Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

5

3b2c590481...18.exe

windows7-x64

8

3b2c590481...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    133s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2024, 17:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b2c5904810da630b166fe6f679e1372_JaffaCakes118.exe

  • Size

    250KB

  • MD5

    3b2c5904810da630b166fe6f679e1372

  • SHA1

    94b32ff5e01237445eb41a124ec320174e74e2d0

  • SHA256

    761e443e58d9b36b2ad1025953ff4301f4f663ebf6757f4df4b5168ba8fc5689

  • SHA512

    13f57993ae53c7a85ff46e947cb7ddb9097f1f09a690efe78cd0b505b48c4db29e48341293d219c6b53a55691ef0cca0f9b94b2b1d35a30c5f71a687f8d9a4fd

  • SSDEEP

    6144:WhieuJDr5T8b2ufqBLjSB/MS7irtIa6cwoD8ZroSfjGFA:TeKrJJuf86AYcwoaoSbr

Score
8/10
discoveryexecutionpersistenceupx

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Deletes itself 1 IoCs
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 2 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 26 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of FindShellTrayWindow 45 IoCs
  • Suspicious use of SendNotifyMessage 21 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b2c5904810da630b166fe6f679e1372_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3b2c5904810da630b166fe6f679e1372_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2316
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files\WinRAR\winrar.jse"
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2332
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.com/?g8
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2812
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2812 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2576
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ping -n 4 127.1>nul &del /q "C:\Users\Admin\AppData\Local\Temp\3b2c5904810da630b166fe6f679e1372_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      • Suspicious use of WriteProcessMemory
      PID:2684
      • C:\Windows\SysWOW64\PING.EXE
        ping -n 4 127.1
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:2620
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\WinRAR\winrar.jse
    Filesize

    11KB

    MD5

    9208c38b58c7c7114f3149591580b980

    SHA1

    8154bdee622a386894636b7db046744724c3fc2b

    SHA256

    cb1b908e509020904b05dc6e4ec17d877d394eb60f6ec0d993ceba5839913a0c

    SHA512

    a421c6afa6d25185ec52a8218bddf84537407fd2f6cabe38c1be814d97920cfff693a48b4f48eb30c98437cbbb8ad30ccd28c3b4b7c24379ef36ac361ddfdbf1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    29e1d475e75c290caaec7c5b9e6cbed9

    SHA1

    e1390a9d4d20b2d655b1c01e6ffd5f1006362600

    SHA256

    5db9a7dbd27ef80912a9c0edcad010be0c0252cba061c631228fb6caad2d2ade

    SHA512

    de44b2e6757a3fc0b5f864a094ab6a6c18dfcc395bf45e4a508e9d3f66fcfd00aedbd6ee5a53dbe22e8b151df8982e91a6b0e912984532f32ef17db06cf573a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7b6b0c195fd8208f27212ed0ab9fc4be

    SHA1

    908f8e791bb00bd6253434274b6080e67c094e17

    SHA256

    342f47e544f55a17215cfec91969a63942ddddd659b3d004d891be05cdc50413

    SHA512

    09825201706b2249ce86673113ffe248164b16b48c7fcf81ea2d9bb3ef899f6d4246ba116e74a70214e4210a2e89809fbcba817ae45d24237869428bea0c4413

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ed7588dfc3c9468fa597d2c940b1886a

    SHA1

    8fd4cec8f74ea155f40cb1fb1c21c6ef696e541d

    SHA256

    c0e074793b350b107a59454374970253fd3d0139c18c153278ebea99967b1f2a

    SHA512

    9d60b912e71c1e05286c525155c253a41255c2950e995e38359d15e6292e5109b74270e93e49d644619468979a526d8d4aab4a8fedf58597b68995e6ddcc2148

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ba004e114da532915fd2dd58c93d306e

    SHA1

    e1d3f0ec8dd5d4f614c46fc3a51294f966e1032d

    SHA256

    1296271618c87d8fb50eee31e28a73d5b26fc3bd402c97af227dd7c5ffb7ac19

    SHA512

    a5d7e00a4d086172f4ed627d6f933540a07f2fc704bd414966386f6c529f15fb2c7660ec61919739ac0ead9d4ff976cd1ad8fd2d30371f143395c1b325b2bc35

