Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
13/10/2024, 16:42
Static task
static1
Behavioral task
behavioral1
Sample
40f29313aae5774572d9fdfb156285f9_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
40f29313aae5774572d9fdfb156285f9_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
40f29313aae5774572d9fdfb156285f9_JaffaCakes118.html
-
Size
23KB
-
MD5
40f29313aae5774572d9fdfb156285f9
-
SHA1
2eaaee11dabcc9ee3169d8a7241d567e2133b411
-
SHA256
6de11922e163b777a2a5378a2b3c251f3b7923d83d04b0aa6719e7c18889e684
-
SHA512
992a6aad5f966087442cfc770db3f9570a773bd26a45058dfc9990e60b156d31e88c9bbee22dbc2cdf90718141bb2cb8b0cfb616818a80cc6a047016483cbdd6
-
SSDEEP
384:C1lIcetD41vGTHJ7DeKUbGn6Z8ja/gRamzguLZ:wd8j4gQ6xLZ
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{13577FF1-8982-11EF-AD58-7ED3796B1EC0} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434999610" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2148 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2148 iexplore.exe 2148 iexplore.exe 2816 IEXPLORE.EXE 2816 IEXPLORE.EXE 2816 IEXPLORE.EXE 2816 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2148 wrote to memory of 2816 2148 iexplore.exe 31 PID 2148 wrote to memory of 2816 2148 iexplore.exe 31 PID 2148 wrote to memory of 2816 2148 iexplore.exe 31 PID 2148 wrote to memory of 2816 2148 iexplore.exe 31
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\40f29313aae5774572d9fdfb156285f9_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2148 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2816
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD502e23359e2f0acff4fb7f3d745c4dc7b
SHA10688a0c3d26cc94f6e678ee8a2defc4b912a8b36
SHA256597ec4f768e166698a3643d75413f6d41cc97d8a0191b1250704b6894c36b64d
SHA5124e662649b221a945fd1a70166faecdc958489844f85ad32cd9e456decfc92ffa06e49d3de3d78bbc8a24a3fb8fca87eaf7714cc2cf8c8d8c034d3d977e70cf31
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e3458b6657c8ff2cb0fecfc2db30f5d8
SHA1565411b714fcee557195a847b1a081638e28ba23
SHA256b676105a75becb4b3dda1f5b7539b2b1ef222c8fb38eb6cfc5b582712b8c2513
SHA512866046e62c4bc10b53e827f67301fdedee5a447874252eae6ffbfe66d8242279c75cf18fdc81badce9c127efa6fd46e80a0fd6ce145cb2077295a9e164f7ce8b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e87975f0ba88e207e462edf8d8253261
SHA1acdab31cf67e38f0195c8790cd93aaaa8a87ce7a
SHA2568c9196f8639117e688c8b37460eeeec63c19ae0da788070a6357c56e290db706
SHA512c7d7c6b0ad748f736184092e76cc2b0fbfd5217a6490d98b180efc87a8c68adf6bf195cefa4f78f514ccf031f82e865e6bab38a77ad8661d4e73c95d16b0e8c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c072888fb28af857d41578bc67cec2f4
SHA13a1c968ad35ff36a1536a58af0ac13dcef418cd8
SHA256033f233e7aa291f0f885c9cc41b52d936a816750bd0f6296e916485433741c28
SHA512c1ef20dee8f4083db00836c589d2ae8b972aec173a39236fe97f480814d9c00e7d8ad78a22e1d41e41baf8beacdd4ff586276fd48fa67cc10db918aba71e0ead
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b0a43d0de249ea981b4eb9a46b8b98a2
SHA13e1ec05c0b49f4c70654623ba4bdc36b5b03de73
SHA2561179032a1b19c138cad804266a24cea4b1a0f6cf4aa3b782807bd54cc4007c63
SHA5122a78638bf2b5509343ee62601adb653a6d744767f49b474e47edf0cde6e3baa8fdba4fe49fe7d340b3faca14d7c8a71e8f75bb3efe1b88f075220ebe26e000a4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53fe145873dab81bb83b6855ea63dde25
SHA1647d0bfd2c0b394893f83364fb37c87ee28bca3a
SHA2566ecd6c7ba19e8b0f4414c4ee1726f393fd57f9313cf4a0da5b5245c8c90ad8dd
SHA512ce5cb151d4a70f98451ab7c317812fc8dd79885e511756b3cf5e579705173747260b508ea7d8ef2db1be00a9c6b02b13d84eda5278053e2949f0653a293f94b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54f7648e13550411e9f6d84cc633df3af
SHA1b57d8f1ce6a3ea08066b8e2ac52a2a38980603ed
SHA2561a73436e229c5b7636a41c40c540015ee6a0e54afe6824c3893aed9803cfc9bc
SHA512cd17c7af648fd7f2433293bd813b25f645270b6860620a8deb84d244c5d877f97ec04d09e1cfee1c96b17e200bb7c952e857725b3bd391aa967ea231a07873e8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ad3caa85bb6d1d27b97d26451da13b45
SHA125eda65ab514916ef2fea12013f96bd12c31d52d
SHA256ea5983e2192cb04a4f45f238d1c4381bd4584e0f8d01c82e81b32ae15037e600
SHA51230d55f7a7b58ef0b4a791264a448a14f3c31f926cab261bfdb5d37e583abc4b3639c3cf080e89e27a3fd350d5798cd0eb9648ba38ded0d4b02b2efcbfd6bf212
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55e2cb8576e79958fc9cc9b01b845d710
SHA1810388bded29be04581c8e015ce9e2860d1913c9
SHA2567ff0c08d55d040a62993a61b92b04d79c2d6133f12a2d4201d7812492a73d6f2
SHA5124548223aa06d7c4d5f6243b77bbe95f256eca8846339e312960e1046efa3c961c61932c81258889dcd87e844bfb8949e7a5de3b522732a42f2923b862618be46
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b