Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

JaffaCakes...2d.exe

windows7-x64

8

JaffaCakes...2d.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2025, 06:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_f9dc45af96acdb35e2493f4c21684a2d.exe

  • Size

    409KB

  • MD5

    f9dc45af96acdb35e2493f4c21684a2d

  • SHA1

    ebaa57a261f3c0e78e63233f7c00e530d3d314c3

  • SHA256

    5017fad3ad4cc8ebfae087439fd120d2bb6f89d8617421fa7cb672cd24a5694f

  • SHA512

    7dff9f34edda24381d8d634c111890f72059f47fea844e25675fc396e2f2a6600adce93193824fc9d5dc9895617e05e76e1377c5cf8c6840804008d4e907ad36

  • SSDEEP

    6144:ppMM8EV1kmIOA9nkEamR4XOyV5R7Ls2dMQRcR0FZXpL:URmqkjmR4BVH7LSQRlHL

Score
8/10
discoverypersistencespywarestealer

Malware Config

Signatures

  • Contacts a large (1386) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f9dc45af96acdb35e2493f4c21684a2d.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f9dc45af96acdb35e2493f4c21684a2d.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:640
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE" 212.33.237.86/images/1/report.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2464
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2464 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
    Filesize

    555KB

    MD5

    da05bb10c81694b404181a8b8c4c6598

    SHA1

    0594eecf014396de61d52c8df2fd3858dd463474

    SHA256

    07be20c032bc2795d04a4856cc7785ab1352342e7e8ed262679af081e3b00ec1

    SHA512

    27f96ee03a77846aabab3a872d7946c7b4f517e4366dc7ac24784f29205f19a341d1477a91c6b6313a489d24328ef64cce286dc816e58ae07d73eba61155ea85

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    99c74edf0f945a3c249b5a35d0c03df6

    SHA1

    d44081a2a47048db93199d408cdd9eed500d444f

    SHA256

    2efaaabe1204f80d295efbf8963033ef93cbfc6201b9c4325ddd5a0c79e4be94

    SHA512

    16482e32a1bddbaadbe0dff10692d30a85c24ec0f04293dc1f87c606985015da5f827023f3e36eda68321cf50dd3a724a3154e1095e03aff5f7745dbb840375d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc3ea2a34c842233a65ef9d15828646f

    SHA1

    738ec52893f8624a4b93bba9d26462b72aa444c0

    SHA256

    ffcc1fd7b36fcd9f56492f392e82d4360cdeabb68ed193298ec65e987e767239

    SHA512

    bb81a66c2bdbf284a8faf754d73ae8ca50fa2afde6e5279fb8be868c7a3484c70b649a66398109182b942acb2a83b169bef15b59c2ae91aaea1b80e2cde3a526

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a417f00ecd3bdc81dd1e13d7720059f4

    SHA1

    804110295d012165b5c92ed4bafdb0490475db09

    SHA256

    5712f3bb904492ef3e3d8777ddbaad6e5979cb47002f5d8992cc129e0f1386a7

    SHA512

    28f98037a72770165f2129710e56dc6b479a43472f32a17e59540ac385f08502f4b38a89198339d2828cd5948104446f55cf58216d3b7cbe1afab38afdcf3c14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9c7bd25d99484de2ebfeb2491b93b9d7

    SHA1

    dc09a501e1c66025d96780d1c44fe6d0b7b93e59

    SHA256

    dcfd54f628ba1644666323b7e86fc89f7d9f91fd6c11d2cbc4309117921f9925

    SHA512

    367d7069dfddee0997c57b06dba01c0ac3aaadfb3bd77568dad550abd4df4a8d88527b4192ea6a519db408d9a508b33d6b52bce373354a89f62aad3a0547af3e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca67fad6b49f13ea44bbe710ad6b773a

    SHA1

    3bd9d43a2576df85cecd81b113da5efb9e527052

    SHA256

    c5019a19681da8030a0ef03438e07110a15df1ca67faf69a87a9426c85f4a370

    SHA512

    71c1c81afd4a105e61c5af21bd394aefabf9d396b037e0f1d3f05ad6b59df8527e9f779127a0efb5359099474f4c8a3870cef562ad1d92ffeed840c40180644e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    694b8b7f218b6bef5ffa5414a29bd228

    SHA1

    a016a8d56c5b189abad3fa4df41b9e6be301c1bd

    SHA256

    d1621ef96e2af0dd84db4b274d73d227ca8dfda4f9a8f9fe4ec41a1cbddfa574

    SHA512

    f421210e739968deb8c1e279c188aec4a3edc036c6ef5017db85a6c8234116c2f4f37cde714b1a85126b1b6db47e74f9c1fb6ea8cfaa3cdf3c42814dbc9552cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2dfe9bbfd52e69bc1d81beee664182dd

    SHA1

    602dcaaecd772020a922cf19cb29a2ed17f60d38

    SHA256

    bd7bc681fc61a32ec790eb0f785091f54ac53e026e6e3e5a64c3088873e781be

    SHA512

    8a45c9a5d07900fe0fcead4cb32ba0c9e897db36c6828a9fa383f4ac3992355bddb366e1977afdf42c7a252d9abf526f2b06a357e0d845d3635726a5d1f9cd59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4a037b30b1cc5f3ab1b83c18687be4c6

    SHA1

    0ea26fe70ff93e34d4608782055d8fa611304ec5

    SHA256

    5477c001e194c76d09794aba2070e8501f9486c768dc8789db7546e54dd4fe62

    SHA512

    83ac7bdfa5aa0cdb6c531031fd4898a673b672c569bd54d0ef092806ad9852825d3e7ffd0ff98a1afdb66188feff17fbf887c4bad38070ad9264da19aef283d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a14d1f1c21cd1cc246725b74afb345e0

