Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

b9d0201d96...18.exe

windows7-x64

10

b9d0201d96...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02/12/2024, 19:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b9d0201d96bf236e37d58605857b6879_JaffaCakes118.exe

  • Size

    555KB

  • MD5

    b9d0201d96bf236e37d58605857b6879

  • SHA1

    3733174095b7b94f73d2f866f03503ed19477ad9

  • SHA256

    a916a084fce6071fb264808dccdf11e97ab1eb67b804634e2d98411aef86dcad

  • SHA512

    6f3f3f47ab022f108d9939fedf1fa36386ec6e8426ebd370390c9a8918b5d8b1de0b97e6b388f0b78dfff2640ebce5d7b5991222f8a91c7ef733a7bd2b53d092

  • SSDEEP

    12288:3DWzZctGgmU79XFj/Zr1oF9UhkSYOpxHB7ZkyfRmQKys1RIY:aWUgmIRBx7xHB7ZRf2ysIY

Score
10/10
cryptbotdiscoveryspywarestealer

Malware Config

Extracted

Family

cryptbot

C2

haipuo52.top

morbaq05.top
Attributes
  • payload_url

    http://zelveu07.top/download.php?file=lv.exe

Signatures

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot
  • CryptBot payload 6 IoCs
  • Cryptbot family
    cryptbot
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of FindShellTrayWindow 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9d0201d96bf236e37d58605857b6879_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b9d0201d96bf236e37d58605857b6879_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious use of FindShellTrayWindow
    PID:2736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nm8LVjxqM\EltS0WUK67p.zip
    Filesize

    39KB

    MD5

    b89324beebf5be7bb916f5ca2bea7d89

    SHA1

    fbe764c1f4d1bee226d1bbd0e1ccdefe0507f116

    SHA256

    1c830bbb076fc08f4c11212791b316b3a5fa3f776f1df904524d5429c7cba2a3

    SHA512

    a0315d7c21f555ac46b64ee9b4a436467fa7fe9f3ca4a18e090cecb97bd805bf9f6dc42736f42cef4e5e85724f281518de04e020ec36df5d99dc227b7d75e795

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nm8LVjxqM\_Files\_Information.txt
    Filesize

    722B

    MD5

    2045e7aa989dda111424f8cdaa68f075

    SHA1

    ba08feea7bc2ea07835395d134a6d2bab8641e28

    SHA256

    b6eb25c1826264d93ff05785429c543cc48f398b0d8104a824c97b5f51e1bbbc

    SHA512

    0ad3dbd8ada082519362a7fc22e6fc4bfec37f783e8901344a1d11e7aa3ccbc97bedb45dd60e52bbd9cf9a747d105c875b989fed6bc8239d1b10f96f6b8aa778

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nm8LVjxqM\_Files\_Information.txt
    Filesize

    1KB

    MD5

    3984bb473b6b37177e48c0c8ed0f3b83

    SHA1

    596c9a2158f4250cad4deeccc466d039b382b764

    SHA256

    24d899846c84ea94dcb28b750868aff293e23f7d864780091b627e5c227f6aa3

    SHA512

    843a3d9b2344cd3823d41bf0e6d7611e8e0e613114a67e14935688c3e1235472f82b00715c4adc0ef84453ddb9ca67e0d20069018adc23bb112a46d80164f947

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nm8LVjxqM\_Files\_Information.txt
    Filesize

    1KB

    MD5

    4c980bf53b9e09083a97f1eb532deebb

    SHA1

    48a9695ce3ce0288dbee33b06e3b96d3822a8dd3

    SHA256

    aaa8025814f565bb182c5ba046f16b2a98101950af7ca75b8688cd2a286197c9

    SHA512

    28fc7c99de42e9e7801bed2de7939f355a9e322576eeded62e9d5f338940e262e6ea8e2714adbd463aeddc1a4d9ae29f47274f20ded58b5ecbb90a97747859cc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nm8LVjxqM\_Files\_Information.txt
    Filesize

    3KB

    MD5

    48992b76156c042eaaf514f752293234

    SHA1

    4f788e5d6c84ae2743143a090f0d5aa09dea2950

    SHA256

    29d083d397198c8b4d1b81a67d395c921468a35b425f43d0ee380a519a454b39

    SHA512

    1600a73d75c70bfb74a7c68cda19c4529d25e97d2e62a751d064ae9fc0b8b373ee631c60db517779e16eb6a953e98f0522ad4702fcc7bcd41e7c14e8322d19be

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nm8LVjxqM\_Files\_Information.txt
    Filesize

    3KB

    MD5

    31e6452ff33c008011aaf179d170c723

    SHA1

    e7cc4af8fa22b058a3569c80be1bf1f7ab029a23

    SHA256

    30abd2204912b6664d98cbc745bd64c3e9700520d6992e44ee2198d41af39510

    SHA512

    cb4800dab96f50b4e4f3880a1b30425d4d745ddbd461312e5589de38d92a5af3cd280981a53398a1c01c175721c5a4142bd3dc1064b671ee6e8df82d0e8335cf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nm8LVjxqM\_Files\_Information.txt
    Filesize

