Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

14b86c3789...18.exe

windows7-x64

3

14b86c3789...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04/10/2024, 19:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14b86c3789f4d0693e2eb16c7f2ccf24_JaffaCakes118.exe

  • Size

    4KB

  • MD5

    14b86c3789f4d0693e2eb16c7f2ccf24

  • SHA1

    1937719eaf54770dedefe403f00e490683252203

  • SHA256

    e9f024687d8e0a76e2cdf6feeeb34650ecab74781b0b1805014fc936fa9693fb

  • SHA512

    b66229007bdfbb84e0632441ae233bc9bbd0469792b1350364455a7aa7019380ae56c17153d1b8332bc91d00dbe2103aabdb994761c084ed1b2b77db5414ceb5

  • SSDEEP

    96:meTOQska/XzqPKJULwl0YOqBKT558T7jQ6IVY6WnKjsBNO:meK/XXzq/LwG6a/u76VY9Kj0NO

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 2 IoCs
    stealer
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14b86c3789f4d0693e2eb16c7f2ccf24_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\14b86c3789f4d0693e2eb16c7f2ccf24_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer start page
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2068
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2376
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2376 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2680
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2376 CREDAT:406541 /prefetch:2
      2⤵
        PID:2156

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      aedff1642c1e396a0afddb3dac7a723c

      SHA1

      84684002459e21acb84faaef489525bd88243fc0

      SHA256

      121b18a1b8431fc1b0daa8ed63fbead777238194480529100217afa2646a2460

      SHA512

      caf771b116eb9954058618ec1f9eb0271a2cc294f6d05b53ec8bade831128d4abd2ce7e75fc31b7f2527e17c57eeb2cfc8779678f0cd37ca0301f49f5d0af800

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c84f2c9cbdc07f139ed72f49ce6b6d8d

      SHA1

      358c22470bb3ce86996ce0c13a3363b6b184ea1f

      SHA256

      fcacdbbf1fa100bc749b64a034dae57ab1b9f2d00e6c077c1c705f24d234249e

      SHA512

      86e3edf4f143c5253a2dba0a714459179c71da5338b6827e0e112b66ae3c3bfa81df2886c3ded92c4631c78c1ad470648ea2144a6b08c843faa6ee18892aefa9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1f10194e4f88391cedc1e36523d2f6fc

      SHA1

      765b48c4631a148c5aaf02771a7446a5aba772e2

      SHA256

      70514f34c41d0f8aa6b719576e22389d13dc92813f89537c7ded3e3764d8992b

      SHA512

      2ec7521158f7e5c467b0864e11aa18a37d2dfa50dd8a422ac73979da2826cd59d654e10401a8b3a7cbd54e14fff0069dddcf6155843b2d531dab8900af2b2a0d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3aa66f678dbed8a6f5c5c90b51c0eb01

      SHA1

      effdded31ae9c32c1da813987ae147862fd900c3

      SHA256

      0590fab69c5c6219cb882b4e997c358d1531b87100edc5aaca35f5678ce3e2e8

      SHA512

      40d06c1b02b37041bde4085b07ef337f63500dfc87d81fcc9dbd0fa7aa68d915f42bdf44dfdfc599d81656c60fbe42bbe8115d7acef95405ee228bf9ded5c695

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2ff415d22e95b935db63355c8341ab3e

      SHA1

      0b45b4d93806c9e3b2ce3608249098de7c8ebf27

      SHA256

      64d0794a9694ffc1e44eeb07004a2ec80f03f9a3e5861d0c75d052dfa195fcc8

      SHA512

      5f8d97a4d2adca21c56d3db73ee38b12080d8a6d2f5babce50379ed4fe83800c7619d9abd6ca60359c951159d90cab3540bd53c1fa31ffe8323d515fcc1032e5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b731caf2ca517335299995e4dd00ebee

      SHA1

      10a0fd30789e4239d4eec150a7a203fb32a3eb72

      SHA256

      2953bb39cd5aacf66745a14f432c8ce7fc1c99e797a0997f8729af2b92956434

      SHA512

      ada4fd03b42f3e58011bc7ecf2ed0962f7779de2f9090df89fabb518c3071dc3bb57495b56250e96c4f41e077cea5087608e4ba9224b4f82ae7a24207c7bd88d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bc82a85759c537cdb35b0d90a11a9211

      SHA1

      a8bcc4615939868d7dfed8055dd7c6cbfcd181db

      SHA256

      992135cf75fdf387030cd02e616381812938051c0a39f9c673d6e83e3de25474

      SHA512

      ff8f4bd1decbdaa1205d146347f6919ed35d9c37defbeccb3cff04ededc3337a79a816664a68f7d614d8dc4876a94de2ef254eb6e0327a25517f581323d18379

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab1EF9.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar1F1B.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/2068-0-0x00000000004B0000-0x00000000004B2000-memory.dmp

      Filesize

      8KB

      Download