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a4d969fe45b136a24fb292d494685508

    SHA1

    ab64c08db4b1464600a5a2b548fce8c1180eba7f

    SHA256

    12e68e9fd842f73a2c24020139a49961125c0f402e873c64599ef8c6658cbb56

    SHA512

    f37de7d8f5b61dc5d00504e35ce90a10463bc4258e5a8ac7f961379cdabd4387f7a0e7c9e18fa14d60196d683c883ad4625fd0fac9d1133abc1236c40acc58d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee76bda366c3e44968b5283807b07ad6

    SHA1

    40255e8b89dc16e42a855802dfe59f5ee10cc378

    SHA256

    cbdb14c1abb76018b74160894b1d90a9e653110643b58a8a4b53e8a9916f0213

    SHA512

    a8a2b45230e8cab513c333dd6f89ef12504c6f2a5f4bdb990187efcfc29b3d16e1262c524dc845bec60e4ed0fded688717e584a59495d4aa5c9db88bb74256d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b79ea15c606930d0ef1a7a0be1f8b0c

    SHA1

    39fc034af9debdc33a62c18b319ae838df34af90

    SHA256

    268784c439c96cac88babc04aad6f42616552df0efc089d6b6b7b381aa49906e

    SHA512

    198d0a00b1a972e824eebece37e5eb8ed1b315ebdd00975e58c749bdef6f824150c1fe41f6b4e6ec2fc1157a3e9fe8676a4fed198407b0fea51a6256da4d6868

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45a7a865b572989244b71bdefd7f764b

    SHA1

    7ba8abb334fc8e1ea8b665d7bac1598b224ab2ff

    SHA256

    f5f15c85f69f7b78cb495359af9430e8e4a8c3189fc2be9bb799a989ad45a7ab

    SHA512

    d91809abc3fc05e02c035d8301ed310965a76d8614e488c5cce2fdbf06445982df4964d27ea0477ad89aae4d069ae7cf82d0b4eff72e8c78962360e1b68e7a66

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    950c364b55ca75a6a70535215071bad0

    SHA1

    36e2f2fce0ff3a8d5647cd1f3fd250bc647a21e7

    SHA256

    a69cd01069fb19f70704e7b696b33a0e41d0d9ac34760c5cff12d7080e0a6c96

    SHA512

    02865fb5260b385e09d6f7427629936b92050ae9162be7afa044a3dfb80fb5131aa2094da5f96962195ff5c6e721a0b1f259eb8f375d87ecfeb8db495e9ebb56

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    55fcaa7d70571498723699c06523c322

    SHA1

    e31dc8977fc4be6f49df5f8ebeec1ee0b6cd9239

    SHA256

    64c426470d65bd9df426c7a8c2894e1e87f93adc0ec337b8b7827a9b1d813e4e

    SHA512

    62e38ed4d6005d42609e0d3a2195dcb9d3c23ed7d26ad8c5f49a179cdd7bd63c6a452fbb13ba5d9c23f7310be8972ed132d5c4f5ff79de8a81b840be46170a86

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a33883c081dd992c5364ff887c3d258b

    SHA1

    5938fb42f43e4cc1612d95ea638d9b22fd26b643

    SHA256

    c4f5a5a13f69eb0b6e82085dfacc8b44f32c411f5e1c8598f2ab62e8e1e8e056

    SHA512

    47449d74ee7d84aa726aa382a17f61935ed03e756bbccbebf25e3b52534b2f5d74369a4a83aadfe291d48fb4b3fef27da64e5b8384a0d461badf6c63f56eb463

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    096daf1a5445a27e812fd9c49828bcb2

    SHA1

    59a3439f1d544366ff035a13a4afb713cf2af9a7

    SHA256

    cb52cbf3970d971b5a9623c5b0c437e6dd52d860e732ad90cf2742f0c74d3841

    SHA512

    6ced6492d2a110dfee7d59d419655a01d79c64f8e21561fceb1587ff2eb013e6120464e5666b079ea1a1fbe63269298ba621e2fa99a0cf4d82a4256ae77f5157

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    66801d8ce03f5bc0ff70fe8326c5cc0d

