Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b4e8878e5b...18.exe

windows7-x64

7

b4e8878e5b...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30/11/2024, 05:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b4e8878e5b8fded3217d0e263296e388_JaffaCakes118.exe

  • Size

    725KB

  • MD5

    b4e8878e5b8fded3217d0e263296e388

  • SHA1

    4a7778fcc6011462cf1e7e9a7252129529aee000

  • SHA256

    67caab3ce1fe6bc1bdf7a3939f5e963e852beb894e927cd952fd545fe5e8c904

  • SHA512

    5cbb993b782f149333f78a031563c783bf5b66b35d07b9c82b0646dea340686e4a6ed738fb0c02899d8fdbbec12a5b4d6b23ffe9f675a0f7e452404bcf07f09f

  • SSDEEP

    12288:h1OgLdaORo99/rsFEt5hDG0SAMs9jR/jeRJKu9TJdwYGZtyjTje5jOSpJX:h1OYdaOROBsFEt5hDG0SAMs9jR/jaJn4

Score
7/10
adwarediscoveryspywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 63 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4e8878e5b8fded3217d0e263296e388_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b4e8878e5b8fded3217d0e263296e388_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2420
    • C:\Users\Admin\AppData\Local\Temp\7zS8B9D.tmp\tY.exe
      .\tY.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops Chrome extension
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      • System policy modification
      PID:2180

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zS8B9D.tmp\5.dll
    Filesize

    222KB

    MD5

    e9b27306a18f18b88945cdf066de2fc9

    SHA1

    4d18490fbb336e261301a967047065dd561cc2f2

    SHA256

    a9880b90d24af3786886306aefe5c79ff3cb2fb7b36ee5fb7bf2af85f240d63c

    SHA512

    f255e8bfb13cfa070b31f47b12a4aacf9ab75a6a8191b6b83740d02c3f007b6d5255a5c2c12bc7b599996742973d2faccb5463d96d16c7aba40e34776823c706

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS8B9D.tmp\5.tlb
    Filesize

    2KB

    MD5

    39d776f73d1d3f771aaa8c3561367c3a

    SHA1

    eef842aa02927bd7fbe7d569c5446ef1a2ea065f

    SHA256

    c2156787eeb818e587529572599fa124773c71330fb93e1c79f4cb9141090941

    SHA512

    3174095accbf422730e60f61523dec01a9a4519cb4642a641c5f547d530ad41f5386d383b90f7daf34f1f36635775929e99d7fe0030aa24cee30f4de8376eeb3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS8B9D.tmp\5769358676771007292.log
    Filesize

    3KB

    MD5

    a761bc87ac95977e4bd45c1b392658c3

    SHA1

    0c1d296feddaff3654905d42ea67854016bf65eb

    SHA256

    8f1ba093d7dfb75284ca5f43e544f6f9d0c7f9ded5353026d21067544a93fd00

    SHA512

    1aa3c991a9c104e1d921067757c95840bf160c20a9c10d3351886c45cc70722ed3183ff9880a88df66cdaa21e90060c11074bc606d67a7123aa7324920de307f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS8B9D.tmp\cehdkcgdkfnlkgkopediapbaeembnclc\background.html
    Filesize

    139B

    MD5

    ad3355ceb6e90358653de19279654b3b

    SHA1

    f7fad5221cc21882714048c86bc628e8a3966b32

    SHA256

    cad651cdf798396e4941048315656fcd43a728ea24f6f6c735cd77b56ea68dbe

    SHA512

    6da4268221f9ee48df8ff4261f8229ead63e9bb6eb18567e9bde0d981c6333be6dab4f445aee385bf940d1d5584c3c237caff7aef3b0b73d8900c86e9fbef5f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS8B9D.tmp\cehdkcgdkfnlkgkopediapbaeembnclc\content.js
    Filesize

    197B

    MD5

    5f9891607f65f433b0690bae7088b2c1

    SHA1

    b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

    SHA256

    fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

    SHA512

    76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS8B9D.tmp\cehdkcgdkfnlkgkopediapbaeembnclc\es.js
    Filesize

    5KB

    MD5

    bc8460ee5d00e9010b078dee6852d84b

    SHA1

    410317d585f22f454af9277c500a6354722e165f

    SHA256

    bcc32d3a5251ae6bb9f583ce762faa5a79fe472f0102f7a247ab12167ea10e99

    SHA512

    2d312faf7243a3f8e63b6f78fe9a90bc7bc6ebfcf5410d940c4df291d8c040bbfb36b02185b41fac318845adf92186b1b61561c7c4bd58f119423a4aa0ab6e4e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS8B9D.tmp\cehdkcgdkfnlkgkopediapbaeembnclc\lsdb.js
    Filesize

