Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

53896b7ef1...18.exe

windows7-x64

7

53896b7ef1...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17/10/2024, 20:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    53896b7ef1b80096985dde2a452ac4c1_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    53896b7ef1b80096985dde2a452ac4c1

  • SHA1

    37b2f4c6b2cf02acfb2555a5ffa6ce4da87583db

  • SHA256

    776025157d92f2cc4836a910cc23beaa810c8371e9db287be43f48504b8649ce

  • SHA512

    b0dd3cb6ef9ad53b260ceaa808e3f678a9a466446769377c98c81d4a893dd16c6c4a7137257d00518b5e4ce4ae1c1159fe6453ee24119ae556cc633de85ccaa6

  • SSDEEP

    24576:frJKUK/juqkncxnfS//2oYP+ENxuIW/Rjl/lVlP64htKQtsVELVDiicYQRebMyHz:f1Kb/juqgcxfSE+HIuRjl/lVlP64htKB

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\53896b7ef1b80096985dde2a452ac4c1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\53896b7ef1b80096985dde2a452ac4c1_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:276
    • C:\Users\Admin\AppData\Local\Temp\crpF893.exe
      /S /notray
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2348
    • C:\Users\Admin\AppData\Roaming\B1Toolbar\hpet.exe
      -home -home2 -hie -hff -hgc -spff -et -channel 162341
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies Internet Explorer start page
      • Suspicious behavior: EnumeratesProcesses
      PID:2448
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.4shared.com/video/QgKai-jV/_online.html?ref=downloadhelpererror
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2564
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2564 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2552

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7189ee31136a79e1cbc646c4ecc46bec

    SHA1

    e3847b06edc2d9460857e7734419fc7597d74364

    SHA256

    25db802ccd7dbb620050391ac20998badebe1bed5043cdcff574457a140858e3

    SHA512

    ca6208213a417bbc656695f094bb150d8c5ea2984896a6aa1088bb0b95fea8cd1d6a500f8fb27e3c374cbe17f288a49fbf9fb86b79452c17dac68d58100d2ace

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a0b6980a917a0e3c72a7349f24c7ae6f

    SHA1

    9d17609046bbeed19e210dac4f1bca55c344affd

    SHA256

    7a38d2d074b42ebfe22fa14c8581e5d2bd3f840b587cfa205fc4cb6a758087b7

    SHA512

    3dbb8a71f070fe190d26be97c616cee1174d97aceb64731cb05cdff5c74860d8f7b49adfeedbf0c4a676e0d4f80dafbb022360986446c132b6ed014675d0fb51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0417da41eaaac99a53408811b312c2ec

    SHA1

    bdb1f5385453addde4e92868bdc9153bf62d9a0e

    SHA256

    b089a6feca6a943f2589b13865b08077b671422419584243e2b9dcb3c4bd6581

    SHA512

    c8b87d5e0fa6a0021517a37b4522f557f72ac5113a9f513b0fde75bfbce8abdbccf04af24f7b57c682546ea0df1e8d727d5f0e586418079df2ef5981179d2d6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    812eaf79a6c66e30980e450476f9bca1

    SHA1

    32669ab296bde8d709cfa1b1cc2630887d4c8fa6

    SHA256

    ca33428b4824af0e72d8e5f0f824d78356cc1630e2cdf4f1f6164f793fccb846

    SHA512

    864182fe4a98a301dc1007273f17f83f9c3a1e08b9645254be20bacbeedab7de42500b398f7013459b0174688138e122986b6dd7eacef5be743087a97c7cf35d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    74aff334612f39e675a49688efdb37a4

    SHA1

    660d93d7372ce5fe34138be6f5ee6f19ce1d753b

    SHA256

    47e2fe5efe6f52ad7d5d280b04a49505d0b63308ef821ac5ffbfb84cbe4c9ab4

    SHA512

    12c439d04f1c00f4058c86e9598cf933060cb58e4c19bf8e8d8c2b8f6d45acc83c8bec7e651678684b18845540f17ea0f042fa03baa24335b83b5231c678a42e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9c4cbe612ba68201ac9daf90fc857b19

    SHA1

    ec91120e1a12bd5cb9790f061f9ac2d8934c6f82

    SHA256

    307d67347a0ab8efaed3c77d2354bf91bd1a6217318186b00d9459803f81fc04

    SHA512

    14acae8d3a4e4ea16018bd8b6363c954f209b56585a5ab19999e5486c02c307f592eef22958f82a796ef8a5c12f65f291222fa399c09bc5461fe9e084a48edf5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f4cae84366f6a00bc3e21dad38964896

    SHA1

    4b499641490eec71d5f8d2da8efd38cdd57d9452

    SHA256

    71faa38660213bff9d24b668b01ff60acd2d7900eb491c846f19d8e8b67597cb

    SHA512

    7a9df95cf8525f81bc48d4b8e04fdfce990d8a1b244cf8affd83b005064ff20eca12ef00fe983842222b0da7b90503a06c81a13c17ae09f60a91f7225015403a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9b899196b8da8ab69ed4319e59e1c98

    SHA1

    cde178a5cb71182a72ea754bbf849bd5c4943818

    SHA256

    50785ebc0ee7099a9cae8c009fb0f0c975535b0a3db3f273b94b90a9ab3823a6

    SHA512

    cb8ba327bc12ba060cfbd12168c4e4fce94142d12bc9b853b3ac4c67c42989b109f55545d786f964203c0ff7a98d9c4638e02884df0bbc7330c497557e6f68d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2db4168759c4edfffc1cb8a1bb44bdd5

