Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

2e3673ad3f...18.exe

windows7-x64

7

2e3673ad3f...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2024, 08:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e3673ad3fcf84b2ee940163b0606991_JaffaCakes118.exe

  • Size

    2.1MB

  • MD5

    2e3673ad3fcf84b2ee940163b0606991

  • SHA1

    91c9224daca394a6c183b3301ffaa0f686f7514b

  • SHA256

    734ab649a60c490a87a8821bba5ec8157b4fcb87a252f23a5fefebac71c9e13f

  • SHA512

    66383a954dcaf05270515c3bc552ad6d2ec1a1399b8bb24956f4fe5d06202a0cc8ecce78f9da824dc9f56773efec75afb08e3beb0e7e0c9fef0d274651377214

  • SSDEEP

    49152:ujcTfcBU0Ny1x16Yf4WNKlTTKjgvpqQbTh4gUMFIaEOrwHC:/Lf664WN4TZpqQbTh4Cb5rwi

Score
7/10
adwarediscoverypersistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 31 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e3673ad3fcf84b2ee940163b0606991_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2e3673ad3fcf84b2ee940163b0606991_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Installs/modifies Browser Helper Object
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2396
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c "C:\Program Files (x86)\Gamevance\gamevance32.exe"
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2972
      • C:\Program Files (x86)\Gamevance\gamevance32.exe
        "C:\Program Files (x86)\Gamevance\gamevance32.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        PID:2820
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c regsvr32.exe /s "C:\Program Files (x86)\Gamevance\gvtl.dll"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1704
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32.exe /s "C:\Program Files (x86)\Gamevance\gvtl.dll"
        3⤵
        • Loads dropped DLL
        • Installs/modifies Browser Helper Object
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        PID:2324
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamevance.com/aj/ty.php?p=srKz%2F8u6wsH0srLp59Tr58rHyeSyu8DH%2F7CywLaxssDFu7a7ure6wLH%2Fo%2F%2Bzs7Oys7Ozs%2F%2FMyA
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1652
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1652 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Gamevance\ars.cfg
    Filesize

    95B

    MD5

    2d72148fcceaeb8467516456b22f350b

    SHA1

    9fb4b57f5e0d7dddceae0b575d508d0a77f05b51

    SHA256

    9f74076d62c14cc5e412f0f8197b2368f611472fad42601deac3fa6cdb443501

    SHA512

    6308fb451cf94b20c362562986b6fddf06d643836870c460821c4893997390050d2439c6150235fb898bbacb10cc9dd0c41abd15bc6e5ae942b67263fc72cc49

    Download Submit

  • C:\Program Files (x86)\Gamevance\ars.cfg
    Filesize

    107B

    MD5

    77aed9fbe29d6d049746404299edce62

    SHA1

    4539b254e3cb72359920674c538788fc2f3df061

    SHA256

    8613445c0652a030fb843c5f0e4bd0b2b2f045c0179dc1643be65c456aebc745

    SHA512

    4e8de0059ad7f8e53903124d55ee91cdee1ca24b1090ee863fd9ff37314763cc3b3c43ddd476757075232529e40baae4285912bfa7c5c397afe147987731df4b

    Download Submit

  • C:\Program Files (x86)\Gamevance\ars.cfg
    Filesize

    163B

    MD5

    5bab9d475fb5a9731c3edc24762c44eb

    SHA1

    c3fb314526e52445d2ce013840270e0b610951c4

    SHA256

    e213b4f807f152d97a6fdeb127f0fd4966739b8121f14c124b5ea262588e44fe

    SHA512

    887046fd1b436063631a33eb761d377d2c2fc3b111574fd86addb0cad44e5c90a1548ac1e2af8b4d7303a3e74399d971f6c8050a6e51e364ea0d8fe61a2f9803

