Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    94s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2024, 01:09

General

  • Target

    1136b4a0555ec3e9169a850b00e69b60_JaffaCakes118.exe

  • Size

    240KB

  • MD5

    1136b4a0555ec3e9169a850b00e69b60

  • SHA1

    8b0a7b89adffff4e95e3f1e5797a28d9b29bbcf1

  • SHA256

    77a11bcd468dae1f5e8c31b34927b69ddb35bc87cc83381f2ce2c97acecb22c7

  • SHA512

    251164d0c2332bb3ad780cc90a435f2b3892b0a1871a3cce085bf27838f495b04de1cf17ab28b05b957270410a73b70e31197d22a1baa2f4065d6e1ca59d882b

  • SSDEEP

    6144:h1OgDPdkBAFZWjadD4s5Z/IyiBWDpyjfLlSUDCP0l:h1OgLdaOStWDULDFl

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • NSIS installer 4 IoCs
  • Modifies registry class 63 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • System policy modification 1 TTPs 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1136b4a0555ec3e9169a850b00e69b60_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1136b4a0555ec3e9169a850b00e69b60_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4548
    • C:\Users\Admin\AppData\Local\Temp\7zSBF97.tmp\5076e7c9b22d1.exe
      .\5076e7c9b22d1.exe /s
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • System policy modification
      PID:2816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\wxDownload\uninstall.exe

    Filesize

    48KB

    MD5

    602aa39f9ab3b6685bee71c67dc485c5

    SHA1

    69cd0d6f9ce55a5e5d3d3559d31422303dc6def1

    SHA256

    d8fb9c21b350a06449c7e6934a3c2d971d20851ce73938bbc5f79349f970721c

    SHA512

    3bb5a0bf89da8993ae2801b41f7644ec39fc418ac0553bc67ed4f36ad413f3c2237ff9bcdd4a1ca64ad546b30e6445d3f6f1fa3af0f34faf1841da306e81ea94

  • C:\Users\Admin\AppData\Local\Temp\7zSBF97.tmp\5076e7c9b22d1.exe

    Filesize

    65KB

    MD5

    6fce522ef2543f1cd8812f45c8718ba6

    SHA1

    270c89c05963c0f24f976f6b75aa4d12ade4c837

    SHA256

    d75c34545066eb787ed671c6d4ce4f4c6267637518ca683dfefb79f95f14226b

    SHA512

    a0a486b95aeb9c059f23e639e16abdbfe94b041f33309b44e95743bf5a82f92d3c444c025b6c36a0dc296add3c2bc4f6affcf130014f16968be0afa8e0007880

  • C:\Users\Admin\AppData\Local\Temp\7zSBF97.tmp\5076e7c9b230a.ocx

    Filesize

    126KB

    MD5

    d637295a8426c7c4a8e9ef3e584839a2

    SHA1

    55b64f53328498d22d269de2e65be2feeba7da00

    SHA256

    5cbd7f4b8f991ccab51cfc1fd0a5437013c5196f3c636632d691103aa3708adb

    SHA512

    f60f908b9f0efd4762255c9c71559bbd554714170262dd556353ddda55789d21cc3a8ade239cdf51da38dfa4e92714749c217095bccac19590ef8347ca501c8c

  • C:\Users\Admin\AppData\Local\Temp\7zSBF97.tmp\5076e7c9b2343.html

    Filesize

    4KB

    MD5

    ef028c393e5cb754453a155a5704add3

    SHA1

    2000add39277c4dbd116f66a9cec0ee4312daa45

    SHA256

    5c173aabee353d74fe2cef6618288c074eb3a2d31eaa9874db9695bda478224b

    SHA512

    3c1beb85a67cd22fa37b38c686f9607d68bbcd65481ed9c290d20482b70da5b8e98a0a88d0cb78ede95b7b0831914d64b25f52cdc6c0cb08a54f7305db388f5f

  • C:\Users\Admin\AppData\Local\Temp\7zSBF97.tmp\5076e7c9b237c.js

    Filesize

    9B

    MD5

    99fa5d714d971a49b67de27e0d8871be

    SHA1

    d0621e846ea60fa8d0b2c8e622e495af49cd7359

    SHA256

    f560d76474380da948a0c5ab8682dc026822d9685268c592f315224b1b968bf6

    SHA512

    2fec19e4f2a974227922a7e057890141523ae73fbfa127f9e8cd00dff71b29abb93cb865c6d74ecf3df8bca440c558d4fbf2f80e82cc9636320ab5edb95ebad5

  • C:\Users\Admin\AppData\Local\Temp\7zSBF97.tmp\settings.ini

    Filesize

    753B

    MD5

    4932873b69256cf55ffd0cdf4384a644

    SHA1

    9ce05e7d7a55a88cd9ee0538c0ee26735a21ccb4

    SHA256

    0e32e36c011163e5921d44e440829caed18953b7f884068522527891ee5f26d4

    SHA512

    a38a82ee98a29076305f6e51f78f66580ec9f2515eaf2af2177f1034aed28249b8a02ff5e11b7632f6123b63780e43d32a08c932617e17baaf470c8282afa4aa

  • C:\Users\Admin\AppData\Local\Temp\nsiC063.tmp\UserInfo.dll

    Filesize

    4KB

    MD5

    7579ade7ae1747a31960a228ce02e666

    SHA1

    8ec8571a296737e819dcf86353a43fcf8ec63351

    SHA256

    564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

    SHA512

    a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b