Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
03/10/2024, 08:27
General
-
Target
0ec6d61b12e3ff3ea863439cb4869887_JaffaCakes118.exe
-
Size
132KB
-
MD5
0ec6d61b12e3ff3ea863439cb4869887
-
SHA1
023200ebdf6c6e78b54ae545f5e4e4c7cc803b62
-
SHA256
cfeee34235a2945605a1ac5f98f51863e3d7c641294f0b6df5bd70284f670179
-
SHA512
36e677cd83df4b9e7ccf1bd601645c628cccff309bc282bdd0ec20f37bed95bf6f0496652dbaacb1f04f5513d2cc166b042de059b8f0af2c786e5984c1402fac
-
SSDEEP
768:h/raHM782f9rvs2Zg5nicskQzTGfxgzh3emu4v/eB4z7VP7LdGSu2HyTAzfMgTA1:h/roM7ZJfUQWgY54v
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 2 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 3 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 7 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 38 IoCs
-
Modifies registry class 37 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 19 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0ec6d61b12e3ff3ea863439cb4869887_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0ec6d61b12e3ff3ea863439cb4869887_JaffaCakes118.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe" C:\Users\Admin\AppData\Local\Temp\0ec6d61b12e3ff3ea863439cb4869887_JaffaCakes1182⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\msng.exe"C:\Windows\system32\msng.exe" fuckystart2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe http://www.OpenClose.ir3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.openclose.ir/2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2828 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD599805255f40c42b92e53ab5b2c7d3d0f
SHA10b912f2a65b793f0d7fc86e5241f7c6132dee15a
SHA2566e5532310c036ce84f499747226072546e044f9570d194b6269d5bd71dcfce79
SHA51293f5e6a32387625bf33ef773db9b33ecec80da447defc3e9f715713c9df8e9b46581eb069e4096e6856519af99d087adcef337014714ffddde6617684b3f3431
-
Filesize
342B
MD585652c0d5393627a2f942545f1d988fb
SHA15071a52cd094ff3c9bd2660250c84bc2ad7b1fc6
SHA256b92b2201c3b67e787878420eb659d45b9b4a711077a852df96d51997d6cd607c
SHA512fbf348b6ae2883ecd60eabb06e286a1353759df05920a3ec69b675fe9046cf175b86245259f0aea552fcd620c12f34fc36dad913cc092f99f04d889063123ac0
-
Filesize
342B
MD5d44d433474199a129c191845c78e34c6
SHA1e0b17b30f33b050e475d235a4d635d64be10bbbd
SHA256e17d72ef0811c051240d5f4b0a88504c81bdd4ac8036c47496888a8c43254378
SHA51282df3367785b81ef6a9d368ff3bc33ad83d1cca540700ee4c4401517999c98f334cce2611c91bc8a8dc08534a4ab3caf2a7ea5a7ffd1bc8098074bd453d014fa
-
Filesize
342B
MD5a284742e109e19421d3870db4012b25a
SHA187386a045870862cfe49623eea685cbddd0dfc8b
SHA256c588bc1b67192ca9b435c4ab86f83f2146e99cdcfb8c7f39609b965b2596ab4d
SHA51224c6210389a33cf383cc5eb9b707db6911a1ac9bbbe65eb0ab1996b455064df4cb21ac7498ee2c5611f4ba7de2dd29a0967c4f8814c72032d080360beafba641
-
Filesize
342B
MD5fc06a59284ad0c8100c7e557da838928