    SHA1

    8fe6df1a1f0e1b45f6d8446188759eea971f99c0

    SHA256

    5038aa8442835703aadeb19b652cd4cd7ac56fbc1696ef02c664b993d6d010fc

    SHA512

    f564c6dac3ddd6f4b541533dea9fb37560a77f233d5a19f4ed85433240ca169d499cdb65d63f5f34a23c17758fdd845840460837531dda07dd84eb530a0f6388

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    07ceb04d8f68a6aabe5ad3b65f41ac32

    SHA1

    b75d99d219f74ca2e3d72b21ba5f317e5824d0e8

    SHA256

    b7468841a02207689b8c4041caa9198ae0f776880bb313df694c0609d33242b5

    SHA512

    2903d6f22b87a232f3203df3c5078b0eea8a1c3807b109da008996277f9be13273128338f5f872c3c91a4467c5aa2f5726d0e8f7626effc3f90ae3295b5337c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f20b648ec6577476304fbb055d6d5ec9

    SHA1

    32b38a47ac7ea62687fc9889b8a9838f2eb00df4

    SHA256

    612d4a2420ccb06fc5b2724675f26b080fc137889b6c9b69882c449d6ec8fe11

    SHA512

    745b1b8bea97c2e0c3131406946760e219d9eb6d735fe896b95d31079a1912d2124d82871cac5f9e55e3970a118d8269ad470044953960d844e22d3ef7ed91b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e99e1a52d19cf488bc46343297799bbd

    SHA1

    be52b5b410ed5a906e84fef2464b9f6af699f783

    SHA256

    d4dcd0d225e458564ec90027b080cfea9a7f3d6e481f87071e9b2d60c25aee4b

    SHA512

    fc2bad516c9551b47d11cafaede074cd7ffed92cab3caf00c56310ee66cfa8127ec605a6df219614383d6038b0e38649e1ee1360f635532e742aed76776ef2e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cff59e87f20cd29d0d0a9d4a759c9c57

    SHA1

    378010a397685227d6afaa96f515136ab05eae3d

    SHA256

    807e4c1bf482ea6eff48a368409fd74fa9515ad2aa7f6a5c15771fb284d9c857

    SHA512

    82b2f75d43192505968c414ab77e049d1ed850e5b0c25431b19f54f503136f894d1324f6b4eff8f12bed377414018c9940e918d9b85c1ea0edcd340beda83f94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    62cace946bcfba37b60e15f1d85e8d38

    SHA1

    549f3cbdb84c675268fd513d497f0b9daf1e5f14

    SHA256

    e27013bfa727ec26e7a113e0126ea67b7ae26580a970cfb332c107089f11fd46

    SHA512

    86fa3016a2a8f188fd64b89e7dfabc0e0e9dcc8fed01495b969a61d9c7ca97faadfa5a44d2f42d7bdd272558a508b68929c44ec29e924312731b635703c33c7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9fde3bb577ef0bd3d2a28d7fbe3cb28d

    SHA1

    ddc99fc55d87e454f1decdac25c9a2c9d67f91c7

    SHA256

    43060c67b359684d5c8e455a3436066c94a9f6d45dc91f3f35c157a0ac263e94

    SHA512

    bf9ab6ba39ca6d1ed9a4776d8396f0b47e8d20d91f0e45d6898892bb07d71f65261a1ec521be19c971b27e482449cdf3c4eaab04772976b0134d9fe024764044

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab21D6.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2275.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3NLYNHZ9.txt
    Filesize

    71B

    MD5

    7cda8ff061ec28a9816414c0d3cf598f

    SHA1

    35bc04936a8e137adb27c3fee71f63f0af7ce911

    SHA256

    79d1caae2d378cc5d4a54aee6b4846593f6d12527ca7d1c199dd3b6e94911696

    SHA512

    bd7c95dbe02ae9ad6ebfe020c187a4dd1bc71e2a0e6d436bd06d7eedfa3cc1c1a95a5c4a384decb9ccdd80e9b58880a3a1f9d916a2b323ba2caf0057027e0ab7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\crpF893.exe
    Filesize

    806KB

    MD5

    661cf9c90eb099fb7b6a394dd8cde2e4

    SHA1

    3704e119ea16a3c336f63dc808176a22fbb8582a

    SHA256

    1570e0efe0cb98623913d942cf40f2eb5b10458f49842097125c6d6d8604cd07

    SHA512

    13c26a514c2022a10b42566a527ef98adaaa9932ffd07612ccdeb371888c037be3b429c956ecb7705699a2b6e3463758735332c9e26ea5f4493a91f30dfb4761

    Download Submit

  • \Users\Admin\AppData\Roaming\B1Toolbar\hpet.exe
    Filesize

    331KB

    MD5

    a3e93460c26e27a69594dc44eb58e678

    SHA1

    a615a8a12aa4e01c2197f4f0d78605a75979a048

    SHA256

    3a81cefbc928fe136056257b8b57733164f2d1fa9d944dc02897b31b171335c6

    SHA512

    39d17b7190f3ff5b3bc3170c8e21d7bba5c32c0f55bd372af2e848ff1ef1392083218a562f3361fdc2db95e4133a19c4ec1cab3e982174d76b8276358dac6530

    Download Submit