Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2fa5bd8c33...18.exe

windows7-x64

7

2fa5bd8c33...18.exe

windows10-2004-x64

7

/tbu04...er.dll

windows7-x64

/tbu04...er.dll

windows10-2004-x64

/tbu04...ze.dll

windows7-x64

/tbu04...ze.dll

windows10-2004-x64

Analysis

  • max time kernel
    93s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2024, 10:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2fa5bd8c33d85d06716b95f183744e61_JaffaCakes118.exe

  • Size

    502KB

  • MD5

    2fa5bd8c33d85d06716b95f183744e61

  • SHA1

    95eb640bf8b1f885af35c026118f7d44aab0bcb4

  • SHA256

    35ae6848c61a63e3087e41f0f26dec377f80d2348385d83318dc87299d253b2d

  • SHA512

    38772447484fed579ed0f124a79a3539a1d19ae007584f91b7a86a948e5f9bce21c2f5843e7be6e9d709c1ad8d23bb79a935fad2cbe8dabbfc7be50f5cbcd93f

  • SSDEEP

    12288:WGeC05T/BEF4mxBr4brIlScSHomRM2uPy+mkSdST6HTPMRn5:8CaT/BDi+N7ZuP5v6HUn5

Score
7/10
adwarediscoverystealer

Malware Config

Signatures

  • Loads dropped DLL 9 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 13 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2fa5bd8c33d85d06716b95f183744e61_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2fa5bd8c33d85d06716b95f183744e61_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of WriteProcessMemory
    PID:1420
    • C:\Windows\SysWOW64\regsvr32.exe
      C:\Windows\system32\regsvr32 /s "C:\Program Files (x86)\URLFreeze Toolbar\urlfreeze.dll"
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:4084
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.urlfreeze.com/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:228
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:228 CREDAT:17410 /prefetch:2
          4⤵
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3752
          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=502aa
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:1324
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=502aa
              6⤵
              • Enumerates system info in registry
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:3460
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3d5a46f8,0x7ffc3d5a4708,0x7ffc3d5a4718
                7⤵
                  PID:4656
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,14481007141803014153,15386227923560355414,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
                  7⤵
                    PID:1556
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,14481007141803014153,15386227923560355414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
                    7⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4412
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,14481007141803014153,15386227923560355414,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
                    7⤵
                      PID:1424
        • C:\Windows\System32\CompPkgSrv.exe
          C:\Windows\System32\CompPkgSrv.exe -Embedding
          1⤵
            PID:2932
          • C:\Windows\System32\CompPkgSrv.exe
            C:\Windows\System32\CompPkgSrv.exe -Embedding
            1⤵
              PID:968

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\URLFreeze Toolbar\basis.xml
              Filesize

              6KB

              MD5

              673aa08cae3fcfcbcb1e7614d9abab27

              SHA1

              a4f1e012aba0a2036792f2d9cfcb45195f5cec45

              SHA256

              0cd43636d74174b5799103f99bdc95ac802f465b247f69086769dcd0a18636bb

              SHA512

              08c5e69c06a0e5d44e5837dd91fb99e67c19e23e22bbd4c994f58b746a4a8c6635951a8a13a7aaca89b20ee8722f245bcfc993f56be0456c63fe83853a0d559f

              Download Submit

            • C:\Program Files (x86)\URLFreeze Toolbar\icons.bmp
              Filesize

              181KB

              MD5

              cb2fffaaa404ecb4877117d5543f3171

              SHA1

              5b7568d03a7578514f0ef25072ed5c79b1f91125

              SHA256

              0d98a239e2323cfaf039c6a7c88fceb7d491f48bb71cba4f5fa99e816e2168ef

              SHA512

              52092e972c748b0462fcc33643fa63344688a44246934c7f728dc5339deab50e79026c7ab11008c88b80e24b4ddd6b36d52f1c8265f41d946c961c9ec0ea045f