    SHA1

    9b64f379ba44ef43ea8f4d67259868340b6551bd

    SHA256

    2f886ba18f788ca2262e4f6bd4b01d03b372a9122d2cfdefdc359f6266f3666d

    SHA512

    7ff037b6baaa288992bea4007a5dc1df9f5c6933af8dafc004a0374d9e920f9a2a7fd567c4c85759a43f308ee42c49ff9b58114fee408428e91c713d4a4e7ebe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d807919151d446df880358f6d85f36b7

    SHA1

    aa57ba11f286d14e998605c6ebb4fae0f475a74c

    SHA256

    c67f6b07cac6bffd000b31ec71cbeaa395aedddf35f4c6257300406a30b76366

    SHA512

    febacc51bf1b3b68ffdda37205107b19fdaf18dff91e269ef54f7b9ecb825f8749632b57828f9cf7c701d16754926f9086b93acc91cae69c49e40d8fa3cd4ce1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e21811e16f4d2c3cdaa1f7a3e41d2c32

    SHA1

    b1e1e1af14c43ab5f3891c8031e7f12664324f0c

    SHA256

    0480a93e8b4b15e14e58aadf983b064233aa4b6378414dc9c8b26f15bf679c18

    SHA512

    6401d40c9ef137bdd703348ccde06aa9a54651550824a6b2d949db1381c099f9397355aea5271eef53e76436f224f4030b38b24f89bd094d9cab4439f633eee2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b2d8ef4d29a9eb25b3ee4b3518b5eac

    SHA1

    4468bdb6de78e15410df674ae030aa6a5702cf17

    SHA256

    40063f4f1abb6d07ad13ecde5c66f4f591ee15590275fcc2fabe59b967945b30

    SHA512

    274bd975a622ee9841a84ce2af5348a3dba938575151e68ad911c802fe53e6f40b03b2e8bf50a80b54f7f8ec1e82cd7e602a028efceeb190f7f092844b6bf181

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5feab1d3417218ed63d045747a001088

    SHA1

    1c87374a41c961f80a3233ecdd47d0d5187ec76c

    SHA256

    452ae252bed906cab2481affb2cf2d1083dbabc8175f58f01b9ceea81c5ca46f

    SHA512

    c99e34a8d64b25e8001a7cd7b72fd25a9702f556b6dbd5b3d4eab1c3916162626977d86f0d1072651b109720104389a5b912b78e00fa7eedf865f371efb44b9f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e8f346faacb5f43cda686d20576ac3bf

    SHA1

    5791b13e2967b295370c3b571768542a4d89549a

    SHA256

    ad860fd617e8a39474c81183dda4ce4afb6b5174430c5ca59b8cda62c9507ad5

    SHA512

    fd249c7bea92c9aff6780a2a78ff583d1ca24ee7c21a6ee42facaaf03a49b1bf32826240d462e8a66d0813ca3f1a16cf2f74d05cd65e5accac18a99b06f0cec7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f5d366a7b0b9324eeb0c6a20d9344dc

    SHA1

    6bfd4f49ed65949e090fee1f9b8f905353f284ab

    SHA256

    1568adcf84bbd116cb55208513b951fa13363f195331a07ea8f3283546615c6c

    SHA512

    1fc10816445fcac6480e6e9eacd1476627ee8182f647f5301e82ba9876bb7edeaa278bf05430361ac962d086037a9944f664bb0133a6d6994d9526c9d6433db6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF5C6.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF5D9.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.mmc
    Filesize

    149B

    MD5

    b0ad7e59754e8d953129437b08846b5f

    SHA1

    9ed0ae9bc497b3aa65aed2130d068c4c1c70d87a

    SHA256

    cf80455e97e3fede569ea275fa701c0f185eeba64f695286647afe56d29e2c37

    SHA512

    53e6ce64ad4e9f5696de92a32f65d06dbd459fd12256481706d7e6d677a14c15238e5351f97d2eb7bfb129a0d39f2603c4d14305a86821ed56e9face0bc252b6

    Download Submit

  • memory/2316-0-0x0000000000400000-0x00000000004B1000-memory.dmp

    Filesize

    708KB

    Download

  • memory/2316-36-0x0000000000400000-0x00000000004B1000-memory.dmp

    Filesize

    708KB

    Download