Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
09/10/2024, 03:57
General
-
Target
2a6b79d2d8c78d9a6d5f63d203746153_JaffaCakes118.exe
-
Size
218KB
-
MD5
2a6b79d2d8c78d9a6d5f63d203746153
-
SHA1
86ee77ac3d94e1a7808aa0aea553fa8ec81ae4e6
-
SHA256
63362870ddc6f6f06a3f59415006ac48975cca308c4b285a63851dcbb8b295c4
-
SHA512
cd1ee1c432016c5070ce57d4264738617d9e2a43b606991434fa5b9ebf479a1031b26a452e14cdfbf05b4d15a9574164c42ea8cf88fc6717fef7f867b99dc246
-
SSDEEP
6144:A/6zy3sq8j1/EKd4ReLZkouP5F6wUEzErL6xPh:0hsq8j9d4sOouRAVE0L
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 37 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2a6b79d2d8c78d9a6d5f63d203746153_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\2a6b79d2d8c78d9a6d5f63d203746153_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\jf_cf_telepat (1)ñòèëëåð.exe"C:\Users\Admin\AppData\Local\Temp\jf_cf_telepat (1)ñòèëëåð.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.crazyfrost.com/3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:209927 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5b574b1d1ae4da877f4caf0742b338748
SHA142187834fd2c2c60297045ceaa87283c9a18f1c4
SHA25678335e078662e35b9c558d1c5efe9e753be0a77f5040d0e7f74625c3d71aab8f
SHA512bb55a443190b4edd753d2f649caddb402f1486843da00269555fc41257db647f81a5b1d388a38bb96c61e008e7b4ab329836b0370344987283648b22c554a5e5
-
Filesize
342B
MD5c1c9f9222e08ae9c642554618f4e7033
SHA18a82b83e5cf14c9602f59e78de15c3dd8e422dbd
SHA256bdfa1aa50fc4318b9d8d1c537acb26b46b1291b33ebd0960f7d05bc6e32fde79
SHA512a974a2489e8be74d2675089000d29027cc9259f649a13757831e12dcf80f620bcbcfcbc94bf2353e2af31a764d3b26f9e2ccab035f1ed684c47b449a34771906
-
Filesize
342B
MD57509d2f0032072aeb8982922d887bbb7
SHA1afb828461e47f56cc247e09104f71234e7dc2ac4
SHA2561794df36adac34694499399f5f9671e962371e06222066715c76743462d16550
SHA5126b88a2123dc8735ab23ec27576dd5b6bd1e46b3befc6b8634b55f1fe5cd5b75895f4d8865c701de8204f0124b6dfd7848d8d9680f7ba81f0b6372b5997cddd38
-
Filesize
342B
MD5678aaed69eb72cb1779b3fb2976d2dfb
SHA14b2de84f6dfe859b5b957526342c4ad265708fa6
SHA256f371438b111ed35c458f53aa5c4c157988b6082d279722bfa20a3424ba4bf0ce
SHA51244191a133b34f608c63deab1654399be053c0724f9e7acff1b5e244a24669399f94a94c589697aa7c93b22162d0c43bf466abb8720ecdfc4786f3cb499c14e51
-
Filesize
342B
MD5719260f2ac52a42516f1faf366a2683a
SHA1979e31e3ef5489d9dbb536983781b83c6400d8c3
SHA256f1049c6712eac8a85b9cd32bc14043930e0c938a6c3f24bbac32b5fb6e3d6098
SHA512b338ff7ae61bc7afe1594a90921d2cacf8036936839c091d23b71bb8e019f271f70d790250a2d8b2b37e4c5076a821b57f1500de69965dde76cca02f9b324c44
-
Filesize
342B
MD50b0e022d4497a9c4552ab121f521785e
SHA1f92c6c27c225c1bfd095bfa28ffe3bc1cc72fe2c
SHA25694854df6e432b915601a14cae3bc7362128cc54d3463ba2531bcad8d1a09a1ac
SHA5124a2d3e713f19462ede8628de2663f5a0dfe8c0fb811ae8bb4d3437b2a033be331c1e6f5ac09c8dd5e735f2f362569ed84f03b22d2f5b7a7726be24faf0583610
-
Filesize
342B
MD587809c7df74e9c41560b7139bbce2e1a
SHA18c83d14103468635525ce1a1b7f05daffbc1538a
SHA256e58028c3e317de2580a720343c5c9d7bc616e56e5d992455277fee61d18f8f44
SHA5121cc9a212f38384cbbfd01e80f0cbe6aaf13a6851d4032670443c38dc9998f1b843482e4f3a2ddae866ed6bb3d01c36a2342e1a9051146507befc5ce5608aeba9
-
Filesize
342B
MD557be018286410d3c720ba35299333789
SHA1ffaf7bacf55410fb19b4180b10903e9c36a820e3
SHA256022a3d0670240de5a6f149b4e96083161a912021ff622718e24ffe48ef7f0472
SHA5129a366504d430d51fbe2ae57be1cf35cbaf839a40645af5a0e33397c64fbafc308ac14937db3989a504418cf98f7595777615d862ec817c2913a2d54fc9a50259
-
Filesize
342B
MD5da8727bd04cea678608b893d84de999f
SHA1bf09d191f2e3e4f0b78e13fd2fc7f1d46b32dc7f
SHA25627f0295566ff44e21a43234589ed0fd4450db9d6200c00f14a911d43cb67f829
SHA5125601fc5bfd0c29e938fefd6b3a5d9683452fc5d3eebc644f782910498b0cf99a9010f08a9c6f7187f00115684cb7ccd39d51be491984c644577e23fd18f8c6e0
-
Filesize
7KB
MD5ff26f59e28a5fe6ea4ab23586415696b
SHA14182675484d175e363cd34b43041b7b1af93d0cd
SHA256d30b4ea6f68456672f5abb35e9dcf7d54226372b66e9d60a7ee26b7a52568e74
SHA51292c58eef6d1f885806450acd2927c57ebea2e8762c98b0826192555674bd4478e42add192834285d5934c0a76db8eac5eee1a65dc34b6f69246fad6c91a5fba4
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
1KB
MD508838877bec43d7c539d15ea11db4892
SHA195c6c8ff03518198ec231ed9b5b522295b8cbde6
SHA256fa001a0a6dd178c80e4793214f51184a5636373498cdac9516f23bfbd35a4f6c
SHA512753eb545bf572444f26f76e4a5e1b5878869e3cdabc20d963ab3c766cf42dc8d7efb60b0da26d2070014462ecb124909c1e25412936ab5026dace08ea4a37abc
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
211KB
MD5a8fb94afc3a93ef7d911c4b7713c31c5
SHA1cbd8570408ad96a462ea8697a7b2c28e4d206082
SHA256214fa9a7ab481c12edc2ed18a196a6ef0ca1ca11d17186afc3a7ea69cf7a4298
SHA51210fc7e4f20c984301090b35547b397c9a04c9ab664e894ff1ba56d64597433cae25f82b5215d2c4888c0bbd7ef8b0bb510f42e881b7fc45cb49c3c8433a2da32
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
676KB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
4KB
-
Filesize
5.7MB