              Download Submit

            • C:\Program Files (x86)\URLFreeze Toolbar\tbhelper.dll
              Filesize

              372KB

              MD5

              87503cf652a007ccbff38d5b370e94ec

              SHA1

              141f20a4fd5bd549eb7dcfe0fca0918ca65d4bf5

              SHA256

              cc1ae922b46a94e3af01d79ce9e38b0f97482351150fab7e384b62d0d646479a

              SHA512

              9c806981911697e32840cd9ed42eb65accf024d74f304cad8b1951b1214145597cfd98f75038abdb4db53fdd726256cc697ae576cec0247b29811df943e36bc3

              Download Submit

            • C:\Program Files (x86)\URLFreeze Toolbar\urlfreeze-header.bmp
              Filesize

              5KB

              MD5

              93dbf5984d93488ad789c070d5d93b6c

              SHA1

              6ebb883f90a3898952b57cb3b7c703fffc3171ac

              SHA256

              241b817d20a3dd5762a4093a703d29986e0110d338d41885be577cc343ade9a1

              SHA512

              d5f8a92331bebed6fb8b0e225ce14cbbee5e8e46690854437c93efe2e4b94ac9c7613c8f66fb4fb1ba7c7816f68e9b3551ab3b45bfe2e181d6a78150bd83beef

              Download Submit

            • C:\Program Files (x86)\URLFreeze Toolbar\urlfreeze.crc
              Filesize

              120B

              MD5

              4a6367845967f7f8df3a9a029fa5acff

              SHA1

              2d37f53bdc44e0a1dd1928b17f6dabeda1c47aca

              SHA256

              0c29637bc4484c8aff41bb44ffda321ad9120163026aff523431cf4a8c922891

              SHA512

              120957ebbf54cc11cd77daef32a9dcbbfc4de5a850553414dded7937a621c65ab7bf922b72d601f676ecaff192539bb5ce8f440c548d5e898a53735ac32ec89b

              Download Submit

            • C:\Program Files (x86)\URLFreeze Toolbar\urlfreeze.dll
              Filesize

              1.2MB

              MD5

              18119d058f699d165ddf4b8e79e35494

              SHA1

              b40b9d7743e99ad78570c40a55133e24efc6aee2

              SHA256

              d9ef9c53ca7466bf5007601ea002dbcd2d095e34474da64e6b4c4079d3dc93eb

              SHA512

              497c3f5ed6790ad47e9564d9a943a07ab0d54d016487b8a4b1cd4c405f66b73fa2936c7c5defb9a04b89f636b658793f2abb91c8e299917ce52daabfdd0841bd

              Download Submit

            • C:\Program Files (x86)\URLFreeze Toolbar\version.txt
              Filesize

              51B

              MD5

              c2a9d10df6c5a7e0c79f77382c36b7ad

              SHA1

              519c7e90c2a526686bb3dfffabb0d0da747f37ae

              SHA256

              dd41bf9a5e5ada5ba4db6cd4f9877a1dc1a7a6b909677a2bcce65b76b6cadd46

              SHA512

              8df975b04b36b42fbb4d155e9354aad0473c7d2953521b443a08825ccb102d31a39516b50902aa41d9030f8b5ecc098bec4716b245241c05e68205c4f9e6a454

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
              Filesize

              152B

              MD5

              a0486d6f8406d852dd805b66ff467692

              SHA1

              77ba1f63142e86b21c951b808f4bc5d8ed89b571

              SHA256

              c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

              SHA512

              065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
              Filesize

              6KB

              MD5

              e93cfedf66620d5f8351b44c15365ab2

              SHA1

              977d4e9531a15b5dee6f097389914b34272234e9

              SHA256

              de0e5cf05d633c64a93717c2db82359b42e11af3d6af007caf73b8c4a08b6c36

              SHA512

              4211c9011107ad382c47486d736ada17ff73d445a2f86fac8e4ac24925a62481f8a61d79f7897d0e5efc3bd84c718437d02f915f7e7d278ed345d48a041b3afc