    Download Submit

  • C:\Program Files (x86)\Gamevance\gvtl.dll
    Filesize

    261KB

    MD5

    a8076c285203aa6c4248362c5168203c

    SHA1

    9d73ecaf478d843dff8e1781f6f9aa2f11bf7ba5

    SHA256

    280cd7a2384a21f75541f9bd09ac2660251760ee56759c1d00180f6652a3ea58

    SHA512

    ec44fc926a2daef2a9bcb477cb9f207c012842a896c5945b33cafbfd54ec7dd09610275a7a30182856c76b825d96991882a10a8e06c962c4e862838fa34ad073

    Download Submit

  • C:\Program Files (x86)\Gamevance\gvun.exe
    Filesize

    262KB

    MD5

    574eaccc9492b329d83f5a78d48c582d

    SHA1

    b69224f394132c5ec67d2d69e11fcf7d873e5e36

    SHA256

    9ff4ce7bb23d96967e31dfe1e28c66f18ef27170570d3df0f1168f9cf6505473

    SHA512

    4e2ac91cdc562119abfcee4ea44d9e34f08c200fa798209e5994c6389e70baef2a530f593bd37aed22b9ebdfca7f6e42926fee01de6bd0da899649d302586e92

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe18869086945d9e953cb78578adb912

    SHA1

    1c2652d43271919c23e2e1d1e71e76fcbc914f8c

    SHA256

    804bcb842034a71bdc2e0b0d370e4d9c37af051f3f181a24a69246832d8bc51c

    SHA512

    d59a09a48f3d2f82d0d82fc87fae591cfee5bb4ed0a4bb306a644b010ee9263b266b6ffcf773dfd3b197d7a9a73fd1dbe1a87d0dede25d278d5bea1676bc0396

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4be90b7ecb0f9cbac4e2d453dd3e0bcb

    SHA1

    1399aa438a22c425b371f51bef035c4ac460d4c3

    SHA256

    bc5777779d2e83bcd0cc8a62e6e3e51a9783722ac42632aa0b9f75e197bc0427

    SHA512

    6148ced52a9023ea7a814aa39d315a622588afa63c830120fa5ba03278743caca6c2d87c53ccf77fb623491b517611d9edd01991fb4d20490e8fe4ddce837a0d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f81bebe59427f5a5c811fdee53a5b3f5

    SHA1

    1fa5194735987e97c386f0907acfe6b6cc7d05d5

    SHA256

    e59652d23e965dc9a25eec4f88641aa76a62c5fde566e7d1af2518782bf09c31

    SHA512

    9bd49967f387434ff934c1f6a07cd4fd8081223f55c6c1ac2de355b48878e063f4db29756b07872383fd0731c08de87d2c135b6cb84ce90bf43a26713a91e3b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d1a0a0f9d923a7a0d9a62518e6ddfff

    SHA1

    affc36d216414ccd774f8988314d05df6c01501e

    SHA256

    020398840f7daee9fd1ad18014a34ddadd1ee6670499ce7909d33fe15b75a87f

    SHA512

    634f4cc992dde8ae5ccdcbc832a52cb2177237c8b70ce15bc1f45166143037a8385b4d10c4a4ccf4285944ae2a9960d5a108a0bb4459d344c26904c3c6d96004

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f9b547089f1a89b81b1c74efd155324b

    SHA1

    cedfef988c6aa1207728460cca9e79e4e6d97402

    SHA256

    b023a29262bd69f28e2b5de9a93648ded7a262f3e062a6ce75e821de1ad84c87

    SHA512

    0103bc2a68014ab847fc0253025e06a3130d8b5d0f8394535c4f530ad3c655c1eb9b39ab1692884f3c9ec912aff1840e4419cc0a624b266c2edc0cdb4b04207c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b39df568eff280a07672ebe4de9f7122

    SHA1

    99b4d18c6cd57c23ba143afc8cc45d037465abc6

    SHA256

    4675a4b59ad1f1f1880e4beb395d79c619c9f48e24bebca550a38ae99baa7a95

    SHA512

    47565c60ee8bfbe11359e52cfbbbb5d37ee351c176d4da9a11804c16c43b3bbd48c7e958ad24bc1fe29c218b814b56eb67b192759c76251a7bda0ae8e33ce9ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    381a5a1f7ed441317ad63b32866481cd

