Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3be8660e10...18.exe

windows7-x64

7

3be8660e10...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    95s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2024, 20:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3be8660e10bad9d4c37f88945c703c73_JaffaCakes118.exe

  • Size

    725KB

  • MD5

    3be8660e10bad9d4c37f88945c703c73

  • SHA1

    a85338062a61ca6e96b6e4e63e1c3377574317ac

  • SHA256

    cee6973b6f208913c084e3fcf8157e5740dd4378638145ad2e56eb64931ae84f

  • SHA512

    2f759dbfdd9b30144ca35f9403d6431099cbb298ae211f4dc3634f5fb8685c7eb9d7558b969d26c0ef76ffed8b9c2ed8b62c494bac18081d7b9db597d14984fd

  • SSDEEP

    12288:h1OgLdaOTo99/rsFEt5hDG0SAMs9jR/jeRJKu9TJdwYGZtyjTje5jOSpJi:h1OYdaOTOBsFEt5hDG0SAMs9jR/jaJn5

Score
7/10
adwarediscoveryspywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 63 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\3be8660e10bad9d4c37f88945c703c73_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3be8660e10bad9d4c37f88945c703c73_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Users\Admin\AppData\Local\Temp\7zSA26A.tmp\izHE.exe
      .\izHE.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops Chrome extension
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      • System policy modification
      PID:4408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zSA26A.tmp\57L.dll
    Filesize

    222KB

    MD5

    e9b27306a18f18b88945cdf066de2fc9

    SHA1

    4d18490fbb336e261301a967047065dd561cc2f2

    SHA256

    a9880b90d24af3786886306aefe5c79ff3cb2fb7b36ee5fb7bf2af85f240d63c

    SHA512

    f255e8bfb13cfa070b31f47b12a4aacf9ab75a6a8191b6b83740d02c3f007b6d5255a5c2c12bc7b599996742973d2faccb5463d96d16c7aba40e34776823c706

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSA26A.tmp\57L.tlb
    Filesize

    2KB

    MD5

    39d776f73d1d3f771aaa8c3561367c3a

    SHA1

    eef842aa02927bd7fbe7d569c5446ef1a2ea065f

    SHA256

    c2156787eeb818e587529572599fa124773c71330fb93e1c79f4cb9141090941

    SHA512

    3174095accbf422730e60f61523dec01a9a4519cb4642a641c5f547d530ad41f5386d383b90f7daf34f1f36635775929e99d7fe0030aa24cee30f4de8376eeb3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSA26A.tmp\6917945249605257792.log
    Filesize

    6KB

    MD5

    2517d60096c5e550c6081347e3473aa6

    SHA1

    972d2e66e675e35dee4d3acca84234d41bd09724

    SHA256

    f92462874a8abc399468b509897ab4c0bd4710904ce20c8195cde665c47071ad

    SHA512

    e9d11245a6b7c5b6c5985fcf330b0d2988a42425aa0f4214ec5f8ca06e24a71efeaf7bbf0aa518a670ee7640473820478d284fa6b72f8e5917e637b750b2d4cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSA26A.tmp\[email protected]\bootstrap.js
    Filesize

    2KB

    MD5

    1b53c596cfb1aa2209446ff64c17dabd

    SHA1

    2542da14728dcdbe1763f1ee39fe9ceae38ad414

    SHA256

    a7dfea4bf7e1d46a8b8e64ccfb2cf35017e3a5b350eead26d6671254d2b3c46f

    SHA512

    be54481675c38ef6a41697cf8cd3ab5a0b126922b192732a9c587dd8905b74b66c79eb0c849f62bbe8934979a894be63734b0ad59ffae295f5797cbfaa327030

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSA26A.tmp\[email protected]\chrome.manifest
    Filesize

    100B

    MD5

    6d90952f40201fd8a4950b9addc240ad

    SHA1

    852c8aa3de832e15374f58fb9a3c433fbdd80196

    SHA256

    bb9e436166816aee119231bf25a7feab9cb0971ca8acc62f357861c950a7991b

    SHA512

    e0fa39d90c6fbdb124fc355bf403e178b6a10aa568bb8528b3dcf9c41c223989003e39c1f7ff09d276d89a2a0a7fb2fc42885d94c81a421205b44cece6b27bb1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSA26A.tmp\[email protected]\content\bg.js
    Filesize

    9KB

    MD5

    27a15f456bc72b1452af52decf703649

    SHA1

    3e7ef7b1d4f4b3c18987e5249c857ec7828b89bf

    SHA256

    4588604b4b8404ff4ea22e933e84beb5c5aff9c021c5f36ca03228a1c8eeecba

    SHA512

    89cc4d6459f8f52b1cccaf688a61323702b9b096846e33a36bc09f5b24eac83f603da4e1b03917ebb6a5a018956d29734b6f132cdbad914d6860e46e1c365917

