Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
17/10/2024, 20:28
General
-
Target
5393e79edec3a216b7e23c1fed0f5978_JaffaCakes118.dll
-
Size
771KB
-
MD5
5393e79edec3a216b7e23c1fed0f5978
-
SHA1
0c2ca2d15a0010af7d81815c87843e9dd640ed11
-
SHA256
b6288fa8614c5de1d9f2015d9c24fa703a10d341732702cb8a531ba8e305e736
-
SHA512
3a15df6970b02b783dd7d20040807a5508f95ba477261bba774db8eb6a144a4b1f0e0a89603ed00e6a3a01711d2b21996c7d5eb592a2ee6f520d947aca934790
-
SSDEEP
24576:tKNHa5t8Z67wIGkNC5JdkMzd29Npbg2isXlFZT2:+2OURh85Jj29Npk2tlFZT2
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Installs/modifies Browser Helper Object 2 TTPs 2 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Maps connected drives based on registry 3 TTPs 3 IoCs
Disk information is often read in order to detect sandboxing environments.
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 27 IoCs
-
Modifies registry class 5 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\5393e79edec3a216b7e23c1fed0f5978_JaffaCakes118.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\5393e79edec3a216b7e23c1fed0f5978_JaffaCakes118.dll2⤵
- Adds Run key to start application
- Installs/modifies Browser Helper Object
- Maps connected drives based on registry
- System Location Discovery: System Language Discovery
- Modifies registry class
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5345f454dae1410c0b68c55c99637bd48
SHA14af02f952726ff8b7858d4d76052cb7909ffbdbd
SHA25663c461f155b4ee95005808429f2fb827e746e591054f6fbc53c1e4f606668fae
SHA51261d274a3283c68a8b6892f75300be3485bdc9eb9bea5404e1ff9a4f5747792e41bdf86b11f7817545773ca35bbd3ab8dc7163206bc11e91dae255777d676f0b6
-
Filesize
342B
MD5f6649f10999951ecd515d6792403556a
SHA14a6a2b6bdb62e73b3b77421aa4df7094070fb697
SHA256b398e4d4f987d32e7ad27d3d2061c3eb7607243d946f735ee31c5b098da773d2
SHA5122937754706927aaab81b90439f629de954b92e5ecd32743e9208864ecb5e447d70562fcf52145e8ff2dfddc1832f364d9e2c8fad07824a6a9a131ef50faefc1a
-
Filesize
342B
MD54ff72eae3bf509bd9669f821debada2e
SHA1db4ccf908f1d37dae858acae83f0f81bb43e73af
SHA2567cc09f4a491eb572171d64ed36a5d328dcc7438ee7770778a864616e87f6d640
SHA51298dd20e4f6e39cad56014d62487f6f7edcd330a2d42110d8653e47b5a05e708f434332569746fd84785620301e497f3506ecad2581f9bf2a0be90d65f5e94339
-
Filesize
342B
MD53f8ff6c4e2defce22440223c1b9d091b
SHA11bbfb69cff83547511d920eca4d20ffca325dbb6
SHA256ea8c953935ac1888175c6950d3f9ad310593bf47d864a3ebf02878363138beb7
SHA5127758509c8f57fd33bc8894dd18cd7847cd47b199ba0eb39b985b5c6d0c8f23323aa40da43509ccf0569f149dec42cc20b2f8287541d397475480ab8d1b7140c8
-
Filesize
342B
MD55d028c9c6bc2e3cbc80455896ee63da8
SHA1a923395377cca7233e29aa83910347c0c52177e8
SHA256fd85e412924605f5ab7d616c69b187d66547d72c96cf53b8488878f99700ea0b
SHA51246ad536cebdf113c29340ea1a5cb6d3ca289d2fc2f9bd660fda84d279261142ba68aa22b3bd0d94eab6eaa68556a55059de33dec3cd335fbec2372c2e30ffdea
-
Filesize
342B
MD56232dae083f6799e63a12c93ab0f2cef
SHA18869b7c711d8ae95f12162805b37163a5d99120c
SHA256b4a5b44d02d4feafcbf87fa7ff23ea42ad2a55ade0376dc4da14e5a390c27dd9
SHA5125ee408538ac20545a3531dbaf574ef8bd3d8ddb38d8b565bdc0b8381acaf22df3f18b6be98d407ef97bc8e37f024a3a35622ce3b73c2e9407b850cacffed77e2
-
Filesize
342B
MD52a0d09dd2e5dddad8ef4f17ff8002237
SHA1f2c83c6661577dd70917a9a346f602c3faff3c0e
SHA25691946475eafb10cdec39eaea605e7ceeb4dd4f6bfc82a7e9abd84991ca43e13a
SHA512769586ff7137443a468facfe0eb48728a0d6332ae21c980213e0c9b2cea642240202e525bc60dc702efab29f85a98df68ed3debaefc2996e1cee467cfece76ef
-
Filesize
342B
MD5952e0127ce571568f0c2e2c4f87df67a
SHA1d3225b921b439b2daff063c48ede614dc4901814
SHA2567e19c508afe50cf7dc9ab77b199b1a1f9c0afef249b4ea80d7b1c13b27499ce4
SHA512e608f59ec9002ec5c04837ecb81dada006e217044f5cb6841950ce05a9a9cdbdebea1cad4fe96f4d9935f910a734795ec0aa5e3fe3a0dec22b944a3f6dcac74d
-
Filesize
342B
MD50d297f80bd64a1f3efa262c32588210a
SHA12c4382c40855cb04a380626c1f05a67aeb82456c
SHA25655acf5c9c1badbf8878be556b157d5ee81f43fd6aca6d811c4fd96d5da3aa233
SHA512070c650394320bf81012363dd1d4bf9705871ebae678671d1c6e6b7496a7d069e5a2c9804d7e28f26e27d504ef67a5bfad1886d154561656cafc203259553bf2
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
8KB