Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1754ebe931...18.exe

windows7-x64

7

1754ebe931...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 10:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1754ebe931873594934fbd55d8e15cd4_JaffaCakes118.exe

  • Size

    1009KB

  • MD5

    1754ebe931873594934fbd55d8e15cd4

  • SHA1

    35d58f622de6e7c78b4d67d808c4991289be9563

  • SHA256

    af724128d5b20f4666ecea3704f295c8bc54d27fca3acf4bba5b9b0c1536eb72

  • SHA512

    c231b8aece66aa3827de2b2a9766b215e0f82f8f8a907347c4054901b54329e69c41c43f428e76d396f163a82a484b7fef3c9935cdf67e7e3c94ba8f03657207

  • SSDEEP

    24576:LNq3ncd5GZ9a1mQJ8U1jjQX5pDnUfvFJtCrPl+tEFfDi:JsncvCZg8MfQX5JUfSUtEFfG

Score
7/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 22 IoCs
  • Loads dropped DLL 64 IoCs
  • Modifies system executable filetype association 2 TTPs 4 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 23 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1754ebe931873594934fbd55d8e15cd4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1754ebe931873594934fbd55d8e15cd4_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Program Files (x86)\WinRAR\uninstall.exe
      "C:\Program Files (x86)\WinRAR\uninstall.exe" /setup
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies system executable filetype association
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of WriteProcessMemory
      PID:2032
      • C:\Program Files (x86)\WinRAR\WinRAR.exe
        "C:\Program Files (x86)\WinRAR\WinRAR.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:396
      • C:\Program Files (x86)\WinRAR\WinRAR.exe
        "C:\Program Files (x86)\WinRAR\WinRAR.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1644
      • C:\Program Files (x86)\WinRAR\WinRAR.exe
        "C:\Program Files (x86)\WinRAR\WinRAR.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2376
      • C:\Program Files (x86)\WinRAR\WinRAR.exe
        "C:\Program Files (x86)\WinRAR\WinRAR.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2440
      • C:\Program Files (x86)\WinRAR\WinRAR.exe
        "C:\Program Files (x86)\WinRAR\WinRAR.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1884
      • C:\Program Files (x86)\WinRAR\WinRAR.exe
        "C:\Program Files (x86)\WinRAR\WinRAR.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2472
      • C:\Program Files (x86)\WinRAR\WinRAR.exe
        "C:\Program Files (x86)\WinRAR\WinRAR.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2788
      • C:\Program Files (x86)\WinRAR\WinRAR.exe
        "C:\Program Files (x86)\WinRAR\WinRAR.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2656
      • C:\Program Files (x86)\WinRAR\WinRAR.exe
        "C:\Program Files (x86)\WinRAR\WinRAR.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2552
      • C:\Program Files (x86)\WinRAR\WinRAR.exe
        "C:\Program Files (x86)\WinRAR\WinRAR.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2432
      • C:\Program Files (x86)\WinRAR\WinRAR.exe
        "C:\Program Files (x86)\WinRAR\WinRAR.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2628
      • C:\Program Files (x86)\WinRAR\WinRAR.exe
        "C:\Program Files (x86)\WinRAR\WinRAR.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2400
      • C:\Program Files (x86)\WinRAR\WinRAR.exe
        "C:\Program Files (x86)\WinRAR\WinRAR.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1568
      • C:\Program Files (x86)\WinRAR\WinRAR.exe
        "C:\Program Files (x86)\WinRAR\WinRAR.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2128
      • C:\Program Files (x86)\WinRAR\WinRAR.exe
        "C:\Program Files (x86)\WinRAR\WinRAR.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:920
      • C:\Program Files (x86)\WinRAR\WinRAR.exe
        "C:\Program Files (x86)\WinRAR\WinRAR.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2988
      • C:\Program Files (x86)\WinRAR\WinRAR.exe
        "C:\Program Files (x86)\WinRAR\WinRAR.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1724
      • C:\Program Files (x86)\WinRAR\WinRAR.exe
        "C:\Program Files (x86)\WinRAR\WinRAR.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2696
      • C:\Program Files (x86)\WinRAR\WinRAR.exe
        "C:\Program Files (x86)\WinRAR\WinRAR.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2704
      • C:\Program Files (x86)\WinRAR\WinRAR.exe
        "C:\Program Files (x86)\WinRAR\WinRAR.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2504
      • C:\Program Files (x86)\WinRAR\WinRAR.exe
        "C:\Program Files (x86)\WinRAR\WinRAR.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\WinRAR\Formats\7z.fmt
    Filesize

