Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

10369adfe0...18.exe

windows7-x64

7

10369adfe0...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/$_1_.exe

windows7-x64

7

$SYSDIR/$_1_.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$_5_.dll

windows7-x64

6

$_5_.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    148s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2024, 19:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10369adfe07523f7ee3aa3c34d1c8276_JaffaCakes118.exe

  • Size

    450KB

  • MD5

    10369adfe07523f7ee3aa3c34d1c8276

  • SHA1

    e2200f372142ecf47204da0586dbc3f73b42e798

  • SHA256

    01902c9f0201c3a74b7400324558cf9580057e202c73c097a240bdb90998c7a2

  • SHA512

    473c19e6054c00e252495bb28ed16461b9e8f0783f8e91047e95568d8d0a32b2ed9d1d9e4d0c428b42106a927574941ade4e3c7b7ceae1909d750bda0bd44efc

  • SSDEEP

    12288:Df8rwIe0OLG0EnFa/2PNAV5Qg8sbeyS9uo4z:DErwIeLp6Fx1AYgtqF9W

Score
7/10
adwarediscoverypersistencestealer

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Maps connected drives based on registry 3 TTPs 6 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 1 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Modifies registry class 10 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10369adfe07523f7ee3aa3c34d1c8276_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\10369adfe07523f7ee3aa3c34d1c8276_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Installs/modifies Browser Helper Object
    • Maps connected drives based on registry
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer Protected Mode
    • Modifies Internet Explorer Protected Mode Banner
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\dyrzmzwmylhtsa.dll"
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • Maps connected drives based on registry
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:2900
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2920
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2920 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2956

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9106d25d55b9060241dd8dd37b2969b0

    SHA1

    73a85fb1b165585437ce7a7b8ef9741417ad4de7

    SHA256

    746a2802600954940b244dc603d8eadebdef84886f109d801c1f9f8cd1ccbb7f

    SHA512

    34fc72593d7dd0b2d0e722d5f0b1f0130ab03a9541441e84ba7111c7e4270266effd45168c454faf08bc6c32e72f7d14bd6e96a7c49c82a67ba019c893e15482

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2d86d843280c4275cf3d40315a26daa

    SHA1

    df046b0b56fd2bb8d9674e7dc3e00d43cb47efca

    SHA256

    406a282f21ff058f55791b4b84a80c41edfc7074f98e86832ef4065c1aafaa77

    SHA512

    ebb994fe75b88f485feab7c070adb16a6bf82405cfeb09c753146cae80a643797138f656e5f1a55905105d3370050b95f914be15baf22d27a0544e3c2704f00b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f8dee6c352a4cf742649c8a337eadcc6

    SHA1

    e14b978d4b90d13697f249cbd754a51c22a87344

    SHA256

    c5b121e80e5de5663d07c2a21528b1ed3b1ab32e21d99427f2b294a67a7a9d47

    SHA512

    ba554099ee1bb2a0dcf577e4c698f2bad56fd305961bdfd32c0566c676fcc5a81b98ac7021976962f1c94c1092f1d05a4fde9dd45f8026a431145c0a971e6c46

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b334cba1dafb4a7f4444e3539590a0f

    SHA1

    4329d538588fc52531a75b12162f92b7c638b17a

    SHA256

    e2de7703404a944321de30d644dbaf0c605547f63a3d88040a55deed0d2b906d

    SHA512

    00e04b0e5964b4902965746a71729c8d0c57cd71cced75c39b9bc06cb76ed13b7612197ce4161912586fb4904fbe23a482ef2bd3f8ccea77ca3a606d6c8bd094

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    57cac0ccae0e12398304e0e4ab1746fc

    SHA1

    92f10e8aab8193d9f17e76d718ee5bdee3a52f86

    SHA256

    087df39f92ebefe77dc98e6572dcb4f244640c697ae65c369acff74765a09e7a

    SHA512

    5181f9dac7ad9c2a4e970d010262763904511f5d628b8089a4298cf02b35d903405e2ac1530aff06853082ff47b726f51c8cffdd91742576ae1741728e18f25d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    562abc5c6ca5c6ae0d712b2fead061ba

    SHA1

    4ba278726b92744f82d4da0eb65f1e289922e8c3

    SHA256

    30a94cd7d70425360466b40754257f435dde99e54105417baebe72da0ed5bd30

    SHA512

    8b947346994e35231ade8968ec924a2fbb983925ca0c2a89250d4224cfe50a175bfb38227ccb3e907ec092e8f9838be9f4824038d4455db62d6ef1a032064893

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7816d28269aa15a33fdc74dcb5bf8f45

    SHA1

    a2d6d97e390959c3eee0f34e683c9876631505f3

    SHA256

    3aff61de15f41280016db96ecf7d3b26574416dff79817550c07dad2ceb3f835

    SHA512

    c9822379b665cee337d661e45a3569139f85bc07199130b42897351226ffa0b1eefd16d63ffa829444e53b9610dc995bc8b0acc0e3f10f4012e37ff90ed5e8ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cafa433ec0ce63b05b12337fd46b796c

    SHA1

    b447199bf62a5d236242f9a7f5d83785b2164800

    SHA256

    fc44a38c7699fa064ffc8c476da8538eb25039514ebf3a72bbd1547dfdfb8436

    SHA512

    67abfd53fa69943b8128c80d5186bed2fd3eef7fadfe9b31c8423ff4fbccf36500e55945a61621fbfd86e881255957d7c3c08a94cf39ad9409de0188e02119d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb9a4229e6ed90dbd18e78d5bf97e54c

    SHA1

    aad4c6cb69c45b77deb8435f116d1130ffb06658

    SHA256

    1769a3f1581e4b30ab22199f3bf0675b348307266d27f669f06318aca10ad9f7

    SHA512

    e93ab54e5041936fbcda7b58adfd71ccb58b90015827cdccd18c14722e2927e49cedd1122cc53a909a1cd1af05222d8a6dad7a22cde35ce16f738fac9116b3c6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD635.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD703.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsdC2A5.tmp.dll
    Filesize

    736KB

    MD5

    ce7f66ea290d710a5971e9d56ca774cc

    SHA1

    89fd53cddeadeef8434baf815378313d0a626969

    SHA256

    d53b7c1fdd8fab8aec1556692ba0cb41b4812d0f5fc6d45b4028d487c3b4a3aa

    SHA512

    5cfb58981ede4ce97c2f353a4bb55900b01ad84ce26b470f98719e3141a98b486bc6a03e6cc86ac32f98c232bf8263e23840f455835b5242167a6c9d1aece9dc

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstBAC8.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • memory/2360-20-0x000000007A350000-0x000000007A40E000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2900-22-0x0000000000260000-0x0000000000262000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2900-23-0x000000007A350000-0x000000007A40E000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2900-27-0x000000007A350000-0x000000007A40E000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2900-28-0x000000007A350000-0x000000007A40E000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2900-462-0x000000007A350000-0x000000007A40E000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2900-463-0x000000007A350000-0x000000007A40E000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2900-464-0x000000007A350000-0x000000007A40E000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2900-466-0x000000007A350000-0x000000007A40E000-memory.dmp

    Filesize

    760KB

    Download