Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

36bdf5c803...18.exe

windows7-x64

7

36bdf5c803...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2024, 20:51 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36bdf5c8030f81df15f32906ee1fcfba_JaffaCakes118.exe

  • Size

    1.0MB

  • MD5

    36bdf5c8030f81df15f32906ee1fcfba

  • SHA1

    931a9bfc69f1bdd4d7d0067cd4434e2c120efe92

  • SHA256

    6782f0ffbdacfddbf436b42f83166f116b63918b969b1234ff6addea70e2e547

  • SHA512

    ba4adcee38624c39cee7a7ed89cf6c6e2c575d4323a9d117c8f963d6e69d7653f4f10f3d3107f7aaf82165b083a6cca5602d562f59fcf8b0ee2dd84f1c461d01

  • SSDEEP

    24576:PLihXVMRGJ+wsfDNsmIAoatBFGdZmI06CaY3fNe8b:PL0XVMGEzfi7A8cbaY3fQu

Score
7/10
adwarediscoveryspywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\36bdf5c8030f81df15f32906ee1fcfba_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\36bdf5c8030f81df15f32906ee1fcfba_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Users\Admin\AppData\Local\Temp\00294823\4QfpWemimL.exe
      "C:\Users\Admin\AppData\Local\Temp/00294823/4QfpWemimL.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops Chrome extension
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      • System policy modification
      PID:1992

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\00294823\4QfpWemimL.dat
    Filesize

    3KB

    MD5

    0cc3effe6fa82f70333e85129c800bb4

    SHA1

    2e29b7fbfbf7129f254a531423802f09a9d428a6

    SHA256

    67be0a43b786cdd6e450e17e138e2f6e03cd14aeced95dc31e002fc170a05020

    SHA512

    3d84a8d6f8275eeffa205ded7df16de296ef42c28bc34c1824e8c7eed0639251cf6e4c4db9324a66c0417f29ff1ee7333d00d9e9ae80beda1901b923be3933ef

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\egjdhcoamgmligmkflaiadjkfhpbkahm\0PFZ5mLr83.js
    Filesize

    5KB

    MD5

    1fcc288fd5f7410748a01ed6eb4e3369

    SHA1

    4a3ddf5574865cf7720f74b79e41daa33145b065

    SHA256

    32e09072f4eb3d2328d172af85a61cb0563c694b2ce1cccce2ec8da5c6642e6e

    SHA512

    cfb89736fcff231ae18eab51e01d1dbb63ce2d733768c3b884044f897a1ea9925c4fc5a6eb6d96089075b9b00159657f88be74dd0f585d6e76917f195de054bc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\egjdhcoamgmligmkflaiadjkfhpbkahm\background.html
    Filesize

    147B

    MD5

    e666248da5eb661b7da64ea4d794040f

    SHA1

    dae9a1b7e29a2c9c2059d8fe7122ada60ab0e063

    SHA256

    1b97a1da7e5f14f68ed99027f142dbd32fecc3a7b5586dcc63247edd174f7cb4

    SHA512

    69778b6454701ce2f43669b2cee43b18e11f5e0eda7704aaba4a3402525afecad455ba13399e42c75fa3c2723121c8ca15bf3e55ffb81d7f9a1590a7901c3e84

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\egjdhcoamgmligmkflaiadjkfhpbkahm\content.js
    Filesize

    197B

    MD5

    5f9891607f65f433b0690bae7088b2c1

    SHA1

    b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

    SHA256

    fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

    SHA512

    76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\egjdhcoamgmligmkflaiadjkfhpbkahm\lsdb.js
    Filesize

    559B

    MD5

    209b7ae0b6d8c3f9687c979d03b08089

    SHA1

    6449f8bff917115eef4e7488fae61942a869200f

    SHA256

    e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

    SHA512

    1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\egjdhcoamgmligmkflaiadjkfhpbkahm\manifest.json
    Filesize

    511B

    MD5

    703dc23967a03fb35c542ea029ac9599

    SHA1

    19c1c1ee4f40011b6132d748ffbd00f7ee63e851

    SHA256

    d3e26173b218596c3e5f6791083227d13d80ac8efb12925b8b5e5704bb39bf2a

    SHA512

    c5119d638e2080085e377275840d33f03b226ae87d203e83e67e60e02ad369140b37c2c36c1bb727efd48766fa80dee2f616fcd9b2392379450fb86fdfe963ff

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\egjdhcoamgmligmkflaiadjkfhpbkahm\sqlite.js
    Filesize

    1KB

    MD5

    674739391dacc032f29950fc372ee136

    SHA1

    009180f5d34e95651f1096faf2279fa431700e23

    SHA256

    2f1628c573a6fd0e795c166b11f251266d0ba887faa570abc45c0c954e144e0f

    SHA512

    ef25eb8e7e0d582cc213321e2f5cba46b1ddb3ce8c7f11919ac402c5caac2eb003194d8d3ec162b0bdcd5dfbe113d912755bcfce70c723466265cb26892b2516