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
              Filesize

              6KB

              MD5

              469d2b44c614cee395201d49370b2450

              SHA1

              46e5eef6920fe6a060d1afcdfe0610ccd64b8027

              SHA256

              b45b6948995afb632f1297760a1de6cdd664cedfe565bef837cc6525299368b8

              SHA512

              20cf02af57e5fbec3008a59cd15651ad8d5bae42b9bb114f952c13d97023b121446a8c3cab0426fd44dd285511f757cb3acff10d9d8bbcb9188f0eb951b41ed1

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
              Filesize

              6KB

              MD5

              d40e72508fa76a98c29e1b26b8b936b5

              SHA1

              5058718be32a33dada223091d066a35f02a9ac30

              SHA256

              7ac8014ae961767abe3764d09f1795dd1f31917f8e58f62938e0c035eb62a100

              SHA512

              8d6e2e5bc37dadb5f0caa4bbf7453bca354d26e0fa9bd619dec3358eb01947222d8ce008050a7e5e1859952a3ff4253b4c3908f651deedade22d97b51df820bd

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
              Filesize

              10KB

              MD5

              e96eaf9783eaecefc412379861e9d19f

              SHA1

              fb271fae406ee1fdcd508b246499f91fc2b90578

              SHA256

              536b91f4585969af529381d927c586b4f151a1a1e526a9dd2422aff347623eec

              SHA512

              a4a521954979e0b4564688408f74c3230279076f2dc550e09c0d232d2859ba354651af2b643d39d9769562fdd519601a47952c1a048b8f9398af2179073bfd5f

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2e50abf\imagestore.dat
              Filesize

              799B

              MD5

              df0e1c969ae0242bfe209b7ae5d47e72

              SHA1

              ea672bddef3c9bbbdd64eed1d81c15ecf574c0b1

              SHA256

              afaf0d6bd410f74962a46fe0f56f8a46ae1cf5ddfd418ea89d5d990b052e97eb

              SHA512

              7b08de67ad33f2d2afb698554ca72d87adf8bb4422014f6ceecd7609ff89ff75c2b8b71032822b60cbcdffc501a201c85d88a7f299c9f8933b6dcf8957f90972

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IQ93NPJ1\sn-logo-favicon[1].png
              Filesize

              603B

              MD5

              950ccfc43a1693d3b6892e9365d3c079

              SHA1

              c42f4244418ae2f2305a977f907278bc1b3de706

              SHA256

              090735829c25937deb7cc8cd712bea6050d44a34270c97213fae7d5fe8b0b7d4

              SHA512

              73534e3809673f41dade7213b93559353d213bc70b698b2e9c674f5026301514a2b07315a5ba4027938226d0f3c284da310f050f2172e45014dafa0c5fcadd3a

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IQ93NPJ1\suggestions[1].en-US
              Filesize

              17KB

              MD5

              5a34cb996293fde2cb7a4ac89587393a

              SHA1

              3c96c993500690d1a77873cd62bc639b3a10653f

              SHA256

              c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

              SHA512

              e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IQ93NPJ1\v1[1].xml
              Filesize

              742KB

              MD5

              25a40f949855471562a1a9e465cfed7c

              SHA1

              c3a563c56fb8323e6c2ee7fa417c45d8384a4156

              SHA256

              075f1f4ec57dcfdbb2f1b60ffbf9efe0286216c43d0a65f82eae86af66b36127

              SHA512

              e5b4ed8df62488e7bb9ccb77f1daac251f65cd3251257ab94094df1316fa50a96901b32e7e76e47a4616d763ae54d7134f5d29f030ee7d2399bbe728498fedd4

              Download Submit

            • memory/4084-18-0x0000000003260000-0x00000000032BF000-memory.dmp

              Filesize

              380KB

              Download