    559B

    MD5

    209b7ae0b6d8c3f9687c979d03b08089

    SHA1

    6449f8bff917115eef4e7488fae61942a869200f

    SHA256

    e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

    SHA512

    1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS8B9D.tmp\cehdkcgdkfnlkgkopediapbaeembnclc\manifest.json
    Filesize

    507B

    MD5

    7023218efe3fccf3988e23bfd121471c

    SHA1

    5d75176a4581cd37155bac3b0c5b7532ed6f8dca

    SHA256

    3f7b87caa2263a79c11d23d316929f478bd222d5c95a290de8b151b5db715269

    SHA512

    82ee917001597a12bd6464a5c6c6914a3c3a2b99e647b28a20c32209963437830d8698ea31b1e4b7f5ad82afbb5c62054bce23c81b8208bec69896891048da83

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS8B9D.tmp\cehdkcgdkfnlkgkopediapbaeembnclc\sqlite.js
    Filesize

    1KB

    MD5

    b2dd5f474d696627e883b5f978d00850

    SHA1

    b8aba365e7e142df95f8a38dbf593c80ed734b54

    SHA256

    46900d54c9ff1a1d84197548d35f8414c82b9c15eaca885643583dbe500003f7

    SHA512

    bfabdafe51cd5384cbf35bc04b97125b0b6172b6e37f2c645994ddfb4c433648036670a26eb837c541cec8899ca44ddd5430a61820a21a22edd68e75c9a514f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS8B9D.tmp\[email protected]\bootstrap.js
    Filesize

    2KB

    MD5

    1b53c596cfb1aa2209446ff64c17dabd

    SHA1

    2542da14728dcdbe1763f1ee39fe9ceae38ad414

    SHA256

    a7dfea4bf7e1d46a8b8e64ccfb2cf35017e3a5b350eead26d6671254d2b3c46f

    SHA512

    be54481675c38ef6a41697cf8cd3ab5a0b126922b192732a9c587dd8905b74b66c79eb0c849f62bbe8934979a894be63734b0ad59ffae295f5797cbfaa327030

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS8B9D.tmp\[email protected]\chrome.manifest
    Filesize

    96B

    MD5

    9128b4e0db7236d5449129e234d0ba32

    SHA1

    9a326c196d875fc30df8c849683e43203dbdc432

    SHA256

    2138e430decd04c9b757c6e936fb8bc92871c230d50d7815c6887b3da95bbdb1

    SHA512

    c7205d5d535a7745abb77d1c9586f660b84f328f44fb71d777a9ba936b1b697ec380126430b896b5bc17d07037c74f004150372cfb8273990988545f2707aefb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS8B9D.tmp\[email protected]\content\bg.js
    Filesize

    9KB

    MD5

    62d0a6d88880f50315cc83657e6a4851

    SHA1

    757343a89561838f871e75720a3260d6256048d5

    SHA256

    937ef078df04677b0bfafb5262790b0a15185653d746646521b9df1ce2ea3c1d

    SHA512

    aa70faf0c815f8e852155a1486eee7b830dfc1e8ae60d8ef2ff5a674db483c2b5b8ef24fc2e33eb76aacd279ef688ab4ae0eb67116468c705d18ca61332a632a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS8B9D.tmp\[email protected]\install.rdf
    Filesize

    607B

    MD5

    cf7858b41b60a6a69e42574804c60512

    SHA1

    05e6837ddd40133334ed7c21c4a89ad7e572090b

    SHA256

    c7a2b9853347f50d8e36a48e7ca2b74a3017de38754425f84329bf7999b7b42f

    SHA512

    4442d25518fe0f31740388b43a226188fa208186d4a04f1b5eb67a59e2dbb1451396254d36dba6a5048b00286aea77a1a042f5b1c9b25f450903e7101af73f54

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS8B9D.tmp\tY.dat
    Filesize

    7KB

    MD5

    ecc44d3653ca8d9036e5f8cc803c4e08

    SHA1

    290a423a4e8e36b24b1689fb44ebc2a003c0cbde

    SHA256

    5a3f449541c1375127a0509dd94c5aa5eeef32a134276eb71a42e3636b44d9bc

    SHA512

    72a1a26e96876dfc72147771f729bc0a9ca206b9551246908ac5ae38d280318dd70de9246698215e63592f6e6b2d3fd45dfd083d07709087c7a92693a06a5a1c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7zS8B9D.tmp\tY.exe
    Filesize

    334KB

    MD5

    8300c91b40229b42301aebc6d8859907

    SHA1

    0b55e56a6add6b4dd4ceff475a0018a203d02a5a

    SHA256

    f54a6814ac06c70ef5b738eca4855e49039783d96b70ba1ae461bd90877e53b5

    SHA512

    0863750da143e1707513f4a2efe1ad6cf81f5a819c7d5496d1629745afffcf72338aa9de90479d5e0936e848f9b260c434fd369027c56be175814086cafd4d8f

    Download Submit