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\jxlxyau@mrvwui.edu\bootstrap.js
    Filesize

    2KB

    MD5

    1b53c596cfb1aa2209446ff64c17dabd

    SHA1

    2542da14728dcdbe1763f1ee39fe9ceae38ad414

    SHA256

    a7dfea4bf7e1d46a8b8e64ccfb2cf35017e3a5b350eead26d6671254d2b3c46f

    SHA512

    be54481675c38ef6a41697cf8cd3ab5a0b126922b192732a9c587dd8905b74b66c79eb0c849f62bbe8934979a894be63734b0ad59ffae295f5797cbfaa327030

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\jxlxyau@mrvwui.edu\chrome.manifest
    Filesize

    112B

    MD5

    e8ad713daa3d074c65b638105c6ba5fe

    SHA1

    2ac6404661d7dd2440944ef89eb37304eacb20b4

    SHA256

    05fba68a27c71e2f686e2bb56ba1069af31ba74ee72e6a7785fd86e0579902dc

    SHA512

    42ecf9d9c9fddcb3d34858079245ca0c30dca2c0bbd378a1e4a7a4d4ccfb2f855ffb036f17651cdc874928ee3738f4ca29fdf360ce7d7d1b64a31a24c8f9eb45

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\jxlxyau@mrvwui.edu\content\bg.js
    Filesize

    9KB

    MD5

    ec6de93b0c7aedefc2eb0338d2941869

    SHA1

    6b1d7e20f02996f11a4748d8506ec8b9e010fbdd

    SHA256

    a28c9712a9d374ba326a5f452018ece1d395988e3b27fe183d8c096df4983e84

    SHA512

    c6793c213f313f7bf6149d026e78d312ea75840993a304b12353f4aadc5ade284d11eedeb58c0c4a79df7840981972f92affea4e6e65d12117a8d9e09526e8bc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\jxlxyau@mrvwui.edu\install.rdf
    Filesize

    612B

    MD5

    f3a925c8f233b77ada3f7d49f3f8847c

    SHA1

    7e0df7b5ebf9b82896396c1cfb4da5e8922c755a

    SHA256

    cde9fe31b75c3e8bc86b2875275693d2f9e0a16c7d3186423461650f98ece307

    SHA512

    6c823dffa1c94e112b36b05d9b07c6d077920c49c3475d5411ccf658e5bcc305f2b15faf74cdcdad58aa802a7fbcf702b7e3d6fb4b7b886c286f52d9ba807c9a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\ntcPdra5d.dll
    Filesize

    258KB

    MD5

    e1d10cccd5dde588af8ee2cb7309523c

    SHA1

    0b9e805077320b0ce1e6620488bd34f1c4d7827e

    SHA256

    9900e517bfd4b39bd7af4bb360af52f6c95ef9b3e7ef36d2633485c58bef9a1a

    SHA512

    a929eaae12f5cb28e224fc31298af2808f995c5a06bc6f47d95879703dbb9369e2e35b4e50a452e91741e6a949336220348dbb3c389c46ea2e0ca41f592dcaa0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\ntcPdra5d.tlb
    Filesize

    2KB

    MD5

    9156db5f76d48049dbc41fd1b58b3f34

    SHA1

    5eb1df59f9b5b06ab00137fc9e6451e323d3102c

    SHA256

    66fab808188a98ba49d99b723a181aa6626197d50bd2d5e15e076dcbc6fbb2cc

    SHA512

    742a77e71c34632146e16acadb6b381694072c7f4c2dea1df1dfc645ed42673ba153c832d167474dc41f9b608142a8c41b4aecda1efdab90d87d4f5c718bf149

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\ntcPdra5d.x64.dll
    Filesize

    319KB

    MD5

    4f5c722b8686afbea6f09c53171d44ca

    SHA1

    184c60aafbb12d1023b1ce2aff4d3708607a75a1

    SHA256

    870c280ea861313edda0bd3950dc738ea68d006f315888d66023b54e5f98f0ea

    SHA512

    e471a86079a16d129ea0c01878af77d1aa132e629832d3f0f3d1f8a3dd250ed41c8d2f37403a10c8061fff07c07dda926ba7ffcc417c6e0100005a0f2721417a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\00294823\4QfpWemimL.exe
    Filesize

    334KB

    MD5

    8300c91b40229b42301aebc6d8859907

    SHA1

    0b55e56a6add6b4dd4ceff475a0018a203d02a5a

    SHA256

    f54a6814ac06c70ef5b738eca4855e49039783d96b70ba1ae461bd90877e53b5

    SHA512

    0863750da143e1707513f4a2efe1ad6cf81f5a819c7d5496d1629745afffcf72338aa9de90479d5e0936e848f9b260c434fd369027c56be175814086cafd4d8f

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.