Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

431d52eecf...18.exe

windows7-x64

8

431d52eecf...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14/10/2024, 16:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    431d52eecffee9238010f5479a45da01_JaffaCakes118.exe

  • Size

    1.7MB

  • MD5

    431d52eecffee9238010f5479a45da01

  • SHA1

    5fd9ed8d94df62381dd76077fade0f201490387b

  • SHA256

    dd7cbd59edd300dae05075e96dadc574728ce900bda00ce0131ab7bff4117a38

  • SHA512

    09a9d4a8886d135a320132d090115e48f5060bac53210e4f327102ba6564c45e92f5aacb976fc685b67e2c76249b639f5dece3076d9e8d58de5e1264a5eecda3

  • SSDEEP

    49152:/I0Dszc4WyPoBJFEswLXDnZh/klmMoXLuejK:/hszGJF76T//klA79jK

Score
8/10
bootkitdiscoverypersistence

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\431d52eecffee9238010f5479a45da01_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\431d52eecffee9238010f5479a45da01_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2056
    • C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe" http://www.sf9.com
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2160
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 1000
      2⤵
      • Program crash
      PID:2648
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2696
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.sf9.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2708
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2708 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e4b48699d8750277c1b49388bb7f4882

    SHA1

    57fe36fa978346722e4a61de4b647a348ebf7877

    SHA256

    57754ed8fdd9514a7263bf3d75c77ec3cc7cfc2b9807c693c5bf09bb7bac68e2

    SHA512

    74309e6193042dffbd19c44d5866c59a877f4757798dd29116d111e8989f126c108dbcabc981aa3f0d07d991e0e7a61d5cc5c90c7baa33e9e337a32fb937097d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2e4704295e44eeb33d5f2b76ec6a1b3

    SHA1

    a5cf23a77d048a0c91652b83856756dfb54c1102

    SHA256

    29a90111f4e15715548c2fa1c05d1e96e911aa719509e01798c74a4b00ddf5c3

    SHA512

    371b64584fe68c390b4e44d0b75202c671c0a2eadc767c15fb948f48dd8f486c3a23124de548230d32944baac228149cddbda5f46b0168c68875be097f454042

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    899cef02438604f90edec1ac261e4f16

    SHA1

    a3ae20d9570ea7a48c30d7c83be49ca41ca81357

    SHA256

    5afe84c875f945ef1d9bfa359f1fb25f6f3aa58bb102e8400eeb94cccef4cb31

    SHA512

    b597db297e9ae6614e808c428ea6ef5728f0a221fe36c095da59242614232760cfb00197be21602d99da0487ddcf42fbcd0c64c888b374b6cffcc5cb214ea5be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    adbae1d0fa92c49b31dbe3705047529b

    SHA1

    3af7f5440715c0268c8b7400e44618a1352956c3

    SHA256

    54ea24df7cd3e393d35e5600ab7741f4116c12dd5e433744bc4c06447d23108e

    SHA512

    d0ac1f1b5df8a64c1acd55bd260503a933d14dcd6ddb5d8cd728322e65c6c8f1e1048b9466765be5af34c0099e4a79e143d986f43ee8cb80e8ae9c2b2dd8eb78

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b9f4e3e514428c62f243ec904c3363da

    SHA1

    cfc88b790240b33accd3ec739fbdbe919a2d3208

    SHA256

    fe8f325692640bed04c77e95a9ac222ee4d7855d9c6abc1acdfcf4679172abc9

    SHA512

    c8cf82b2984f204cea8c54c09afea89cbc57ac2cfc3f9bcfefc55191a3147d752a1a9370360b43d7ceb3b018a78e49d7dde57c784e80bc78c11d13fc15f0d983

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9e7ee7e12e35175e48a923a8e6f3ee99

    SHA1

    096bbcb4dbd0b9e1ca23e5575ce7523645bc20f2

    SHA256

    c36a8edb6eca2f36c6ccd761d672823d881aeee0547f6b8bb07baf4ee33be43d

    SHA512

    ee67e045fc03c36d750e56439ea0b050097d72c2018ea03f9d569b106ff3c61c412cd1a535984fcb767365fa58bedafb7a52cf7f6f3e5d9738f66c8db922a14f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ed5cd8dc0c2c027361859ed9fc8c05f

