Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
17/10/2024, 23:21
Static task
static1
Behavioral task
behavioral1
Sample
5434dfc57702167094fe2a5757b1606e_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5434dfc57702167094fe2a5757b1606e_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
5434dfc57702167094fe2a5757b1606e_JaffaCakes118.html
-
Size
85KB
-
MD5
5434dfc57702167094fe2a5757b1606e
-
SHA1
bd75bda99fb84b152500dbbaf58ed81a1fad22c1
-
SHA256
a6f47a88c87615607620100a4b182f830ad1182d4da70e06fb7e2ce2cdd14e2a
-
SHA512
62cbd3f94b460b44f0932f29589956909e8bd88579650199678de29e28da55df3446777754d928efc177ba9ea176ce6ed888778d9353f981bb700507c9291d4f
-
SSDEEP
1536:/+ipVn1BUNqvLKvr7R/bnVKWCUQSo0mjiMpbqqvmznhKv++nPLB1VN:/BvLKvr7RpCiyuznhKv++nTB1H
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8C1AFCF1-8CDE-11EF-BFBC-7694D31B45CA} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435369161" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2824 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2824 iexplore.exe 2824 iexplore.exe 2740 IEXPLORE.EXE 2740 IEXPLORE.EXE 2740 IEXPLORE.EXE 2740 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2824 wrote to memory of 2740 2824 iexplore.exe 30 PID 2824 wrote to memory of 2740 2824 iexplore.exe 30 PID 2824 wrote to memory of 2740 2824 iexplore.exe 30 PID 2824 wrote to memory of 2740 2824 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5434dfc57702167094fe2a5757b1606e_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2824 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2740
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58f156d18363f3883531b9f23f2ce06fb
SHA113363835db1ab456897a52bed24398636094b996
SHA25619a3a9aa470e279415f00e7acca55deca8d5ad1ae1eca63893bbb8d1179e00f0
SHA5121ffb89250e5d8294e43da7f39e29bbd992539eead5475b3afc6fb25451a20d226f1e88078ef5d0c8177595e8f40adf5c0ac7394dd1885def9388e18e34a8c4e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d5e3dfe1728aca11627387571b7d4465
SHA1b3aaa51c41bbe01223fc5fe11d69ac50778f9041
SHA2565980148ec304b5d71c2258bb394bfa16be14687c1515ee310af3424188030e71
SHA51273d2aeda1c574bf0feb89d1c23c968131d321d6342d0ea5f3680b18e306b62680f670b26998e4a1b7a06da760b910c69f38458595938d173fad96e706a65eac4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d72c242d0726001904191378b9e6fde5
SHA1af70aadbf960905a2bed301c8cdbb5e47a7d53bb
SHA256303d078158236e7443eaee67ee81a59e85bd789054cff6b25508c1820d3fc748
SHA512229a335c9322c2cf806594aa97e137211c18a2936f8e2b88ead9835bda8fb0df7bf73c1a0ee800d74014635ceb8a66d97740c54eca81fa3582c4b2a64ac73b72
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52e078f9c597e570705e9c3645f2cc243
SHA150770971fb4b68fc4ba670be09099961555471b9
SHA256185e3334e4398a383442067369a2e9fed91ba5aaece6326402d2b6af58b8add4
SHA512d58ce3e0fcd32f44e88a65a7df4f03983e1ddbb0ea8f57a80e178daa8cc3fbdc58f1632688b4306dc32b94fc6485ce2f06bacdf50f3b230086080730b2758e72
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fb14cd6e9d2040df2bf9bd18369db715
SHA174df5a847de415b2fb31ecfbd38c18467bead755
SHA2567dd7618460f8ee38977a005a26f79e58f761a2ad6df78ecb5b624ec2a60ed9f3
SHA512318c2b623b82128a7a1b86021955b0fb9594a1e6d59b61c4d3ccbd6fd0bffc3526bceed9c81edd505a79361b1d285815caef8462903f318c39fc96ae11fb22a1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51f783ad35ce68db8a4b738c665b1b811
SHA128f7fdce642e40c45177a9f7717bf095bf779f1c
SHA2567d637388afedb78084ee53c96b97d16ed68a0cec1b553d04fdc3543a787c1ebe
SHA512428df36156bc6aa8c9b25504fb9b6a128e225c1260649e7a23be0aebd94ff8c896faccf1a6e3339bc7ee03e1558cc6d57b843bd16eb1e3219237656c0e1990c2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5570137c2b94243dc89a23bb8b9502875
SHA1039a7db5e5262ff85fc9fdd874cc307ca87f7e13
SHA2565cda003d369fee9d11d3d43a5c8ba7374c12f9699afaab54a200912d473d2c33
SHA512a6f49e8f24a8fc76206dba96e9d513389e9b7b743dff36c13c0613af0785dbd0dc405242a44c7524f2abf4e64fa4cb66acb469ab7c650db142fe91cada3676eb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5be55649eb8fcfb32da5f9b3f3dfd4006
SHA1c2fcc2802b0215e84e73af577ab1783912120d6f
SHA256eb09698e873faff0fd1ec0ad5a27b7941e5b3a1d5de194ce596b56ceca7e0af1
SHA512830498f07555b9a0bc49ec48a1cca0e976bd7a5289464373a44f37fb0968c6bdf9a8634af8bc4fa0cdf1f8ee8adc9b80867031223ab175179a8fed82b00a98bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54781a38eebad8f434746b53866f293df
SHA14a3afe0848542c302fdd2606ad0a52c2c83854b6
SHA256e22b77e2f7918f885d95d36d305104a7cf7bfbfc31519d756e59cd56ba1ec89f
SHA512d5b100f86213e3bb138078bf8e1d07576f3b446afac670eb51718aa1019a603721b4510a7ed00adb7c1eebc655954dcf7ba7283b88b5d484a2176a9e0e386c49
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b