Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2923b87c32...18.exe

windows7-x64

7

2923b87c32...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2024, 02:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2923b87c3218a1febe64f7caf70e81d4_JaffaCakes118.exe

  • Size

    1.0MB

  • MD5

    2923b87c3218a1febe64f7caf70e81d4

  • SHA1

    bda81769db31ef83320780e12b636ff9f0759f9c

  • SHA256

    9105bfccfd81131d422b86da71edb157e5dd1d81dc48a2c5515a80e543cb00e4

  • SHA512

    2886ade0064ad054229995a0571df1aa69cd612dfa9e4425442fbd340204f034f82b8b0631526f3239c518fdf5d4a17302e2d290c74dc452881201b9fe35cfe1

  • SSDEEP

    24576:kLiJKURm62v1fm9pv99HPvJL6h4ZP+ekOyD9eK270:kLqKURm679pF9vxL6h4Z5kOyHW0

Score
7/10
adwarediscoveryspywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\2923b87c3218a1febe64f7caf70e81d4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2923b87c3218a1febe64f7caf70e81d4_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2540
    • C:\Users\Admin\AppData\Local\Temp\00294823\tVe.exe
      "C:\Users\Admin\AppData\Local\Temp/00294823/tVe.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops Chrome extension
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      • System policy modification
      PID:2732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\00294823\bdklkgfikoblloolbjdihbfkhegmcpoh\4yU.js
    Filesize

    5KB

    MD5

    118bcbc34e9ca7a1ef996500b8ce3a1f

    SHA1

    040261c3ccc4fd30e72117603155290e759a35e2

    SHA256

    8fd8b9eef0bf483628ba0284c6c4f5645f1428e4a1df5832ba8ed16b777e418e

    SHA512

    57d20383fa3d181491bee225884d1d2c7d5f87842014114474342fde7521416abe767a627af2a3dce1c4dc5cd8b7b593ec5080a981727fd7b9f255e130517921

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\bdklkgfikoblloolbjdihbfkhegmcpoh\background.html
    Filesize

    140B

    MD5

    b6e9e0e355ef469577178049bbc66969

    SHA1

    5fe64842475d64f5444ea9ffa8d76b34c98e32cb

    SHA256

    b43850ba587d8625f1aa89765de2e96776b2e7497eb42972b16b631a36b493eb

    SHA512

    b3f31d7bb503d59fca18565a1af3bd8edcb29500aad858ad54eb1a7f32c92a35473f0b3b239230cc77c273a838d0302aa7c8361a3840bb7b5df420414e12acf9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\bdklkgfikoblloolbjdihbfkhegmcpoh\content.js
    Filesize

    197B

    MD5

    5f9891607f65f433b0690bae7088b2c1

    SHA1

    b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

    SHA256

    fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

    SHA512

    76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\bdklkgfikoblloolbjdihbfkhegmcpoh\lsdb.js
    Filesize

    559B

    MD5

    209b7ae0b6d8c3f9687c979d03b08089

    SHA1

    6449f8bff917115eef4e7488fae61942a869200f

    SHA256

    e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

    SHA512

    1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\bdklkgfikoblloolbjdihbfkhegmcpoh\manifest.json
    Filesize

    509B

    MD5

    6485bdc5018f32d14b445453da1494c1

    SHA1

    5801ba9e39749f6325051e81111eb2e826b2e611

    SHA256

    901fc34bccc3a252a8d1cca030401b985893099b82b1d9b4ae9da06b39d58efb

    SHA512

    90076cee3e21682aa4dc3bf7e612d064471b480fca763f5093b88a3d790158bdb32eb0cff25a62d95dfb17d52b86484af48c429cbf1454fb9594fe6c6b5a9197

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\bdklkgfikoblloolbjdihbfkhegmcpoh\sqlite.js
    Filesize

    1KB

    MD5

    88802cafac0a213cebc7a8cfed2970d8

    SHA1

    b22abff61860172139b2eb82580d15a04a6b4a8c

    SHA256

    0aa0563da99f5818281c9792b6f3ef0556521ebfae8ae417e7f8ab8d2b92e399

    SHA512

    e9d84c8a94c9e9c77375948473d75bafaccbb8c810d7ffd79746dd630ed4566b736af846c632e292cd0b4948b9513e00d09d8ea6c6f6781cfd3c4bb3ccdcfba3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\bootstrap.js
    Filesize

    2KB

    MD5

    1b53c596cfb1aa2209446ff64c17dabd

    SHA1

    2542da14728dcdbe1763f1ee39fe9ceae38ad414

    SHA256

    a7dfea4bf7e1d46a8b8e64ccfb2cf35017e3a5b350eead26d6671254d2b3c46f

    SHA512

    be54481675c38ef6a41697cf8cd3ab5a0b126922b192732a9c587dd8905b74b66c79eb0c849f62bbe8934979a894be63734b0ad59ffae295f5797cbfaa327030

