Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

55890b1d13...18.exe

windows7-x64

7

55890b1d13...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18/10/2024, 04:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    55890b1d134154075271bd0b860cd2d8_JaffaCakes118.exe

  • Size

    42KB

  • MD5

    55890b1d134154075271bd0b860cd2d8

  • SHA1

    f50629248347c42c43dab378cc9963950da140d0

  • SHA256

    02e235ccc12f14cfbffbe3abd8c79b2f53634cd6ebc39dda4c39e9b9b28bf604

  • SHA512

    46a78634272127b9a8556fb6eb584141ab56b65ffd486d4566a6ac5eae84d77eaea77ab480c125d2a7c48a7d1006894c95f978e96dfecf649c996ce40e510fba

  • SSDEEP

    768:MUBkQmoq5/DkgLTGLqWJ1W/SYEoTjerNDp4rZOawQfRZw7nwWXtRn:FGNQgLyw/SxoOZtIAabZAwW9Rn

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55890b1d134154075271bd0b860cd2d8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\55890b1d134154075271bd0b860cd2d8_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1152
    • C:\Windows\winlogon.exe
      "C:\Windows\winlogon.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:2784
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2712
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:209933 /prefetch:2
      2⤵
        PID:444

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      119968bf94da51befc8a5275fe19c669

      SHA1

      dce4dad062f023865434e2ed892a79fbb66fd05e

      SHA256

      fd9a140d83f9e52f097b99ba6667822818efae37539c6dc2601f582c200a45d3

      SHA512

      f9978fd4134afa5a8fb87230092829fdb8c1c2c8fc33f5ded68c3f498bddf347c65ff69e841b19e9162eb53a61b038c54524fc8b68217dbe1e529559d68f1383

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c3ec1438ef75f58da7a47598335e7b6f

      SHA1

      ababb9a8aeb524638873c4fc513895f52e4c0d39

      SHA256

      362b5314b916c643b561706fc0d37bd00d755e5aa687bbd49528c6d044eb9fa1

      SHA512

      cbc07e0db153f78ace1fac2f5ba5526237e3b8565118d853f856f764ed7fafdb014422e77d25dc9047128dfe8f31661ad01164f021bb0a589e92603d7da47759

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d436c572605bcc5a03c7fc7bc4531c44

      SHA1

      de1f36c1b40b1540423eb19facdbb6aca1f6f095

      SHA256

      f04cee52ffba18a38b4296fd82081967305f88a572b79d955d8df4bdad4ea062

      SHA512

      38d2a51af2c30963401db60eb398422e9856980817b19b5648e296f8ac0cd01177c6c1da92001bd0c0b0fc4fbad0cce31d1ae759db43cbb1fdef3a25eae62d22

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a8c67ffcb234ec025885bc3ac6684d30

      SHA1

      e5b5ced202c21d7025445400b1baf6b24aa5cc6a

      SHA256

      e82ee9f196f2896d923243b0854be9c6cb82a906be6ecab29ec0f83225106b7a

      SHA512

      23f5c973ae4cf9e3ec775b8fa277b3b4ac0a0859b728631880327ab61bb58df912a097cc3dbb42c029eb2be89dc5dcb7b67c8cb502fd86c0bc126efedb378944

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      92830692874d1d8f503d5fcda5113ad6

      SHA1

      ce2f799cb9e12097382d8ad7c0c462f3a5b15e6e

      SHA256

      c2c71bbe1bb895ed56f9be6df22e8222e8e8f53d5eb64ba8323222c65f3dc801

      SHA512

      ac862528403a7d15b8161a1cce95f1217169c899057571891ec63d4cb76bc3bd64c0954b1e5f4396f49499ecdcc5c932dd84017dafdb10b90618ccca2656fac2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cde73d4c6498a10499d806ea6a54f3a6

      SHA1

      0a4177bc15a729f986c20bee1be68e04fb39e793

      SHA256

      dfdf8c6d6c0a49a4fc181f68ecc880ac62bf55ff50867bc1dfe933b53703c570

      SHA512

      1f68379a1b0bc672e7c589eab045ddf73f464e866d56262ebd9bfbe9d114f5acb85165ccf4ef2d473c2e7dda8a5dd112bdb2814cdd0258c927eec027b1e7aefa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      42594fd80436db7dfc715e8af89c4174

      SHA1

      9274de1b64a198b708db04b1ae3c08729f4c9b91

      SHA256

      9d522e621ef61ee59d142224e643e038ab0bdf1796a6c90c80a9bdf371f23dc6

      SHA512

      a244bd06e8fa5277a35857a17c2cea6abdde284a1fdca24f03f5abd9900510caf1cad441ef9743243407291ca60c0da8715e1101fb55c827c50fec8f7d0e9d7a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5f831714ed70c25c5f32074f9102a1fc

      SHA1

      276fc9ed48d629740fa47494279104ffdfda8c05

      SHA256

      795365d70583e774742a58f6235eaf2ebf62fb18dd42c47cfc8da826e207997c

      SHA512

      cef6b51129ad0b369ae8a48d5c7f385b32f807a670263125c8d12b63ff7196c63d51c7e8343f4c3c35dd44b3cf7d70a0665b0f1ac58063dcdb07014cae2b2baa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      854d1a5c9b6d97d3894853965b7875f9

      SHA1

      d82dc08c575b25eeacef471ceae8a34209277ca9

      SHA256

      1f493992f2a2a4a04bef6bc6331e61e35260d0c36001d89a86722f7c18a4dbb1

      SHA512

      18fa23d75cc5811cac2e8838a39dfa805ef8f8cbb2395ba80e3a817426ea05910bcad07fa50c5ba5416c70869bf16a646f9724b5ad58e65d47631560e383ae51

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab1632.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar1693.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Windows\winlogon.exe
      Filesize

      42KB

      MD5

      55890b1d134154075271bd0b860cd2d8

      SHA1

      f50629248347c42c43dab378cc9963950da140d0

      SHA256

      02e235ccc12f14cfbffbe3abd8c79b2f53634cd6ebc39dda4c39e9b9b28bf604

      SHA512

      46a78634272127b9a8556fb6eb584141ab56b65ffd486d4566a6ac5eae84d77eaea77ab480c125d2a7c48a7d1006894c95f978e96dfecf649c996ce40e510fba

      Download Submit

    • memory/2784-19-0x0000000010000000-0x0000000010018000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2784-9-0x0000000000570000-0x0000000000572000-memory.dmp

      Filesize

      8KB

      Download