    86KB

    MD5

    01ff2c5a06a6359afca2b2b352414914

    SHA1

    063ee347fc3c6d26474050253a8955c2e1af0583

    SHA256

    bb77b20345a28bf8990d19af15d0a9e180b631eb5494ffe1a050082c8538c0dd

    SHA512

    2335fd0b371725cdc950c47ae5f58c86daa51b01e3b26df770404f6816c9c6dadc60617cb30662fdc3b6f70c2630275018e91dafaad129613a9c86d508fe58a9

    Download Submit

  • C:\Program Files (x86)\WinRAR\Formats\ace.fmt
    Filesize

    55KB

    MD5

    7963cebd6a85ea1b9dc4160c71d0a48d

    SHA1

    5042713c7266d1179ac791b42940eb9e0e5f5ad8

    SHA256

    5ae906b00af1d1348c8f505ef5a74e0832158367d196b289794da7718f9b501d

    SHA512

    cc01561876d67e8407181f1c4efdd232d08392b1a2901f2b9655115eb397e9f658549adcc04bae377579f3b7a4460ea340ce3165886e25521d195475be387578

    Download Submit

  • C:\Program Files (x86)\WinRAR\Formats\arj.fmt
    Filesize

    52KB

    MD5

    9fea8d4921405e3cf79163a38e78ea82

    SHA1

    10d2e6096684ae0714e5c6b7691c271b8e11ace4

    SHA256

    57161e9d6dcd18fadf569d831f37e4b40da016151a50be58784baf9b44c95dc0

    SHA512

    0a45b7e45876094c8d6001a3e2af183dbdcf5fedcd49a1cee6b69166a0a1a8c18b15131a8a5d2d658e00d2fefb105dacd3929581508f30241d9097441d0b7a7f

    Download Submit

  • C:\Program Files (x86)\WinRAR\Formats\bz2.fmt
    Filesize

    72KB

    MD5

    64837d1c48c0079377eceb63957b512a

    SHA1

    cde05e9fd055bb27c4827db69bcbe9f1aa4f5cb4

    SHA256

    13f90bb1a43a1989c8409727374a20499a195d2ae565ea43b39325929d0cc699

    SHA512

    8f18b86b50837b0f1dbf66f4081267daece27d496c3f8e08bc202c865d7991da51590c9fd59614e4d35d368520b9ff5ce57bea681360fd406605054e5e775d5c

    Download Submit

  • C:\Program Files (x86)\WinRAR\Formats\cab.fmt
    Filesize

    50KB

    MD5

    988d487fda1b6a0a6498e4f4e5fdda33

    SHA1

    b25c77d58c52ea71f214394a9c358dba092a310f

    SHA256

    339c1ea45afcf5f16f795fdb1aab49565a3b7d9a33749cef2ceaa358b35c6d75

    SHA512

    8557253fcde206daf2dc43007ee33f59c23dc5a3f995534f77b679fc8e87a741b7013922c8a586bf3ce3ca1b21a759e69e2d8213d0d0a74c254f1cc60cde14ce

    Download Submit

  • C:\Program Files (x86)\WinRAR\Formats\gz.fmt
    Filesize

    62KB

    MD5

    8435b65bebb7317f354c5a9d5358bdba

    SHA1

    8697a2fb44692491c08d091325922662ce844a67

    SHA256

    48b48ec31371ccd8c30af5c7ca35621712882f918571b8a8145d7978fe289a67

    SHA512

    4c3ea2bbafeb1dd88728cab80db4ebfdb74aa3826bbc7c2b30b1799047508047d01b091fefa9a000a124cedad01291a557dbd4d2562da90bf0a025fc8f3e08ce

    Download Submit

  • C:\Program Files (x86)\WinRAR\Formats\iso.fmt
    Filesize

    48KB

    MD5

    008ed2160cea434065438ec2ad0d59c8

    SHA1

    8a6a10841084f84dee11d33059218069c5cf3f59

    SHA256

    70e2cc3d073192f2ab1b301c71133193118598750f211d7e4f643ca152ee6023

    SHA512

    be3d066ce45c93d283b37f21a8b0c12aa753bf601e19ad88694817e42e4f90220c927f7d8ca3202e651399057f77647a7a99182d57910cb2fc9ff71d978cfd41

    Download Submit

  • C:\Program Files (x86)\WinRAR\Formats\lzh.fmt
    Filesize

    56KB

    MD5

    4f010e73235d8e15ff5ce35423c12d29

    SHA1

    f6d7602c0c7198c6b9bdee9f3c0e3999b2709915

    SHA256

    514deb5b0663ff450f2b4657546c29deb3c22c3239b5f56d9c02ae916d51791c

    SHA512

    9bb80f47424452c71511668c34834d1e652e2589d8f7cb1b13e9fc6d6a1b189adaa4c7395a6ada51347a0d1b49d8306420a2e4529d5ea713e90c063a59924ead

