9c416b312623ed4c239fc38a0a11f2c38ba82dcfbbc2d304e202ab21dc4f8c758f6928071cd58
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eb37bd2ed6fdc53d4afe52e48cfee70d
SHA1dff6271a34a2f59c7d7409f35a1db46b89e30b3e
SHA256067b1f18195752868d82f6751ce547db561076ca4feee4f37bb17f4248839868
SHA51223d64de38ce794e179e3bb8054a5dd8e5faecc8039b8d85818dcbcaed79d4d9b01dce9fe44bea0aa5ffa8da7cf574a40a85b1674d46545aa351e9b634885bdca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55477f11ca56deba771bf8c0be1c01640
SHA13f070ebf6d82d91329677cd6d4278f72d83b1243
SHA2560e709c7c91b94f079e034e40815d14c4bf0823f4904a8d8e7c1eedabfca6bb05
SHA51206027599397ae97d03952572a41295317b9fe3ff6b355073762a7583d3a6a171a1c667753855af43cf47b88f8b96db13f2f570d73c0d8a15ca78369f3c5869a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55544c44251e71c063227ec724310df78
SHA1f9afb4a8e887b786ee026b0611c13c101034ef00
SHA2566df4906b2dd1d9855985356ed4c6550f22e01eed4537819f453270b6bce44cd6
SHA51295a91b505fafff29d95470280593db10d19f4105a1ba37a33e1fd7af26d350a10d293da0da689308e10374fa58ae8560fa6606229dba23ad5ea94d86a79d49a1
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b