Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
12/10/2024, 02:26
Static task
static1
Behavioral task
behavioral1
Sample
380377eac56f274d9ff0f733615cc3f4_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
380377eac56f274d9ff0f733615cc3f4_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
380377eac56f274d9ff0f733615cc3f4_JaffaCakes118.html
-
Size
11KB
-
MD5
380377eac56f274d9ff0f733615cc3f4
-
SHA1
780b6833f60bb06ae71c10daa265e89e65d75e00
-
SHA256
9d8a8d6d474940dae9855638fa9c172b17f2e6c7964f2adb4618804e8bf4748b
-
SHA512
82de33091e0c940c305550d5cc9989393c57e6af2339d4105aa20275fd91c88b3596220a660457a34fd490db7927b1ed018db3148ce58db819cf0f9dbe34a9d1
-
SSDEEP
192:2VmlIsr03G78k/w1wvqyzB9Ung/C7Yj01pgOXuBuLbdU8d:smlIcuGt/gczB9Ung/C7Yj0pgOXguLZ
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{753CDEF1-8841-11EF-A094-FE6EB537C9A6} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434861886" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 580 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 580 iexplore.exe 580 iexplore.exe 1904 IEXPLORE.EXE 1904 IEXPLORE.EXE 1904 IEXPLORE.EXE 1904 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 580 wrote to memory of 1904 580 iexplore.exe 31 PID 580 wrote to memory of 1904 580 iexplore.exe 31 PID 580 wrote to memory of 1904 580 iexplore.exe 31 PID 580 wrote to memory of 1904 580 iexplore.exe 31
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\380377eac56f274d9ff0f733615cc3f4_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:580 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:580 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1904
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD587081c9ee72899816e625a096c37a77f
SHA1aa4c6ddc29d86d53acf5e44c7fc401e67f9aa1ec
SHA256fdfdf198863eac6c73d7ba871a06a46299b766123794a37ad045a60490d0cb20
SHA5129ec9b5f510f3b2c9165cc21aecf8f083d5b3531a66c212bb1a29e90533e05f607ae2d1539262f50d0d4d57e0db069951c244638542df814d5994301424695925
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e92570343d36f5c1d961215537cf3a40
SHA1fad92d674f2ca87a9d4a1d4b976b09cee1317c6b
SHA256b80895614a878b265ba7d4cc7d0b7619c7ebc77bd05e9110f81722e2e9839749
SHA5120caa1b34d6038d1075b4a5e051ddb83032debf3329087cbc9483de15daca43d60d5659bc153c16d759435fa64ce255e6a732a53f0daf7f15086d0e01aea26a79
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a2d10b66e34ca9df2f0ee4cd8c6ab177
SHA13c0521020c2df077d80ba3036afa2c8fd955c8cb
SHA2564dcfeced243a4917ae60497fa10de5e4e9f9650d62c0964b32fd58b060abee07
SHA512248c86c9a95331650c854881b7c9ecaf7a0c31fc2156786bc08a56e1e9f5c7f12dffeab94eae321e2442b01d7120284a584c69a4b5a08c4a654a3bbc290b01e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b49441d70cc1ce1b00fa936f8e2db808
SHA11906833733fa0c6381651fdb64eecbcae77959f6
SHA256edcd4741e2aadd2c2e3407052b88ebc8ec55fa3a6c6d662158f1b57639830606
SHA512d77e22d4a34c124ad3dfe02acaae2c4c6df5c0aeb177c7c6c7d6d74920e198db3f7f676208338e7850cea9c1439c4b8ae18a0eb9a4abf9f16fc5882ce4fd4d9a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5619e494951200869aedcb47c0a674d56
SHA1e0f5805ccd0ae742734d3d8a56f9e1fdbd53ab9b
SHA256750180158946eeda4d6d317ffee05a040111e0a9c816711e6d68e6218d5de0ee
SHA5121edc74ba8d88f1d3ef1309c549f78600543f3c18d6d0bcfd10d1d4b659367f4fdf039a60257a3ae16508a1fb44885c05e205ea292ab02aade560d0b7e3f06793
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5088b70c221c3944ec924e72e3de6a238
SHA1bc9457775f88adb9807559ae72e12e46d9a0c0e0
SHA256b9a9656e8bff208f98fcc7d07841d87c55239fba8a23e440253ff4643a600eba
SHA512f507e46d99c71708d01c800cb6cc4c492dc9dffc7ed394f5ad79cff0d57469184888a6490357b8c9ef651a8e5d3bb61a72cdd5fb8487b2e80e1653ff91d710ae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a2b177fd0376ebe32e8c419aacbe20e3
SHA13342a33568db4af53f64a701a5d07468f6ba949b
SHA256b944e0bed5b842c898d41d2335ba58943e4f5b21dc38faa921d22d5fc3ab3e42
SHA512ab94e53fe9eda12c405822727a411b5c1fd20740e935ab3c9d260a102f72fe339a8c4f6074929d2d6e9be9ea590ff8fcf2ef756e759a11d109c0c960deeff597
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f0620c3c903bd87ef0bae62a9ee46e44
SHA11686ca1eaf232080b213d13eac751e1a4ab32f28
SHA25665ee9b1f752b2e517e3c728749285bdfe8c886d9430ec03e24d8ced296dbd2cf
SHA5123c6a84e4cfca9fa5420f9525dc018b35156e8c8f6c428b476a2e5ec3fe6b1f7b8d883a2a95bc0665107a853d9527b82011a0a9168c8dd359e90e79a6fc2c4af8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a4efeca6f9682a2d93db1848052df2d3
SHA1137708eb6b2bc76bed79fe26586963cb2d4d5ca9
SHA256ea2085e5cf227ec888cbd82c03f32e887c72172a29d3e3ddb80ce2e92eee2413
SHA512691b0cd44b2cc28611b82a00029ddb164892dbce907bb8bf049673865417e15015811065ad388c8d7576c81d3be82509effa9e6d6884e1c7843fefc7f67b6814
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b