    SHA1

    6351380d4d354c852e4c019353dedc7492284170

    SHA256

    0fc5e3e08914c02e66e1c3065a6f7b2ddb499d83b9b45ddef8dfc6ef12106d92

    SHA512

    68e023a593120d372a6f27eb2d26ac622dd6e225ffb04ff7612e51752c08b391a95f1d2d585dffa837ce7755feff88b0b81f27579b9fab34196b6a305e65eb48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d080a2b90f6d9e834cb391c428d18928

    SHA1

    0b57bd88144484ea487173a1633dcfd05670418c

    SHA256

    920b62bb795fc5390ef2bbb9a92df8cef69989f2bc94a9a042f27b54692c5b53

    SHA512

    b47fbd2705dfac7a0dc80cf6353de43f4e4db890fbe34eaee1a9d92382dbdfe649bfdc2cf9b24f95d503a16c4fcde77c26f2ca857bcb89e6234a8557693d00fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b469287e05f91f5e391ec97680636442

    SHA1

    4390601b87eae1309f604f21149f6fdd277410f5

    SHA256

    cf84b8c5d2c7cd9fedd70c65fa869a9c1292fceeb4c2527594e2d6c43eb99ebe

    SHA512

    ca04b765679f4a4f81f881d350fa153cb0ea498c3eb5f3ddb707bbfd55b217a55364a18ca151b87f3ab1be1a93c6a607419aed6bdba6a493d1d59b96a0179a90

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ccade40d1e93b0551ccf1b0f183cdbf0

    SHA1

    6793b6d6125395b96682327b8949531885c7c6ab

    SHA256

    b0ab108516d780b7b0feddd5fc0f7693bf5958a006c3db770e65b00b24a3bff7

    SHA512

    7facc2e8b233c9caf729031062b891f64482b58bbd9e64be16ea0b42a90fd5e953552bed11f9eb01fda3818e7d6a14e0fe7558191a69c83e24eb7f153d563db0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    addc2b47ce41eabb63e247322dc85d08

    SHA1

    471418eebe7885b71dc1869edeb26afa4eeb57ba

    SHA256

    882ac3b790d9eaa02a485a96ac199f1685152ac498a7f843ec52eac2b80eac68

    SHA512

    b0f40aec4cbeb6844999cc4f4a37e009a85a169e1f755918909ee99b15ee7f9c4d72be1d7a9cc7df3678cb3b8631aa6e8d10b2c4dff2d95cdd46e2e449a6f896

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    01af9cc20b43592aa45b2237768f9784

    SHA1

    e817040ed9959614dbbe575f7e08d316b52a86fc

    SHA256

    17263f14907a00a7cf836801112942ae5e1b4ac8ec683e3f4bff708fa3cfe2cd

    SHA512

    416f7d0b4a97712eeecf0fb96cecb4e84ea47ce95990215e3bf39706fd50540b77752c5108dd5f05c79fbcc38344399cfa61f170eda13f174ae599acc97818fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2190f3e56847e9a16ce10b46ed082773

    SHA1

    1ab3ac64d04ca26a086de7bf5a6fbe852c7e25f3

    SHA256

    c9c570042e1da791cc424ac9b1c11e01d953a79facda5880fc769650c536d098

    SHA512

    374f9580e89e82d80b0557655126e0088bafec07979201896c4e1e86feb14a33a5c0d0871e84141dd6ad31f0f1e2ba6478a1795e97603751c08912940e9a4ebd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5bd40e9c14f7e0511d297e1f68a8b817