SHA17a1576d20ded2fc71e6334d86b05cb53e66de450
SHA2560a2bc41e9bdcdeebaa38d9f1054d427860d1ad67fd34e5d11281fedc20cb0dd7
SHA51276db54ad56bd1c9c3483397ab2cb6188253370275ce713618ef049967ad53dcafd9dd7e3e9b79d414143d113a075fe16ecc1f0538ad6b4d4c9dcbeecc7a59ab1
-
Filesize
342B
MD5c9c73d43dbdbaf0dfa67b9075fe6d9bd
SHA10ebd12bc190424d8e0ec96123679eb8900f5fed8
SHA256eee919fc90320664bfdf836e9644dffc8b4fc5e631acef7cefca8b9f15446ff7
SHA5123bc6252e73c23c9feac7b447f68a709c9b84c19d2c8bfc50639527f18eb258c4e8077b203ce4f31d8dbe8cd2ae241e2a18d2f96a7f27bcab43d22962e1a1103b
-
Filesize
342B
MD55db8ebf234ef264e2ace4b8b06b4a498
SHA13ab3714ced89af2f8e8a8e32a3f73caebaff463a
SHA256d4ed26acef0289ee81257a631fee60d5face8790785778db25fa4782f720be04
SHA512683dc7188d04b326009a8e719efcb2f632f4ae30fad4ad88b668344f9957e3fc0338cb7d8ef35a175fe3e0f0ed1426d51f6b306fb8b9aeb9bfeb2f7c732ba12c
-
Filesize
342B
MD5393ee73a3a4639ff891c42be2eb7196c
SHA1560aa004e22360e1dbc5f80925c64738013c47d1
SHA256bac149bbfb63f8fc21fa0a68116a8a1793bb1e1e6d1586b2639b619de39369de
SHA5124959506f6ec09954c741ba445d074b463a40d110b527963dbcd36fdd9d0d8abe7c94ad555064bd4ceb3119c4fc232b7b164a40a10347fd3ffbe1ee6010169e17
-
Filesize
342B
MD5d9fc2a16da6d77aa53a072a9ec767914
SHA10fdba1af975ba5226b473b2f2f6108fd4679a494
SHA2563c4f1515b42c15a743060ed753c9dadde66a7f7cddac45ae6a547737b36c8ad3
SHA51290a4aa7f0699927e782722088193f7f3ae024925ca7f4b4eca2af3fbf5f4bbfaa471cd758936ac7aef6b614a494bc2cff06c6007c67632f51f6c7738d4931d51
-
Filesize
342B
MD583dfd1bb54c91d83d0711564c5fc8212
SHA1c58ff6e83c7aa782cb64141ccc6f7d9bf0db486e
SHA2562f9ec7086e6fdefbbd913e8e7452319d41ac44a4c6a8f19c2e91381db879def9
SHA512f8c9f8fcd5647f84f529f95645e0137ea37091b9ae4b7cdf264dfb15b8418679d5d49fe32c7f41032b073b00f5487d3fe283056f3dc713d84cad054a00fcaa9c
-
Filesize
342B
MD59707b4719d37cf95cad5d547c3782016
SHA137f2a5cf888c1738f425ea19b1c31df8545e4a08
SHA256663a0c59457be59dd733e029876145360b9523f9ea54be0d68cc17ad393bd20f
SHA5123d07dc9cacb8ddc45a9eea1b381ad9125525fe02634561f127ee71282e31a0c9ebff299eb5c65fe7c381f09d154d18851b92674dbc2942b517e421717f4fde23
-
Filesize
342B
MD5bc063cb73621adbb26dbbf82df9e815a
SHA1438a2a9810f56bc310ae16d9e876db4803f64bd1
SHA256a7b91594f763a4945757ad9dc28a6aaf15922caf6dfbd4942fdc0e0086a9bc16
SHA5120ad48434a5a192bd0657eb484797ccdfd186a8a48a01fe89952d0c7ab32c0b647beccaeefd4c72678e9c8217ce4b9c6722cb2a202f3ff3f0dc8e9cbb85a91be3
-
Filesize
342B
MD5bb3f092c9b0fa88cf64c40ceac8436bf
SHA11ca85cde54cb1abf82175127c77dffb1b3674617
SHA256f1d69e3af78a039392c81f84cf8ce0b7b85d535315e1327cab7baf13c1652c98
SHA5120f8db10108d46fd08377329b18c3c70c7adb56d451f904cd45edfad7f41271eabe2d36f38e12d2f0e710c774f540e0d2f4f2b3277a164c8f847238847b48a88e
-
Filesize
342B
MD527fc6a9f08005fa0a5efa2679d28090e
SHA14b6e9e1398be4e31f4c07ba944644e8a9708197a
