Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2779bcaecb...18.exe

windows7-x64

7

2779bcaecb...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2024, 00:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2779bcaecbfc54ef87a074947f1915ae_JaffaCakes118.exe

  • Size

    524KB

  • MD5

    2779bcaecbfc54ef87a074947f1915ae

  • SHA1

    7392bf34e5f7c7ffacf9f71d9afc4e499e2c1cdb

  • SHA256

    f5f4ef40f9fa15ec7936144543a72958f2e851b70ffc8fb9c69507955861d796

  • SHA512

    1c08d151561df56196ebed6a499724ac9946ae2772d964e862b7bb73810c099eebd5a15706563a59c5b47ee6d4fa30726251f4c803b52fcebf53f86290eda366

  • SSDEEP

    6144:2Y7O053DKjPiwbz3pu+Bzp4fEx2Nqi8FyVoX8FwjXy4DZO/wdtX+Zz0BVkPxSAKz:9t53wPiwZu+B9x2QjCMyKEobjUSj

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2779bcaecbfc54ef87a074947f1915ae_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2779bcaecbfc54ef87a074947f1915ae_JaffaCakes118.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2856
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2708 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a854d8dfa990324b2b53a84e1bfa5ca

    SHA1

    4891cdaecd755995a43cd498001574724730184b

    SHA256

    a5c76e78c733b336aa2402bde858c0c63e4d258ebfd4b5b70b021d654cc6f1ef

    SHA512

    e0ae18e6caa883c62b7fe55f6b3428cb87a59d1719c967e7e4ce241a4dbfba49a5676c8928effb75f273c6e2ffa09ca7d16c2ecbcbbd589fedf3e15c1d262309

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6392719231519f0d7e011c865aad4c18

    SHA1

    29c3d856cf0353cc06b0086cd046faef8e4f55e6

    SHA256

    b2effd0f1fb81aee12426bd3a652bbabea12670a2c80f9b3da1422ea3279c9a3

    SHA512

    18758d1e32048acbbafd9c56e382ba5cbe83b86ea929f88bd72ee7b99e586f47b4d8c41c2f3636c83c509134532d29092853a5550fe44a0f4fb74720f6df1878

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe9d62e73a9f9b03065e32fa33c3baf9

    SHA1

    7432dec7e343f60dd5c5f72e2edf49e8f6e09e1b

    SHA256

    715c26c6fcb22fbe2de0ed10e1a266d0eaa23053453eba99c4142bf7936e3ba9

    SHA512

    7bb8bd4ca469aac980a5611e8cd7f510f06b88de57d299804b2ab8f53e44ffa087739e23917189292c27564a2b03b13e4ed1255e94edb0e3701971d567ebd629

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8afd34677a1fee0fad50918d063a4ae8

    SHA1

    e697023b1f1dc7c0b7361a701377eb6cffab621e

    SHA256

    bccb825972347c84702491683e587c15f14c196df2e4f5c99ceb912186818411

    SHA512

    e17c9adcfa42357d8a3d64c9c188378723580c35475050ffb50352c6512bf3174833e529a8259da694e3dca1dd5d41016898714d475d9fb5f8ed69a5516069bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ac7cf11e4008a253adeaec751a033410

    SHA1

    e8f5fdc7cce5acd5eebe62051d216893afe7b25d

    SHA256

    ace806bd3289d88783057da72abeebce44a7f2d30413931af746539d8d478903

    SHA512

    99ae41c05517ad2dec362596fbb0be09f729a519096a9329203c8d2b3d074c5e81d1cb007d293f7a97d22d058e614afc1744a5329abd31fa286418262caa94f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ea80205a7862dd7cb4313f34ebc89f60

    SHA1

    245ea444f727efb23e55357f0d7fa6222aed487b

    SHA256

    65b797e87c2ff1569e6a9642d4d064dedbd43cc4df6ddc9620cca910af7946fe

    SHA512

    bdc82d9ef5a802fa4282ce4ba2041fed79eb254d964f19fe8bc96bc26695c05a299dfa5badd9f684254534d59bf1f5950fb8a9a2fc34d86d62de50412e8360f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c8add134ad9bea8330d2768fa752aca7

    SHA1

    dc4c2a29974a27a463b5c551e97bdf942be20fc3

    SHA256

    e9d0fc4fb1e246a886774967330002d937b3e767cb85ce6d14be2045bf55aae2

    SHA512

    c47a680b80fc727787c7d7bcfac3f574b585c5f1380821650e8cc87939fc1aaed12e6914818b43c5f174584e67b6fe9b160fba411d6df916ff34a3a709f272ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c35efe88996a447ad9fc9a3974123c88

    SHA1

    9475c9e5b7e31e08cfd8e73335e173405cda6961

    SHA256

    fce9d38f60daf67f5e1af3f3d0eeb66a3f6d0e343eea3ecb6264b5791cc08a75

    SHA512

    180348c72fdf0a36edd1050756c278109e88ecbe8abc2f0b606955efe6a948844675edcfe5c3c92035b473aeae942364d37d89ad36f83e24267afb89337428d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0860812b7bbb4f194373f248c254e0b3