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\chrome.manifest
    Filesize

    98B

    MD5

    3dd07905f1c0fda6f681a97e21be7e51

    SHA1

    7c9578f7134df9defa381f3f0de3db476b434313

    SHA256

    ae3f207ec6eaeb9cd517addf38ae0fd1b8b4a119fa602c2a32e0008584141322

    SHA512

    c8566c1a866c29c2a93d99cf8d4e0a5725bea047698e858d72b9c928c2d33bbb1a5723f574e73afa27f7bfc62eae5242e714f2673d10adb75ccc07cc03a1ee9e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\content\bg.js
    Filesize

    9KB

    MD5

    081d5c99506cd3befc109f4cd87f8010

    SHA1

    e64099042f2227b81a4cbdcafd3aedc1270ccabf

    SHA256

    a6ba1f543751ff398b981ffe1a7f2d7294717addcf806a9fda5da4e1f392b40c

    SHA512

    3deb3de39bbf7e52c7678ab17ea0e6c67eede4b950e90a58d8d8f657cd99a571cca9d05f2dd0c87d953f3409f4526da454af909b453b832d42bf4976fa4a5731

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\install.rdf
    Filesize

    611B

    MD5

    22ca1574337e3b21659f582a7c5c4063

    SHA1

    f22448c79fc343402882c2dad0794742ddf18aec

    SHA256

    f06186a06e3292eb187bf44e3744b678809ae2f7c70b7cbed04257baafba3eff

    SHA512

    92e7827741966e80623a73fc8927adec86bf2abc013b7eb0eb290338a35a67268b4fb5381436ddf86563798a2a7b4428c006e9e255add91a453b123f87286ee8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\mY.dll
    Filesize

    258KB

    MD5

    e1d10cccd5dde588af8ee2cb7309523c

    SHA1

    0b9e805077320b0ce1e6620488bd34f1c4d7827e

    SHA256

    9900e517bfd4b39bd7af4bb360af52f6c95ef9b3e7ef36d2633485c58bef9a1a

    SHA512

    a929eaae12f5cb28e224fc31298af2808f995c5a06bc6f47d95879703dbb9369e2e35b4e50a452e91741e6a949336220348dbb3c389c46ea2e0ca41f592dcaa0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\mY.tlb
    Filesize

    2KB

    MD5

    9156db5f76d48049dbc41fd1b58b3f34

    SHA1

    5eb1df59f9b5b06ab00137fc9e6451e323d3102c

    SHA256

    66fab808188a98ba49d99b723a181aa6626197d50bd2d5e15e076dcbc6fbb2cc

    SHA512

    742a77e71c34632146e16acadb6b381694072c7f4c2dea1df1dfc645ed42673ba153c832d167474dc41f9b608142a8c41b4aecda1efdab90d87d4f5c718bf149

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\mY.x64.dll
    Filesize

    319KB

    MD5

    4f5c722b8686afbea6f09c53171d44ca

    SHA1

    184c60aafbb12d1023b1ce2aff4d3708607a75a1

    SHA256

    870c280ea861313edda0bd3950dc738ea68d006f315888d66023b54e5f98f0ea

    SHA512

    e471a86079a16d129ea0c01878af77d1aa132e629832d3f0f3d1f8a3dd250ed41c8d2f37403a10c8061fff07c07dda926ba7ffcc417c6e0100005a0f2721417a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\tVe.dat
    Filesize

    3KB

    MD5

    fe5633a3614bec85f076bd8c961438d5

    SHA1

    6499426d21e969e753b68d2709239904987c43bd

    SHA256

    b57cfba0bd7cce82d2724c4db8225cd7cce7aab54cec84dd177e825086a06a59

    SHA512

    e4bd444a2f28fe505011eaeae28df00745103695ffcd9e2c897172871811517b968e8db8e5754df249d93532267ead090d425ecc28a1f1b5669cdb36737aabfa

    Download Submit

  • \Users\Admin\AppData\Local\Temp\00294823\tVe.exe
    Filesize

    334KB

    MD5

    8300c91b40229b42301aebc6d8859907

    SHA1

    0b55e56a6add6b4dd4ceff475a0018a203d02a5a

    SHA256

    f54a6814ac06c70ef5b738eca4855e49039783d96b70ba1ae461bd90877e53b5

    SHA512

    0863750da143e1707513f4a2efe1ad6cf81f5a819c7d5496d1629745afffcf72338aa9de90479d5e0936e848f9b260c434fd369027c56be175814086cafd4d8f

    Download Submit