    SHA1

    b3a95e49da3d980782e496963e015cc918a6cde3

    SHA256

    ad7c04e120419759b3bde632b2c9fee8d895bea29dec29a86891d1cf48749862

    SHA512

    7bf767f6e111510fde0fe798f55780b6fcf2e9ef8125ebd229e4c6ff694fec51c2ef09000507921af194b7a6a05b9266cbd26871e9304c3914d596e474230dd1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    31aa64c4f4493b0c6c1db90dd72958fe

    SHA1

    d4fb0f75a995e8188b166f55fde940468978b6f3

    SHA256

    35528a83b76a260ef0cdf82fa9d85971d68ff126202cdc87219375c37d4312ae

    SHA512

    5a4ea458933d895621bf39ea3893a582b2b6a9fba021aa4528f9c7478f775738fbb77719357c97268ebe82f7d35e29ea555b33296174f995cfcb99ba664342ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b80388825950d6c1305752c8244ec9d

    SHA1

    d64ff36b89d461153f363b7f906898ab6d7bb195

    SHA256

    447f173af5036e55b0d0f1c3c8fcd0b7b7fb5439cedda852061d8b02fc8598f6

    SHA512

    2663253da168e861990d4ce2ea9f10749ab23ae343337de458c24eb1116a7b46ab8a9e2a9a051685cdacad1d8594adc78291a6d9a45d5e1eb4fdcb6bfac78268

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43f40cf57bd53e59cc261dad44a825ce

    SHA1

    3a3b0352db4b406efc983df756e6a4a2d5865b6d

    SHA256

    bd9bbc1828040d0c63a49b180a9fcc290057137452c827982d639586e3a6fb51

    SHA512

    bba49f41b9055ffc4b736a9975a920f434911027509dda8655be1dd0d00db4f9dceaf9c76e94be477e80d44dead12dd004fbd21d4451777c0d2968c302bfe9c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0530efd28a69f4ed0635706f447b8a51

    SHA1

    a9d409b8d98bf7c31358a9e441215841d92eceef

    SHA256

    2f06a8828cbfcec77f33276bf97ebfc5545bcbafeadd9e7374873d273fa51423

    SHA512

    dbf4f67c417f8e0f07e2817a4c20c3d3e17c503d0ea3b13c819176d87021f53404fa98f0c25e52b39558ba907cf949544fc4b9be3cf88ed1b4c58e529604cf1f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ca907a3a6d7e066209e5201a19d480a

    SHA1

    5f77f6c52cd355346b665eddd0e2f31a038bb694

    SHA256

    90a1a9b57ee0b48f1835bf6316ad8e5c81e28a13c56f3aff6c40dfdbc35b95ee

    SHA512

    6f7b56205f55d62980a71e1f1f5bd60291835e5e95964474e9d8eb572846bf1ea2cecdea4d147f237de4a6ccb75cb1b773689e5fadf95082945c321809f25b20

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE340.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE362.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Program Files (x86)\Gamevance\gamevance32.exe
    Filesize

    241KB

    MD5

    a5aa1e2306a9daee26333e556ae1db3a

    SHA1

    0d80d0242cfb7dc87ca66fe17c1df4f86b393302

    SHA256

    92de2ed0ee0bf5984a21261c3334a7af47d2cc69c7f0d5caf5268178ef6ee0a5

    SHA512

    50e8950a349559446a993c62bb53de6c5114ed36eebb059bdf9c56fddf9114b6fe2559f4d9ec85566553d1244b90ad13550b09cee061a2c9899860294d60587a

    Download Submit

  • \Program Files (x86)\Gamevance\gamevancelib32.dll
    Filesize

    228KB

    MD5

    f80b6f3aeb2b3203f35aba9c8b4b8780

    SHA1

    8c41eaee63f08aefde159f21fdfa8a06b61c331b

    SHA256

    827ec1f0fb29c6ef9bf449b68eba87172f26b5725939feb1357c2befb5eb519d

    SHA512

    846aace00678e8800adc5ecb7d2923768d913db2d761bb698a080eae18eb009e4905fcade93a30cda52a8d8f8abea9ff9baee7e4a56f3b06ad29fafa26690238

    Download Submit