Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    143s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/10/2024, 22:32

General

  • Target

    7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe

  • Size

    614KB

  • MD5

    7646a52f439e5f5a9bed9eb26b0f27c2

  • SHA1

    14dc02d98f2bc3cfc10f60c810b00a4c35c4eeab

  • SHA256

    90a2b693c05d9aecaa42e3e75ef8028bcc8dd7c55e476fbf8dbdfbe4b3b07030

  • SHA512

    13d8777acfcff520a07f1af6c74b40e2b49e87e49884e765218cfea9063d0d9e8b39854ac6c0f70475164b21dc381b456ae269c4a7194e50b09dd1a4a09ba12f

  • SSDEEP

    6144:hr0SYomWS//JmcZiWE58TR45SYomWS//JmcZiWE58TR4:nYomWS//JmcE2YomWS//JmcE

Malware Config

Signatures

  • Renames multiple (519) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Drivers directory 8 IoCs
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 64 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\7646a52f439e5f5a9bed9eb26b0f27c2_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops startup file
    • Drops file in System32 directory
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:3708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\7-Zip\Lang\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

    Filesize

    905B

    MD5

    4f96659ec995be3d93c06fe39c89e3df

    SHA1

    1f7357fc113e519f6547f5e7742583426ee89c81

    SHA256

    882ac9bf649bee58fe58513e5a91fc301c08a988df83baeee56968538848e1fd

    SHA512

    4cd5e53044785973d2ebc54ae49a1e101fa42198cbaba1c9eb7d30e7787b06ccec690f068d598aa0a4a1244d1cb8b036e75534c7764d911212039fbe71d7c3db

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\winword.exe_Rules.xml

    Filesize

    332KB

    MD5

    7b299dc9615a04baddda789c23badcbf

    SHA1

    f6df70c56fffc524697dbda261b4988e7582c1dc

    SHA256

    0b1dbae4c3ef76e85e174c7a63a253e3ae8c9d084f84cac9b520791a258c5b9c

    SHA512

    97e4f7427114c7e21987f921e29eca36933b5eb798c38626c766c11a47632228c85a86f69cf13aa8d361d50017f970ea6489e64d538626be65aa4fcadb08bf45

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml

    Filesize

    317B

    MD5

    d41600f7da09bfc791dbc77409a22588

    SHA1

    9f89a9acab5ea66d9bfeda64432f146d8e0bc7ce

    SHA256

    dc61d1875ef28521d0f9ae33fd5e6e0c8699f26e556a65832ec3f2364f2d51f6

    SHA512

    7a91a8f9a595537d992fec9210d5b4985ff8d246e86d5a37d9e5511cbf447681c07451911469bd1b8011d47f5eb202004f763311c22f776aa29a7090f78f16a1

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

    Filesize

    21KB

    MD5

    db9f1a58559f143c4a907a344b9ec6e5

    SHA1

    59ada49413804a765de81c073ee279c4e8645dd1

    SHA256

    b866fac08c049d398b54f2e191eee3534169c49bb30894b7b9e8dd8c89ea0055

    SHA512

    0b76a2ca4e469d10616ad1560cf0a240c534c145e423e642c792a5c1599d14afcfb9b5c93f519c7e3911dbe4f5ff792ca3564d64d4d19a39c1e79ac97e966b2d

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

    Filesize

    8KB

    MD5

    b504273d017233f4b151846505f30e50

    SHA1

    dc474e86c5316a4e76e50bc617c55c007a9048ca

    SHA256

    df364d483baba875558703f8cd24952da1c619397b036d216283dfc8f862f3c0

    SHA512

    836d43442622d748e5457a6c9df45828b3c144eda6728f4996c8a257293731ac4f736261037cfd67d58aeda9471c4c3d917a98069ed291c412359acdfe71fa11

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

    Filesize

    1KB

    MD5

    c63e3cb361b7501d24a671130a7b481c

    SHA1

    0aa25458ae39266f4c3dd32fd2f51b9b64bf3f88

    SHA256

    2ac09223e2bfa9abd6d1f975cd3dac383a02710ee8184b084b0c4d57d054d2a0

    SHA512

    28e069714630dee8ce2f34c4cafc980933f6f218c94b8b5724dac0cd5bbce76292821250a43f54152b8e3103f87683ffa5c6fe84cc72df89780ce4fc9547f437

  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

    Filesize

    8KB

    MD5

    173276c633dd374114b638ebaa100415

    SHA1

    07b79ecf7aa8f9661dc60d006ce3c60d72cf11a8

    SHA256

    7b546c76bcd4070cfc3279e4f2459b761643f5f64cb663f3004a33dd22e764cf

    SHA512

    ac9a0b1031cdf0dc8cfcfd11618de4dcdb1d1f6dad811cd3bb5a75848245c4a5cefd7ac5aec8715c884f0411a4befc124a28f4fc464d8c51f1964a2138c34792

  • C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Shell\DefaultLayouts.xml

    Filesize

    62KB

    MD5

    fc89d79ccf040539651f5cdd1f9bab15

    SHA1

    e2eb11dbf785ede2a7e182f1f5558acf2992269d

    SHA256

    28e6416e94160ea4970dc749b071667e1e9c7ce34f3e19189ea248c98634b474

    SHA512

    9a92e32d0c1fac9d4ab636b87dfa092f3d54ccda759dc6271d7a8c283d50c555a323f4c25fb6857974fe5489eef3517a3feb9ad297194ae7a14bedc6bafaa712