    3KB

    MD5

    af9bc957d8cf8dc41c40c620f0f3cb6a

    SHA1

    ec709cfaa8a173c4fd02362a92c530dde77f689c

    SHA256

    4f7cdbbd21e07f27f32d30c06df0c048c4b52a881168e3bd1903376ebd499dfd

    SHA512

    abdf90b6490b729fb68982c72308f30f949f69a7ce3a01357e82d57472609a132f6214bd873505d2763d9c3a90b846227f52ebbf29e623858277bc7d5d9502b7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nm8LVjxqM\_Files\_Information.txt
    Filesize

    4KB

    MD5

    970f5251bf2b9fd2e29de199740f906e

    SHA1

    fe28aa4238f82cf13daf80cc5606c23bac16951f

    SHA256

    7e54bf0072992fd95d431c0b345ea31325823f6c9b8f096f83f234c978f79603

    SHA512

    dfd8f82854cfa13c6641367b2354d06edd43d9becb3bef46b5d2aa194e9e2d34d0165a0066098c8f593b19fecc52716d94357ce862f7e056fe1466e0098d8cf6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nm8LVjxqM\_Files\_Screen_Desktop.jpeg
    Filesize

    46KB

    MD5

    fb0604b0f8312a7d2c08ea08fe588d41

    SHA1

    03755194ab85a719b41462a9e7d36f3d49f5d6eb

    SHA256

    4cc243b2ba9e4180448f78c9705dc3c5a08723281272ca477f2a64b8a2ea592b

    SHA512

    3b9ba2b26a3b426fca09c9ddd1951be8b7f8e14385974aa1008bb3067452f9f8800a7d5829e5475aa2eb37dd94e20ad177f36c92e46d68c72e7cff000c75caaf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nm8LVjxqM\files_\system_info.txt
    Filesize

    1KB

    MD5

    6a2500aa48b73cf85052161ec4669770

    SHA1

    b235b8f27cbd47bbbe98b3425a1c9d66913a6068

    SHA256

    7f57c8100ff60a74dd3970dfe7280640f8d447e0e6a7fa2bd988c81633948d2f

    SHA512

    5ed1afe2719e5c9eb884d4924b11e5b4d298f059af3b1532bf562a840a981e80a263cd0c113d7e201cadd35548ee92a2a63fbfed67be7316ececa8a5f293a83c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nm8LVjxqM\files_\system_info.txt
    Filesize

    1KB

    MD5

    2dde151698dbf9cc4ace5094fe80132f

    SHA1

    cc4225b9dae34e8fc32358fb0a2a703a8a3e460f

    SHA256

    21855ad6007763f29d0510f0309600e9fb1c5385c1c5950db4288f132473ead6

    SHA512

    9d0f3d739b209248d3e9b17d3098a3e7b5e64fd593d1ba964aa6c429ea6ae313e6c681e1dd913892202d3e4e3397a30ce64fe63f6e1fd53892b5b22efdf1582c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nm8LVjxqM\files_\system_info.txt
    Filesize

    3KB

    MD5

    b19dad1fb812539162a0e6d410c32235

    SHA1

    894170f2505c307da73f69e7f5be476cae6bb783

    SHA256

    8ed56cb6a7f55e8401c38953ced009439ccbca8826ed0ef409a8120a5303bfb7

    SHA512

    d2344ec8e348555edb34b386464aabed2d60e4c24b08c42a4cb9123a0fc72895ec673bdc5d219309c51510c2288f554db365f3f02a19e89f3a46d0b918fd479d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nm8LVjxqM\files_\system_info.txt
    Filesize

    4KB

    MD5

    2b60cff06de0e195f73b581166492e51

    SHA1

    62037a916e9ac280da40612ef9b5b02367ff7c89

    SHA256

    c33e4f88812fff29e7d95f8af3e83a22eadfe5327d0c8adad4ca82ab06027e2d

    SHA512

    1845ecc1871f1703541ed2d8a0dba38718e647e29694b0acf02c98ec0e5f8b77120a8ca1a85ad2e83796527434304b02ecacf76a17c415f9d5051402fbe4c524

    Download Submit

  • memory/2736-1-0x0000000002E20000-0x0000000002F20000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2736-4-0x0000000000400000-0x0000000002CC2000-memory.dmp

    Filesize

    40.8MB

    Download

  • memory/2736-3-0x0000000000400000-0x00000000004A3000-memory.dmp

    Filesize

    652KB

    Download

  • memory/2736-221-0x0000000002E20000-0x0000000002F20000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2736-222-0x0000000000250000-0x00000000002F0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2736-224-0x0000000000400000-0x00000000004A3000-memory.dmp

    Filesize

    652KB

    Download

  • memory/2736-223-0x0000000000400000-0x0000000002CC2000-memory.dmp

    Filesize

    40.8MB

    Download

  • memory/2736-2-0x0000000000250000-0x00000000002F0000-memory.dmp

    Filesize

    640KB

    Download