    SHA1

    4a2e954518703ab6241d027a9b6ead2060579286

    SHA256

    079d04d7d806dcf2940341a7a84f24ad60f05833b2b7e735a0cc4e4adea52d45

    SHA512

    d95483003704635be3f1a2ec9ec6d400a09eada552626ce498537d25d83a6d22f6e5a05c14221cb7d50b799a7b7eb2425d29f44cff662931dbb742b920511baf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7086a040e4fad829b1d13287441c92b0

    SHA1

    ac2b28b9d45dad3b878e63994884513403ea00f3

    SHA256

    6c73f71e7e3a391dd643fb0024ff1fd334a4824a9bb5b60eac4f65cc08f90ee9

    SHA512

    a0f501080babf62dfb60a197aa792898af415045f13d2b9d66d02d403c168211df608e375cd50b6c5b18b3a875ca11551eee053ba85ce7d99d0a1609cf72080c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    958fb50f0fc7e6a09c110ab4e1cc455b

    SHA1

    bf8a4908fa5e9a1ed7f359e225131d6daab08f35

    SHA256

    74ed5852544d8d5d888a037813f1957613370ab1ddb8b820e324936a91da39bf

    SHA512

    a4df4d2ba1e293a331e6cd8d756940e37660c8db5d2112fa8c34a7eb38130cef0c20d620cde4c2e4ed0ef7f7ba5a79fbe6dd5319490485d7e3e90b40fef1a755

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da0edb0394fd4e8c583c16c57d8bafe0

    SHA1

    312ff6c9333e303dc28b4479e49e3a609ab3dbe0

    SHA256

    94977a408d2229e4c765af0d1e18ac5f0c3ccb90509e866b17dfdb83ffe2289e

    SHA512

    9c88ab1e2178d9de48b7152b073369e9d7c839bf7984b4776422fe7257a488a65d82c0db59b9eec93913041a1716630b27fec7e4d6616c9a61bed52e07af1fee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bd0804d37c656b6e4b51e679a068249a

    SHA1

    c80641a41eae46c7b3e94cb48bbd683fbc2a16ff

    SHA256

    2c238bd73e69f0df9fd4211207bdab42a1c4c95219631b935ff5fd1e3661d520

    SHA512

    fcafbcabe71e3aabe0b720b8fd1d9bcb1a512c6f76dd659796abffbb14f2fc34f885edfb97ac6bf61fbb2d4f1803b1ae449c8d1b1c3bd3ce499f04fc61f5b542

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eb465fde427aa367ae2a139128c0d516

    SHA1

    d465131f33d9ed96adb449c24cd2323299015cf8

    SHA256

    3d7a1f69d56ad7bad343b4d64e9916470572293b460644129e8a6d23a7785f6d

    SHA512

    2e010d8ee979eb5502528268b8bd14948b202ee62ed47859981591c84eb380ec9ed9676388fce87dd8ca1bc815170a474039c16fe745f79dc2f689277993d408

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8db52bf6eba163880f9379e9bde8d348

    SHA1

    4e09a9fa42c6f0c1524e23c63bf5d975adbab82c

    SHA256

    a1b832c1c68652a435de5779d70645d6e7344c56ba34a17339b468cadda182da

    SHA512

    aa5f2a553b002d363a7ee13d689d57b6881b12ad30d46f0a3bcd24351468c813815ff583f977b396d85b698dffeb5ee4a787fb77505df5f1cef1850ca11e3661

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a59ca97b9aca79fe62ae74b8f99141ce

    SHA1

    a0a902a4318732b60ab3b445727beafc98f08bfa

    SHA256

    72cd15aff4377b4f6de003a31f7d5fd378ad0de9a5b870ef31b2e61fa3b8752e

    SHA512

    8f9e940b91c49998cce1b97ce2878148ab3183a9486ed2f8188414c9dc2d4f7662add415a34a535e95d9a277f0db76113dec85721f1f9974d810f5dfb70aabf7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f459f5dae50b57cca8bc03a7f46bf38

    SHA1

    0fb8012a1201348f307763f4693f35871359adf9

    SHA256

    1bb7787b299992eaf1794a366d0a89cece52779ff7399e57ed1c57251c8b90b0

    SHA512

    60270951f410c2a822afdf0fd8484da8239e6d020ea4131d5ac95c71e0b659c42bc753e6333e3d62ac1cc6c14cdfe17a46c98f7e3a6ac4bd70cd12b58bc10136

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb77d8894f256cd2b630be6f3a6d0ee5

    SHA1

    ccf8da6956e37ee0f4fd29b7c11f0b4e934c3980

    SHA256

    5b5d9bb36f8cd4cd4a267f64305f7d8fbb1c5da08c09b276ac1a7978e4dc498b

    SHA512

    49eeffd43fed2411cf4f0d35ba6d30001e1e3d5d0df89d1b56d980167f859d9b3c02239fb864978be41d8a5ef6a356a30bca5f94f62437534ed478e2a422455c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    136adccab52f4c41345d87ccf6b9c89e

    SHA1

    559d506406cde4262704a2b1801b7761f8e31d2b

    SHA256

    16ac31c782cdc3fd03c3f89e7e686729d5794aae4e5281d0a76713e8eb9cbc85

    SHA512

    0ed3f571669929b8cf23a4141925800f739fd37a7696dbd3ce7389c507c406eef8af6be9264f10ed2b955091e13203a71c108cd6ddb654e5e944e46afcce94df

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9002.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar90B1.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2856-1-0x0000000000330000-0x0000000000332000-memory.dmp

    Filesize

    8KB

    Download