    SHA1

    14d22fc0260d3e0152542708a51b5ee29c1e4728

    SHA256

    e4ede8464d03872b35ddb3b6f91bd17736e681e42ddc579e25ceafe2cb140548

    SHA512

    06f4a76fb2cebee040c2e218067baed0ff78331c388710ba98a77e6bc9a0c633cce62a45c2a7e965707807998027b348bf732ddc6b97930bbf28c3f7d9886ab5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bfdef29cb57072cdaa95c7616bc99564

    SHA1

    740733fd525782d6754b2bbf10a407f99368497b

    SHA256

    db9fcffd7271b752ce5e88c62335ffd96e2decdf074cf2a69f24a18b9746e1fb

    SHA512

    0bba3b681971c1b3e3920d86812d55041cfc8b627d864cad5d3d3e3410711ed9c27334b9091ba7da9db375fedbed6f0a83876f8a5bced16de1b7d14529014bbb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9a4d80a24cf9a019f488206cf56818ab

    SHA1

    29ba4425b57a9a89d453eb3fc38902ff4e5e0aef

    SHA256

    dbf604fd4544667153179bce98d54204ab640fcc47347addcc3eb029d4dc44b2

    SHA512

    01ec80299054528abf0bfcad0f5c7454d1f2ac2ebaf46384a0eb7016d4c6746b7c478697c24f7b445904d76e80a491f06191c61f215a1cae6870fee333533a58

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cf25caea7f7dbb6e0d410425211776b5

    SHA1

    ae54e3bb5a7ec2b0490bc566da95d570ec824420

    SHA256

    29ab49d2d9452b04ec048457611afbdd883680f2c1fb811fea4ff00ecc801dc1

    SHA512

    7559a4c133ff5fad07f478962840c42d77d93cb120d0195d26097939228f4736bf0f6a347b6e983f5b20921b3522554c19757aa4bb38593292229496d1ae9e7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec2f22c0d73fa34e2cfdcb2845225421

    SHA1

    597b4116ef934bc0a6c086489dba3d296ac689ef

    SHA256

    25e6879afab039b830b1ed033d26e0d8cc9389ea53b3e06906f96ab7ae788ca0

    SHA512

    30a86e463d88bbe0cdba4078998298f60baf99eabbbe41a05167a5feabfc997e222abf52cfeed4499526468d791adad3c53f7a5528c3b3ab39b8ae8d42ce370e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aee1a60120c7d057e0947031985e2854

    SHA1

    2cc287bea05b5fa5f4aa3ec91b4b7006baede303

    SHA256

    5ce45275725a6b7f2985d59adfa096209e02392f73919da2b891b533a50d26ba

    SHA512

    49d0416dd1dcafaf8b6ddbf2c821c9d4890f41cf32cb8714f424d7d08cfe088904e40c98948b76c560bf9c62a78e1fcf01ff9bbcc5bf39944bb7a283f260f62d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a1d694e2eb550090019da8fba9d3eb16

    SHA1

    ffafca02c3d415a55ac9b1550ae9c0398d7df494

    SHA256

    4ca5db0dee1b2319bd9b4dc6ee869890ef8cc496d6330099d1a88361b422929f

    SHA512

    6928ed80678cc16a45c3b51a49735427fb592fad873ef69701a8d7802f926da3ee39443e1bf0dec35c788c8b8c7629f36cb8d6450b3b9a91983d24a6fc69fe2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ab50738f34752bc82465f52497b787ad

    SHA1

    82fdc54a258c39cc7ff7f835f26e213a1ce0cd1e

    SHA256

    284b3e7a11bcd2c6b14ee0949b09005a0a1e6a19411c440fb581a8b60eccd88f

    SHA512

    fd3facbdf5fac59978b14143b3ec6bbf1c5e1d9ef172620caecbd2c87c8cd59f1c78d68f2fd6df5443fb986fbfadb6c69dea31b910c4ebc16520aba50ffd9911