SHA25602215fe7f612564fdee6bedac0f68b2930f939e380b500ede9044871cfd883e9
SHA512fecc94c81d7d56e4220bfc3d1e3e11fdeb6b8b757b6a379e6576623b02c08b80b0d2f2e0b61bcf801c28843694fd7a9bf5502f558f079e4da3f5f3523f64da65
-
Filesize
342B
MD51211daa51ad5549f07ad24b261f1d3b1
SHA11495492e434822a1aca820caf6c2a2d972569106
SHA25621537c5c6332892b64ce848aa4aff63ef1bf6cb7f09dc62bd4fcf1014ef3579f
SHA5129f9990161cf4e27c2ae1d27f5606f9813ab1a418482f2e0dc11bafffbf021462d18bef3ef96615fe5a2fa35b03feb58b7327a488cfb3d53d2018a9b2a6368013
-
Filesize
342B
MD5a5354a46c0ba2d54fd345317f318a8d8
SHA1d3d46ff197472c7f6dd252fa4dcaba455d9e740c
SHA256f0555b8e765a23aaabc6691b33fddb16059534463cd7ad53b6ed14377667a85e
SHA51290e564823762af4a889f4b49ff2ff8551ac6e647e1c2430b901c9d9b9376347ad4f2f3753913f9ebb4963d66addea505db509d3070c4aaa8b8c0364a62eb9a05
-
Filesize
342B
MD589cd0169ea22975155389616c7135f0f
SHA1852d5babf071c9eab10c9b3a40d1479d92600868
SHA256f788e29b3f7188668b03e1b995d01f634c51b5a6c9b96a4cd17b4f5f3fc4f750
SHA512c342f8b6f44974eb567c583243ce5ba3da890314531ad9562a1b64be1e8c28720cdb347577106d821c79a76f6c5ee6cab9b51ec91d01d81c8b3ce96e3daff371
-
Filesize
342B
MD5cb2c85670bb23636c5fd25673649f2a8
SHA181904e24b0710e440543e1bc9e877ffb53a48281
SHA256e6c2206b104f12a236c1aad9b9f3dbef549765c33d4b3ff627fa51d3087116b9
SHA512f1e066d86f134bf3704f89fb0fd836a23056ec1dd29d30deecaa8bb27b0999abc6fcdc526626a0333d5dbaf296c2d3bdb827ed9c94c1399403d8c976bc3dc94f
-
Filesize
342B
MD541bef58ab40184c932927bb7c08f734b
SHA12018d4c017210c0efe354b54c70d50da33c95f83
SHA2569967b931bf217a7bbdcfbed4f4203ec17b8b976d1e6f0f19cb8f49875e622f66
SHA5127544c0f36951f9cce24f3aed2de7514c0d8a112841bbb3c0aa4149904b28becdc29393c9ead826626ee1816e02bfd50b4bf4fd3d2879cb80ee5155280ab701e8
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
132KB
MD50ec6d61b12e3ff3ea863439cb4869887
SHA1023200ebdf6c6e78b54ae545f5e4e4c7cc803b62
SHA256cfeee34235a2945605a1ac5f98f51863e3d7c641294f0b6df5bd70284f670179
SHA51236e677cd83df4b9e7ccf1bd601645c628cccff309bc282bdd0ec20f37bed95bf6f0496652dbaacb1f04f5513d2cc166b042de059b8f0af2c786e5984c1402fac
-
Filesize
43KB
MD551138beea3e2c21ec44d0932c71762a8
SHA18939cf35447b22dd2c6e6f443446acc1bf986d58
SHA2565ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124
SHA512794f30fe452117ff2a26dc9d7086aaf82b639c2632ac2e381a81f5239caaec7c96922ba5d2d90bfd8d74f0a6cd4f79fbda63e14c6b779e5cf6834c13e4e45e7d
-
Filesize
82B
MD539039bb0323a784ad9b7322cb592c98c
SHA103db8048bf8c077a1121214e46206b1f5b2749e3
SHA25658d2aad83aedab931f2f717e822c4848690d58a572e810347a9f0b59dd474b9f
SHA512af458febf106d79a5171230d103b1a67b3e29872bd1ff6006f9aa87565da168b4afc3a6301305adb38c17648f9692c2b79b355841a1cec7d73fbebc5930b99f1
-
Filesize
500KB
-
Filesize
500KB
-
Filesize
500KB
-
Filesize
500KB
-
Filesize
500KB
-
Filesize
500KB
-
Filesize
8KB
-
Filesize
64KB