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSA26A.tmp\[email protected]\install.rdf
    Filesize

    603B

    MD5

    45cdf146adb68837bac46a2c7d3c9264

    SHA1

    d25eedd547b486d9710781318f28c60ed7342146

    SHA256

    f994bfff386bfb12570efbf12c2fa110ca7a7753fc6f967e55f921dc77572398

    SHA512

    f23f09380f100d37c645f9679d836070e5a0154c76ebd287540c00dbb28e7dc55c36a34dffc4ba7512396d4bf72f9810e603e604b33a6db7edde900318ae4ed1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSA26A.tmp\ddfhfnndcifbfgfggdnfmmldiigeojfp\TanY.js
    Filesize

    5KB

    MD5

    8fd6c6f3bd1b0ee262472e04dbbcac05

    SHA1

    6c6a5d50a405caed0f68a552e48c20ae9896d650

    SHA256

    09fe9dddc1a1c801b4f189d6604e01e935419bd02e1ef26267a0480fd77f3cb6

    SHA512

    36e2cc96679a853f6bafa1fe1921acd5f96c9ed02e6ae6977315eb6cdb0cf5c858452125fdc0dc940c79c634eb59201482c94289b88db8701b9fcba53260e1a8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSA26A.tmp\ddfhfnndcifbfgfggdnfmmldiigeojfp\background.html
    Filesize

    141B

    MD5

    f3e2df70b76d9242028486cfe7be97b9

    SHA1

    6c3fef6c90a2758f725bd39a424cc0052173283e

    SHA256

    b32ea5d7f4abe1400eea061d1885499f2dcdee941bda5008bfb6dedffc0a2d03

    SHA512

    3733c4196e07665c5aaddd138ae25056d1d65b548bcf815fbbdbf8eb34a00ef453a6f791e593d087c8290444390580ac4e902366ce2de6611a5d9cc56988255d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSA26A.tmp\ddfhfnndcifbfgfggdnfmmldiigeojfp\content.js
    Filesize

    197B

    MD5

    5f9891607f65f433b0690bae7088b2c1

    SHA1

    b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

    SHA256

    fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

    SHA512

    76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSA26A.tmp\ddfhfnndcifbfgfggdnfmmldiigeojfp\lsdb.js
    Filesize

    559B

    MD5

    209b7ae0b6d8c3f9687c979d03b08089

    SHA1

    6449f8bff917115eef4e7488fae61942a869200f

    SHA256

    e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

    SHA512

    1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSA26A.tmp\ddfhfnndcifbfgfggdnfmmldiigeojfp\manifest.json
    Filesize

    505B

    MD5

    87d77fb7b9b24ca9abdad2971d0dcf1e

    SHA1

    438e428c53a4555b43d99c3f7871358c968704cf

    SHA256

    cb58b4e523cf5dfa72520cf88050560a8fbeebeb20cc04354444b8d7d8f60026

    SHA512

    14124c5072efac2f58f180967226e1ed103b0ac453b80ce30e191f84ee7c780e9115882219c8442b24213de61e5c2d509c9128f3f815768424af013df5c01467

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSA26A.tmp\ddfhfnndcifbfgfggdnfmmldiigeojfp\sqlite.js
    Filesize

    1KB

    MD5

    8d88492a5f6bfeb4b662b6488020bde1

    SHA1

    0c418df66b73ae0284f6942c1e744367341227c2

    SHA256

    80c43c7539bb81da9b8e681422d853129319e0799f7a0f771e41057ac6d4772e

    SHA512

    ae677407b17026d4b34238349a869677bb36992ea9d340dbbb294ff54176cad53ed3b6a5d9d7377e16fe6eb79944f5c2c9284de634f106d5d05b82bd4d09cf86

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSA26A.tmp\izHE.dat
    Filesize

    7KB

    MD5

    cd55619352fd4aad0b5e249775b9aef2

    SHA1

    c2fc1bfb2c054aa10679d00f71c20af48ca84764

    SHA256

    58726988db4234a402e0dc7dbab16924543c576c97ca3caedfe749e1ada3a3ca

    SHA512

    53111b7d06b61904851e46aafad33974c07667a82b097a2fc3891bc4b720c8e00715812cf7a7bf1fb6969188940b278e34469949a692da150d336287f6e4187b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSA26A.tmp\izHE.exe
    Filesize

    334KB

    MD5

    8300c91b40229b42301aebc6d8859907

    SHA1

    0b55e56a6add6b4dd4ceff475a0018a203d02a5a

    SHA256

    f54a6814ac06c70ef5b738eca4855e49039783d96b70ba1ae461bd90877e53b5

    SHA512

    0863750da143e1707513f4a2efe1ad6cf81f5a819c7d5496d1629745afffcf72338aa9de90479d5e0936e848f9b260c434fd369027c56be175814086cafd4d8f

    Download Submit