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ddfb833c5d5f63c12b6142fc3b7d704c

    SHA1

    859980371a0b799aa34c21d2565ab005813f6c9f

    SHA256

    d1dc8acfb24a86a8bc6c737d4b468a33c92e37b138fd3c69cd3380c33f09334b

    SHA512

    0b36198dc97888cb88b27d3183e92d42de5809857518ec85316b034ea95a96be186e31e08a2090493b2324e1199e73a4be84591d09084c61a3bedc42b0a2abd3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    283d247a611ae4fed4cdab61b8cc4d38

    SHA1

    0d502bb6d5090a01a31790dccfa8944dca5e6c3e

    SHA256

    dfff2f7a03f286f23eae825db68f9eb230874f154c6a601f78348134b40fcf8b

    SHA512

    dfade9b91c6a1040e296a74a901e997c3ec5cb0445257d8099cf2c51c1828ccaa9d2c6f9799e041d811d86ef99e9bae8cc1c17f98824d54a6f1d0b841e36965d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36f18e23cbd2eec92425d95807b0ec73

    SHA1

    dbbfe833737a197ae43fc9ad4b859eb5a919625e

    SHA256

    8d08f39b72454cbb1d6a8dd6b1a9bf9250023733c56e7de9ea55ac9e391a4432

    SHA512

    e37b1c4b1ee697a068e6b05610c71b5fa9ca39e5a33ba282c35e6f12e154b4d006bbe412280fa41f0b81de031ff0c1c174fdd3225d35377cccbb20dee4fc50db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47157e7d540d60422e447793745c463f

    SHA1

    bed8a7ee42860ab1c471e220e6a102d62071e842

    SHA256

    8396f32de9ab7075fe7c413f20f529e03ed8a26709cf25674a0907ea4c0c892f

    SHA512

    c27fce7bb845c9b3832f5ab5bdf9ec91e348566b196395352f5b47249ef4f2270e703d779c0f16a62526638eaf0752c849079b81267a382fbf42e5b7a542cec2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    103b7eb762895b21d9929a7fbc815a84

    SHA1

    88381be3a2d467c05950f5c376e670f81cbd909f

    SHA256

    f79f0a0325f6f3b3adbaf9925806a48a847b1b92703a74330fbd50734ae9e602

    SHA512

    26bc0acf846cf797e5f6bc72a8b61136b2ae834a9b0aaa439dc199aec24e88d3ad703cbe599401b58e781a7e7c6ac6582981293aad3da0ba8e219ae150eb6d24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    592f72a197ea453f3a13128adc7a3c68

    SHA1

    698cf59b43596cf44518c483bd6136d7ee8526a7

    SHA256

    b60f19228f88e7d55918eeda268d571a8564d2c42b978669eace2f253bf70ef9

    SHA512

    593404f0d898307f5bc7eefec03e84ed294ad07ae20a433273c5e6062315523bc19fa566be79a459403d283b63740a92c070b4d779f042234bc137b26872d1a8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCATT3E5\favicon[1].ico
    Filesize

    7B

    MD5

    62d768651a9beb566cca8d8394560c66

    SHA1

    f59e55ef6da594d1a847199e38d859665ec57b79

    SHA256

    607684b502032efea9b8215ac46d6c41545efcf4938ac90fa377946e0c522ccb

    SHA512

    24f78ba65e7f89c11b98a6bb195a5a3b67d22263058c079fd97a676702f2e1df23786563b1bb54c583521342c9f4aaae1de76bc6327d6ea394edf9ce944a769c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC9F6.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCA57.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2056-443-0x0000000000400000-0x0000000000823000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/2056-1-0x0000000000400000-0x0000000000823000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/2056-0-0x0000000000400000-0x0000000000823000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/2056-334-0x0000000000400000-0x0000000000823000-memory.dmp

    Filesize

    4.1MB

    Download