    Download Submit

  • C:\Program Files (x86)\WinRAR\Formats\tar.fmt
    Filesize

    54KB

    MD5

    c7dbba1a608d2ac797b9245e808a74dd

    SHA1

    475dd0ddba5e72cb8a58fe773e29517cae901da4

    SHA256

    71d892b7ca4b1adf0eb400b8372d2df89ab88b3e01207dc2bc1489f172c28d33

    SHA512

    b464f9b770a128c143ec7e32b253e3c10cc1dd0f947861a73a651a17b2174a3df72b5dbb5217e07ac4003c0c2dbd9ea87c7879343aff6144090f735ca23a1e5a

    Download Submit

  • C:\Program Files (x86)\WinRAR\Formats\z.fmt
    Filesize

    58KB

    MD5

    66f639f54007afd070dd553b6859b4a3

    SHA1

    4e33b8232adbc096d9ce248d456dc8204ca24335

    SHA256

    f6bae06f8e3a6e0ecb94579e3a23b08ffbc8d90d42fb82e6fe013729423bbe17

    SHA512

    d876411a02b9349f79276f18c1a95c98b6fbde0c48508417723ce0154801d92db83fa05eb47d966ad3652544396b74a829bcbdf5ffdb8ff1a8e64c7d82cd620e

    Download Submit

  • C:\Program Files (x86)\WinRAR\Order.htm
    Filesize

    3KB

    MD5

    85a087cb39d2e01e8dcf78cef27679ea

    SHA1

    217b73a4cf5f0fd3ac620b4923ff134043f03bcf

    SHA256

    81aaa3235e23bd134ac4534d0f7228df44a0f42b068c74f89099f3d81652a889

    SHA512

    ee7965a843b2b9ade93d9c17d7131cfef29526588eed52d5fd3a72658e7be99d47761d164cbbaf76fe7113b4082a631ffb288cd1ef40d1d320d099ab033275db

    Download Submit

  • C:\Program Files (x86)\WinRAR\Rar.txt
    Filesize

    69KB

    MD5

    a596052ca187afc36abaff682280c7a0

    SHA1

    1ec330cc0f84b6d9132637b28feef8951e81ea95

    SHA256

    36c30b177f861631fd815023b0e6bb20c86e33e5011bf9ff2effec9a71f16a75

    SHA512

    c101d1bc8bf7378570a2687d64149549ebd504a3a7a9da6536bf0b64cb2bf4d21dc381fe454f29e0aae41aa388e3dc02ece281f2ecedcd061ee6b076105920fe

    Download Submit

  • C:\Program Files (x86)\WinRAR\WinRAR.exe
    Filesize

    894KB

    MD5

    3c7aa04dd4bf45a45e48cecb98516626

    SHA1

    c5cd7bfe214a68256392284765ef3f40bf2f43a6

    SHA256

    2ad27232fb701501c5aba34d52b271539b3434e9735e018897eeb31163ea06c5

    SHA512

    08bd1e02bd5917dd9478d5f8afc5305f9292ac85df6e0e087da7b51c089ec18338338b3d471329e2a4aa85ff4800d13903f23df18ba1f5efc575aecddd0c7e5d

    Download Submit

  • C:\Program Files (x86)\WinRAR\WinRAR.hlp
    Filesize

    396KB

    MD5

    c109be62b9dcb2e2b6dcdd86023b0faa

    SHA1

    ae1d839591734e70a192dad59461b209c24cdb97

    SHA256

    f6cc87833842914533b7f15c2785b2b7600d31324dfe3799ac93dd2b6633da72

    SHA512

    1288f0c874c1ec572932f11cbb2875b1c0413e079934770abee7edd9a17e3b9b387856a3c8acb4e15ef482f8eaa48bd97ca98c1cd840a4883bdeaea77d7434b3

    Download Submit

  • \Program Files (x86)\WinRAR\Formats\uue.fmt
    Filesize

    47KB

    MD5

    f876bd71ef366edef5d8244b76391b42

    SHA1

    c8f4a74ccc4f5452690b9113cb923bb8d4e6381c

    SHA256

    40edbb1081cb00fea1cdd680f26dc7b5a15608befaab910b43289255d9b6dcf1

    SHA512

    a99d2df98e96625e2954b163056cfcb66a30d74f8504fe71b52aead29e8b07cd79bb156ad71d4dce9f2eaf8d068fd2fdb33990321c1cab4728e9329b20591ac3

