Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/10/2024, 22:32

General

  • Target

    7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe

  • Size

    614KB

  • MD5

    7646a52f439e5f5a9bed9eb26b0f27c2

  • SHA1

    14dc02d98f2bc3cfc10f60c810b00a4c35c4eeab

  • SHA256

    90a2b693c05d9aecaa42e3e75ef8028bcc8dd7c55e476fbf8dbdfbe4b3b07030

  • SHA512

    13d8777acfcff520a07f1af6c74b40e2b49e87e49884e765218cfea9063d0d9e8b39854ac6c0f70475164b21dc381b456ae269c4a7194e50b09dd1a4a09ba12f

  • SSDEEP

    6144:hr0SYomWS//JmcZiWE58TR45SYomWS//JmcZiWE58TR4:nYomWS//JmcE2YomWS//JmcE

Malware Config

Signatures

  • Renames multiple (1110) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Drivers directory 7 IoCs
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 64 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Modifies registry class 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops startup file
    • Drops file in System32 directory
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    PID:2392

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

    Filesize

    905B

    MD5

    4f96659ec995be3d93c06fe39c89e3df

    SHA1

    1f7357fc113e519f6547f5e7742583426ee89c81

    SHA256

    882ac9bf649bee58fe58513e5a91fc301c08a988df83baeee56968538848e1fd

    SHA512

    4cd5e53044785973d2ebc54ae49a1e101fa42198cbaba1c9eb7d30e7787b06ccec690f068d598aa0a4a1244d1cb8b036e75534c7764d911212039fbe71d7c3db

  • C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML

    Filesize

    582KB

    MD5

    3d092a28bb781e04a18725245ccf70cf

    SHA1

    720b8f2bb75159adef44dd037f6affd1e6e30529

    SHA256

    f4f98667ccd177161dd61d2a8f86e670e335ab0a7cdc101df4df23903bbd1780

    SHA512

    af3e890029e751a874ba7425bd22aa4193544c431e2c91b3a8bde61bf09cbb2f6b382609621b58ccf8fdcab0da6a567ad4540c5938d5cb21df1980de42370a41

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

    Filesize

    2KB

    MD5

    6b0a643f7a962c8b87a025b991afd1d9

    SHA1

    5fec7e23ed218bfe59d2595d2dea485baebfa188

    SHA256

    e219d9ed12fed8a2d1a4f06fdfbde68ad1ba8d1affd83cacf73c78885f986482

    SHA512

    8b3f753788a7e85b0d63b6a7d7cf0f1900ca68de12b8466bc25fc5565addcccda22e66c442fe9ef3d04c105bcd0a819247bb16c7b0506cdc762fc43ed2a64626

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

    Filesize

    6KB

    MD5

    6e785c3e3feddf613aad94a571eb70c1

    SHA1

    aae74e752fc9211cc69b42040718f0adb237013d

    SHA256

    707287a675a38a306b811870549940bf483d952f74edac2dfa5e69edbdd903ac

    SHA512

    1ca744f7222ed18d1f31d9d79ce0ecdd6a0208a2fcf422ac504f41c1793e6294a6a7c2d568bb4b39cd1aa21326ecf27b33b1f9df5e2d3cf98275e656379e2422

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

    Filesize

    3KB

    MD5

    48e0392bbbfbaca4fca83ee2b91b05c0

    SHA1

    b735cc0685daa6821b03ebb64992e15c62310951

    SHA256

    c9405746f7522f7bc375f15a10de569c878132c7f004b5150c709a3d110bd5a6

    SHA512

    154e3b80a05bc1f7c6777f535d75d69950aaebfdb4ba79ab449c58a95fead685b56d859eacd15ffa10be8f29b1221e13c2aaf2e7a0ee600c56eea66ed254ab6d

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

    Filesize

    5KB

    MD5

    972380fdc707fd0ca23b4ed737dd8156

    SHA1

    d019b2639af6987cdf41db1c528e67a7a80b7cdf

    SHA256

    09acf8188f5c9121339dbe1a8386aaa79f18b1c0e0a9ebf93f27c1cdcb03863d

    SHA512

    b9845270c586dccd2aa37ae43a7524985025d4056c93779f9e60254903772387c757b7b303ecba702da29a6e79456c4db3876ea529fdd290bbb9f414c9fc09bc

  • C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml

    Filesize

    247KB

    MD5

    ea24349de7dd6d7c0a61ef2f4fa291f8

    SHA1

    d203d1ce2fd50d46da56a13c8f6a1dbacdfa7253

    SHA256

    d1cbed4dc15b4294158a0e4d91de820287f9945512883edfef4d4ab9a3b711e7

    SHA512

    b3df736e4f940637895657a14c310638d66fb679c9f8eeb2d2664b80be719135af4c1217ebc9b1b32b7147d530b325dc93fb10db9a65d5e3a3cc18cbd978ef5e

  • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\TALK21.COM.XML

    Filesize

    807B

    MD5

    32426febd3c0f282c93b96cbed6d1a7f

    SHA1

    e767b75d6d842d82ac9f78aee9d8d931456b9ec7

    SHA256

    6e9c748b6662d8e46dd5ea14592f81dc09a779402d41e76adcec81d22552b953

    SHA512

    77fb825ac88dc4149e559dbd277a72291548e52979ca0fcaf33935a0178e68e6dbdfaba9c62e1fb2cbb0d9945417a33cce3ebdc2d4bbf9536cc4d03e1507dda4

  • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XML

    Filesize

    806B

    MD5

    312f1301e7579b1d45dc222b55fe9767

    SHA1

    acdc7447d023c7cb15b61c43da2003734781cfd6

    SHA256

    97b57596bbdf18d0c2cfe5f3a2e1b9e817ab67d661cad10f58aa582cc828570f

    SHA512

    d46ae4636b4b0f301cee834f6ba835ba1d1d61f707360f7034ddbb5775a609ff67c9d82ab7cd3f0a78c4be34906b1622fe7caf1b3635580eb73a6803ee8dcbc0

  • C:\Users\Admin\Documents\CompareSwitch.xlsx

    Filesize

    12KB

    MD5

    ce370643d73f9dc1e5252de21ae927f7

    SHA1

    8652b7e97263730cffebdc7c59072a90c7e566e8

    SHA256

    fcb7e66e3f6d6f4122880251aa9afecc20d7034753720ace24a39c7dbc227e07

    SHA512

    a3b1d8c8b696320ce4214b91af1a901deb0a999104ae63dbd823bc4b06bf7178dcaa20a63eaa8576d6fa668f035310ac31d41e68e4e92c2776d926819e913321

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml

    Filesize

    317B

    MD5

    d41600f7da09bfc791dbc77409a22588

    SHA1

    9f89a9acab5ea66d9bfeda64432f146d8e0bc7ce

    SHA256

    dc61d1875ef28521d0f9ae33fd5e6e0c8699f26e556a65832ec3f2364f2d51f6

    SHA512

    7a91a8f9a595537d992fec9210d5b4985ff8d246e86d5a37d9e5511cbf447681c07451911469bd1b8011d47f5eb202004f763311c22f776aa29a7090f78f16a1

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

    Filesize

    21KB

    MD5

    db9f1a58559f143c4a907a344b9ec6e5

    SHA1

    59ada49413804a765de81c073ee279c4e8645dd1

    SHA256

    b866fac08c049d398b54f2e191eee3534169c49bb30894b7b9e8dd8c89ea0055

    SHA512

    0b76a2ca4e469d10616ad1560cf0a240c534c145e423e642c792a5c1599d14afcfb9b5c93f519c7e3911dbe4f5ff792ca3564d64d4d19a39c1e79ac97e966b2d

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

    Filesize

    8KB

    MD5

    b504273d017233f4b151846505f30e50

    SHA1

    dc474e86c5316a4e76e50bc617c55c007a9048ca

    SHA256

    df364d483baba875558703f8cd24952da1c619397b036d216283dfc8f862f3c0

    SHA512

    836d43442622d748e5457a6c9df45828b3c144eda6728f4996c8a257293731ac4f736261037cfd67d58aeda9471c4c3d917a98069ed291c412359acdfe71fa11

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

    Filesize

    1KB

    MD5

    c63e3cb361b7501d24a671130a7b481c

    SHA1

    0aa25458ae39266f4c3dd32fd2f51b9b64bf3f88

    SHA256

    2ac09223e2bfa9abd6d1f975cd3dac383a02710ee8184b084b0c4d57d054d2a0

    SHA512

    28e069714630dee8ce2f34c4cafc980933f6f218c94b8b5724dac0cd5bbce76292821250a43f54152b8e3103f87683ffa5c6fe84cc72df89780ce4fc9547f437

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

    Filesize

    8KB

    MD5

    173276c633dd374114b638ebaa100415

    SHA1

    07b79ecf7aa8f9661dc60d006ce3c60d72cf11a8

    SHA256

    7b546c76bcd4070cfc3279e4f2459b761643f5f64cb663f3004a33dd22e764cf

    SHA512

    ac9a0b1031cdf0dc8cfcfd11618de4dcdb1d1f6dad811cd3bb5a75848245c4a5cefd7ac5aec8715c884f0411a4befc124a28f4fc464d8c51f1964a2138c34792