    SHA1

    abfb8b6d2d5c9ea846f5d042f7043aa8090cfcb1

    SHA256

    43cd91f183aea53eb5b8f2c0c1ba007b4aef685040e74d88b10268b1f7e16f6c

    SHA512

    1eb0f58efc51c1d600eac381741ffb4b6a4cf7528305ba464fd550a032351a8e922a3b687dd74d64bcf8bf5f816ad63a5146d264e3f668161b0497c684246753

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd4cd943e20bb0d558e82b6d9ba0bdce

    SHA1

    119b39e2700ebe8eca3e12c3a319678c9ebf98e9

    SHA256

    a097effafa5958b4b1f6664fa6aed1e03ebe2e41ac4d8df681198f9fb1e5c725

    SHA512

    84f8f65d62e3b525fd827b3677fbff06987b56ac9b0f2a42912243377ab2abf39c316f0b2723ec164d97ae3e27bc34778b0b52f5dd8bf111af35926a323d2dc2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0053d7070b2e97f40efbb2b5bb177b70

    SHA1

    95f47bb51be08babe4a7cdd0e958d6dfc4fe4bf3

    SHA256

    7bef0e5f1bb8fd59aabb9491b8cea50b49cc60686b75ca019a9e1770533d35a0

    SHA512

    d194111ae227ee97252df18267935ae664a2a3ffcbd7cf46d2b1734a96ad2f6b6c44c1cbe086a2f75e12b9b51a3c9f22dbad53b8711c3e751a1de49fea1e9db4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0f69aaafbcff2068a1f469b3bfb53df2

    SHA1

    16b136c7b7822252265da083631c435faa09edbb

    SHA256

    3eceb19249dfddf11ea74a406a5ce8c6f22ff589baa8ec801382cf7da66be041

    SHA512

    857ce027b1c0e9aa354de3dcde7bdae0945a7bf4e5f2485220bb3496ed8945f105ea5deec1814fb7446aa230c7241906f56b702a3a25f9d074324384e55d9d16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1498e40a63451bec4d2bc6dee7006e20

    SHA1

    a67dd5f0ebf15fd12fb50bf4b483d3e834136ce8

    SHA256

    676919ab5480219c0a2f289a36fa30c05c47d4def91ca48db7f769a07ba705d3

    SHA512

    6db6930645b4e074d565b7a85dd2979e077034b1a48a671886b35f3a4486d4d56f842ec0b180dc6e43adce760b4bd18c5222b8faf19c11f0f9ca30a553b3d8c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    627247a1c51867ce0404b01ed1b696bb

    SHA1

    f9b3b6dcbca6aaff30ed2799c3118161c363f079

    SHA256

    932aca1c6da538cb9393e4d78b5852a674b87764c85a89ec90b47c45fd4bddda

    SHA512

    3a5c70e922fbd051f2376fb80155648fae8bcae5e030c709dc99f3b4ac9ca64bcfb1bd2911e5d1177371c90859cfa80758d539702774f0880391960818995acc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    917c9e6ba1d6b39c9d0c8d9ea9416475

    SHA1

    234c731a6fb468429c1ea2a8126d85919787f35d

    SHA256

    cdb25274dc183659ae7087f9ade561cebf007377805e4eaa9b7a9209fc7ad6a2

    SHA512

    e74e367f1c52cad94f74e74ab7737cfeb93b5565fab67d89a7a710184b4ac074f1f67319de4415d204e5acd3d60f0def4dbc3049628b0f5105727866f87a7570

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    68779f2fe8f8d5be625bbc75a2c61b0d

    SHA1

    8122e7c06e73f71968f44dcfdb013cdca04f0037

    SHA256

    c6c54c52874f78992cb95a6a03be4bad0b64c9a90382c6970b65bcc6110a5027

    SHA512

    7e5f02c5ec8aa12ca60ace21ed660f039cd1b4e80d9b9ace0fbd20ed9ab05f17ccb9bb10d7aa423fe730dc20c81ceadcb6ab80e29aa6c38869dae9de188f83c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc31aa18513503eb63ece711d03aa226

    SHA1

    96a9f5b7ba128edfc6b8a632430fc0c53dd067f7

    SHA256

    a373986ac86c5cb7c7ed56d9288a3f14deceb92681405e28649105de8c0c8a9b

    SHA512

    dceb65cf671d84910fff6eabfbe337ec4cc4c638e4f6476ef4d901745183be12990f58d4a5cc4c6f0ab0a36c668086bc76a5ddf2201c3bd46335ca9d8cc2be7b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2e06672dfcb8cf27de29bd9503efbda

    SHA1

    7863ea481a88dcad3cdd205312d6d50fadd97c69

    SHA256

    39f11d31206a0b22575ada347ef1ca2c0c2b1d95232c96f9886c7821bafabbbb

    SHA512

    aa021fc60cf77f7883f4323b6a460313ae1c19f0f79b5be5330c7dc7dd96faf97a734ed5870234be8d3ef50d9ff03e2d9d5567269a3bc103095bd5c47b5d03b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f2e34766943062ce5b46458cfffacc67

    SHA1

    3697cb89f0047bbfdc9038031f9e2e7614dddbe8

    SHA256

    de6ca181b0c9f9dd2306378a4f037f6cb38d4daebcc32220e4906272d9c8795f

    SHA512

    398572867679d2129898371160d6b7ac6ae7336ad1826a319579873992bf2142c0ec32e0219f2afb727ef01fd37e7755d4475c105d2f89e97549b14d02cccc4f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9ACC.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9B4C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/640-0-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/640-4084-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download