    Download Submit

  • \Program Files (x86)\WinRAR\Rar.exe
    Filesize

    307KB

    MD5

    48de93ec187f2ac4b3d827f5f5930c30

    SHA1

    6f911dd742c4e9590356907b2e56221d4977deb7

    SHA256

    87f8cda2436326bcf5b72f699d03776e0ee037397f5bfbacfbfd5cebdf7e5e22

    SHA512

    96d35eec6f07010ff322b056a0bdefb4d888d32280733a68ff498a87eb32bf9388290c12bd54134520c0b8c172c2bc9590513152fb2bf5b68dafc092124139e5

    Download Submit

  • \Program Files (x86)\WinRAR\RarExtLoader.exe
    Filesize

    43KB

    MD5

    be2f585891b8fa4db2ab91aca1d643ec

    SHA1

    b76f831947630ef163d37593c56b3bc8e152a314

    SHA256

    18246c40e3da4cec61da412b2920b8246e858f60a96e301abfea31b4a85687d4

    SHA512

    ed29e0ebe095b9b10f80a35fa01aee80d6e3d2632b4965eb76f759755f78ad730162c53e59bdf2512daee2181478236e039fb0a5817273361128cead34dbacde

    Download Submit

  • \Program Files (x86)\WinRAR\Uninstall.exe
    Filesize

    96KB

    MD5

    f70fba781387d8bf9cfc58cd672f9c86

    SHA1

    319c47f34c10c988e13ceec8efe1f0f0c109fe4c

    SHA256

    011c416e17f7562002669d02d481750915fead9db47c81e425a9654a96132efd

    SHA512

    59e401bf6c55b2f9f49ce80473af845316369c7e4bf28189f0ad1b0b16e050da2641553796401baea1b81b9953869aa75f07175f53063a105575f39c59d18ba7

    Download Submit

  • memory/396-140-0x00000000042D0000-0x00000000042E5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/396-161-0x0000000003EB0000-0x0000000003ECD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/396-131-0x0000000000530000-0x0000000000552000-memory.dmp

    Filesize

    136KB

    Download

  • memory/396-137-0x0000000003EB0000-0x0000000003ECD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/396-128-0x00000000003E0000-0x00000000003F4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/396-125-0x00000000003C0000-0x00000000003DD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/396-122-0x0000000000380000-0x0000000000397000-memory.dmp

    Filesize

    92KB

    Download

  • memory/396-143-0x00000000046F0000-0x0000000004702000-memory.dmp

    Filesize

    72KB

    Download

  • memory/396-119-0x0000000000320000-0x0000000000338000-memory.dmp

    Filesize

    96KB

    Download

  • memory/396-146-0x0000000004B10000-0x0000000004B8E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/396-116-0x0000000000200000-0x0000000000220000-memory.dmp

    Filesize

    128KB

    Download

  • memory/396-222-0x0000000000320000-0x0000000000338000-memory.dmp

    Filesize

    96KB

    Download

  • memory/396-223-0x0000000000380000-0x0000000000397000-memory.dmp

    Filesize

    92KB

    Download

  • memory/396-157-0x00000000003C0000-0x00000000003DD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/396-163-0x00000000046F0000-0x0000000004702000-memory.dmp

    Filesize

    72KB

    Download

  • memory/396-164-0x0000000004B10000-0x0000000004B8E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/396-162-0x00000000042D0000-0x00000000042E5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/396-134-0x0000000000560000-0x0000000000574000-memory.dmp

    Filesize

    80KB

    Download

  • memory/396-160-0x0000000000560000-0x0000000000574000-memory.dmp

    Filesize

    80KB

    Download

  • memory/396-159-0x0000000000530000-0x0000000000552000-memory.dmp

    Filesize

    136KB

    Download

  • memory/396-158-0x00000000003E0000-0x00000000003F4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/396-156-0x0000000000380000-0x0000000000397000-memory.dmp

    Filesize

    92KB

    Download

  • memory/396-155-0x0000000000320000-0x0000000000338000-memory.dmp

    Filesize

    96KB

    Download

  • memory/396-154-0x0000000000200000-0x0000000000220000-memory.dmp

    Filesize

    128KB

    Download

  • memory/396-153-0x0000000000400000-0x0000000000521000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/396-224-0x00000000003C0000-0x00000000003DD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/396-225-0x00000000003E0000-0x00000000003F4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/396-221-0x0000000000200000-0x0000000000220000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1644-192-0x0000000000400000-0x0000000000521000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2032-108-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2256-88-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2376-201-0x0000000000400000-0x0000000000521000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2440-217-0x0000000000400000-0x0000000000521000-memory.dmp

    Filesize

    1.1MB

    Download