Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

24cfb6a008...18.exe

windows7-x64

7

24cfb6a008...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDIR/nsWeb.dll

windows7-x64

3

$PLUGINSDIR/nsWeb.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    08/10/2024, 20:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24cfb6a00847c05c2f273217e6ff8367_JaffaCakes118.exe

  • Size

    57KB

  • MD5

    24cfb6a00847c05c2f273217e6ff8367

  • SHA1

    8417815c115a257764a8e9e83c3a4029f29485cb

  • SHA256

    c4fec2b73f7e5da67c082fe964330d70b4c369f907791a3ecae5df4a99553d48

  • SHA512

    0cad75600b0c645d8eecd3fb21ee0701d4b958224a68917482c9713617914ae133c83018567ecfeda1d53c89582b3d3a360852ded4468f4b326b74a74d146880

  • SSDEEP

    768:b1cVhpQI2EQK0iPDh84nScF15GYbWjXO3XJy58u5sHojvxC5mqEaR2NoIYTVZBGy:5QpQ5EP0ijnRTXJy58u6H2UiO9Goiho

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24cfb6a00847c05c2f273217e6ff8367_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\24cfb6a00847c05c2f273217e6ff8367_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:2296
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2940
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2676
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:472068 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af8567280659616acd24364585cf1320

    SHA1

    620af3e34a7ef25fa27d7eec774d4c6e0409c46d

    SHA256

    47f0cef5c444c8d47a7d883a937ec6e8523959a80df6c4bd7258a67ad42babbf

    SHA512

    1761f2a2453055adcc99c2ed89d789d7a524be90dd4086e9e5039a4e1e17050968d0ad7b621a9c660ebdb1705f420a3f274f0554bb6ca5f57bf9535bdb94061a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cda6d28e075ed9e8584f88c3d34e3c1b

    SHA1

    9f9757607e72d6439bdf5748410195793495e84a

    SHA256

    26b1b224d49ea75c7c7a7fc3616f884fee4d485c057f2078af1b5516e9e001e8

    SHA512

    983534b4eb6ca622e26557ffa7ac46cf0fc42942e8f389fdde4ba732c495c1d9e429d9b266fe68fdfdb4bd6575ab782dc2449ebc00bb2f4a4cfc2e4444fcf864

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3638be247b7c8add9c795c274a157e47

    SHA1

    862913293f5105d878b1ebd74c089c6d3812ad89

    SHA256

    cbe83847d527809e5d352fe08297f6bb5174c3edd24c4f30d7cc6672f6395a6c

    SHA512

    c1444bd45c1be3d411716b37ed6781e2dcf689f0091d0a80689bbec40da5db1ec1d78e94eaa312e05af122062004fd0bed64bdc977cd0a5ec7f3ca86979df38c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    34e3ee42666f2c0a7b67777ce4456355

    SHA1

    8f1446bfc1c260d3ce5cd28807c4e8b9bdd5d759

    SHA256

    aec8cb4b04165569fc63d4f97523a9a77ee3a4d5f6d5b90591785ce181ec2cff

    SHA512

    18191d5ed1c93bb1a4dc46770c48b8e46a6065d54cef6db118a2e079e81d34da9290c9aea451c5ab6ead207fe5e2c1851f65364f51211a1cc8e58d0b7fbb854f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2041b7eb29d282cd40d087d0471c1516

    SHA1

    e0dcab4bb167bc53141a4c20a1565ca7ff9e3467

    SHA256

    da0f2f00442a8a8724936b9422c4585743bcee0da156d1963bca2aaa8cf9b88d

    SHA512

    2dde348c488df96268862db70a8e2ff23a892796bdcab3c6872c7b40bec3201948a96f751af917d970036fa5eb15a8faa7dd2141c8c68941ec4cb8a3e18e7665

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e2423284956cabce63c40c04fe4860da

    SHA1

    65c612064aa1a73fa217cf235325aa2a06552e7a

    SHA256

    24eff7fb76c1ebba1aae18f25f4afa103dacb278da3a0395a183702bc2515e70

    SHA512

    e540338731af7a62866f35a609a71997c8dc53b542e414c9ab6e7d08e46faa7fe0f3f72ac31a6f16372c2c66d7df9a35693c96464cf0ce4e3f3303a02deb1c2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b872c9fe255d6050239b3ffdd8221575

    SHA1

    86b2176015fa78f99a33ea88ba9194f97805e829

    SHA256

    2755ee7386a6c1b9c1c226a4dc76133db81646c93137acb3f06a75c4b1edaa4d

    SHA512

    b8ed2e020b56fe84b022c51d3836331202920a924cc7311bfc8f486df29ed2035b03ae367d9683dfb4011538b63e69d7ef9bc9beef72c01a1d3c4eff756cc30d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    03e5f7cf0492d92edd4743416769e292

    SHA1

    8f5c422de8ee82496dfb687ef55a3953b9fd7669

    SHA256

    d972eca1d29d75407374b4b759e03e6f4ad9a35df9063058773dedbe98fa0f43

    SHA512

    347c96d946ec2903609e73dc1ce61aded7443a4a1229adea73014f3c1518595c16d0fa5b624b00f573779d576ef31b9964b1a45714bbb835f25d46c655bfaee0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    34c0992f7e4dc3b84a9a6058385c2c03

    SHA1

    661bf9a8b78ce1c2aaec30424314bbbe97e64c75

    SHA256

    85eadc9ea1272be45273270bf38eb15b908388f61cb7f40792c5e267f424d4bb

    SHA512

    5938ed45af5cb700fc9c5e4b050d6605a699e6553b3e5e1c4cdf4bf8eb232bcd625671d9284f45e0e8315fd779f67ad4f74d4e8b2450ffef059db21b81b6cf74

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72958aa135b5db16e2d1fd94238664c6

    SHA1

    29f6a710ec6cf5021b5b7cf4f6e1a9c0a9aeeab1

    SHA256

    82d5076d9c05d57f83ffe8d9ca7d82a051070b0479b1b61afa5c297d994d5074

    SHA512

    75cc91d4938245fd5780b8703a539cfede69e2cceae195a0705e6919d1f84cc08b5a31dfab9517f93ccc3dad7f308cc8fffdd9dac4d694b9a981796947c3e386

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE1D9.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE1EB.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstC86F.tmp\inetc.dll
    Filesize

    21KB

    MD5

    d7a3fa6a6c738b4a3c40d5602af20b08

    SHA1

    34fc75d97f640609cb6cadb001da2cb2c0b3538a

    SHA256

    67eff17c53a78c8ec9a28f392b9bb93df3e74f96f6ecd87a333a482c36546b3e

    SHA512

    75cf123448567806be5f852ebf70f398da881e89994b82442a1f4bc6799894e799f979f5ab1cc9ba12617e48620e6c34f71e23259da498da37354e5fd3c0f934

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstC86F.tmp\nsWeb.dll
    Filesize

    8KB

    MD5

    84bcf3c71e70d5a6e9dc07d70466bdc3

    SHA1

    31603a1afc2d767a3392d363ff61533beaa25359

    SHA256

    7d4da7469d00e98f863b78caece3f2b753e26d7ce0ca9916c0802c35d7d22bcf

    SHA512

    61aefa3c22d2f66053f568a4cc3a5fc1cf9deb514213b550e5182edcecd88fadf0cb78e7a593e6d4b7261ed1238e7693f1d38170c84a68baf4943c3b9584d48e

    Download Submit

  • memory/2296-27-0x0000000002340000-0x0000000002342000-memory.dmp

    Filesize

    8KB

    Download