Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...a8.exe

windows7-x64

10

JaffaCakes...a8.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    17/03/2025, 14:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_7e4d8a409cd6ae4d8bd0041d84bc5aa8.exe

  • Size

    621KB

  • MD5

    7e4d8a409cd6ae4d8bd0041d84bc5aa8

  • SHA1

    5d032083f2eb03fd7ee741132e1dfe55f810b7a4

  • SHA256

    9aa4a808cf30f5b05c70f419ea168b9fc7d021c6efc23d928b7cd7c7253b5c83

  • SHA512

    8ab7571bf4a3b4e2afbdc5a2a46da0d24221c7fab6bc918d7e3789d681457320eee31fef0348226eed0c7db5ec9ff3895e5cdc378d93fa957fa63f14ec337194

  • SSDEEP

    12288:0fmtCJuGH3WmV7vWN7iwHQo30veJTv3PdEXS5nLX:0f4GZDk7kRGJTqU

Score
10/10
googlediscoveryphishing

Malware Config

Signatures

  • Detected google phishing page 3 IoCs
    phishinggoogle
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in System32 directory 13 IoCs
  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7e4d8a409cd6ae4d8bd0041d84bc5aa8.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7e4d8a409cd6ae4d8bd0041d84bc5aa8.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\UNINSTAL.BAT
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:832
  • C:\Windows\svchost.exe
    C:\Windows\svchost.exe
    1⤵
    • Detected google phishing page
    • Executes dropped EXE
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2844
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:2820

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\UNINSTAL.BAT
      Filesize

      214B

      MD5

      929fb0f97c65d1521f81f77cf2f2978e

      SHA1

      dce9c16400f18fd721217eab418068adc1f48dfa

      SHA256

      c1ca150c777c8aaa81bd3e8487ea47381d2e1842ae09322f0c4dd77a34bb3a2e

      SHA512

      2f3a92a3bd6d40fa4a05d43db279459a527461194da08aa5fb3e2f492047dbb7d8ea1ed717ceabbcf77ce23b9c0df696fa569cfd169f741f302e4522c21f01f1

      Download Submit

    • C:\Windows\svchost.exe
      Filesize

      621KB

      MD5

      7e4d8a409cd6ae4d8bd0041d84bc5aa8

      SHA1

      5d032083f2eb03fd7ee741132e1dfe55f810b7a4

      SHA256

      9aa4a808cf30f5b05c70f419ea168b9fc7d021c6efc23d928b7cd7c7253b5c83

      SHA512

      8ab7571bf4a3b4e2afbdc5a2a46da0d24221c7fab6bc918d7e3789d681457320eee31fef0348226eed0c7db5ec9ff3895e5cdc378d93fa957fa63f14ec337194

      Download Submit

    • memory/2548-0-0x0000000000400000-0x0000000000536400-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2548-1-0x00000000005B0000-0x00000000005FB000-memory.dmp

      Filesize

      300KB

      Download

    • memory/2548-2-0x0000000002300000-0x0000000002301000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-5-0x0000000002310000-0x0000000002311000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-12-0x0000000002820000-0x0000000002821000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-11-0x0000000002820000-0x0000000002821000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-10-0x0000000001DE0000-0x0000000001DE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-9-0x0000000002820000-0x0000000002821000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-8-0x0000000001D70000-0x0000000001D71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-7-0x0000000002820000-0x0000000002821000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-6-0x0000000001D90000-0x0000000001D91000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-4-0x0000000001DF0000-0x0000000001DF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-3-0x0000000002320000-0x0000000002321000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-19-0x00000000023E0000-0x00000000023E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-21-0x0000000002540000-0x0000000002541000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-20-0x00000000026D0000-0x00000000026D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-18-0x0000000002490000-0x0000000002491000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-17-0x0000000000620000-0x0000000000621000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-36-0x0000000002880000-0x0000000002881000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-44-0x0000000002AA0000-0x0000000002AA1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-43-0x0000000002A80000-0x0000000002A81000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-24-0x0000000002890000-0x0000000002891000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-37-0x00000000028C0000-0x00000000028C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-27-0x00000000028F0000-0x00000000028F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-59-0x00000000005B0000-0x00000000005FB000-memory.dmp

      Filesize

      300KB

      Download

    • memory/2548-58-0x0000000002B90000-0x0000000002B91000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-45-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-57-0x0000000003510000-0x0000000003511000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-56-0x0000000002B70000-0x0000000002B71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-55-0x0000000002B80000-0x0000000002B81000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-54-0x0000000002B50000-0x0000000002B51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-53-0x0000000002B60000-0x0000000002B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-71-0x0000000003720000-0x0000000003721000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-75-0x00000000036F0000-0x00000000036F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-74-0x0000000000400000-0x0000000000536400-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2548-70-0x0000000003700000-0x0000000003701000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-69-0x0000000003710000-0x0000000003711000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-68-0x00000000036E0000-0x00000000036E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-67-0x00000000036C0000-0x00000000036C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-66-0x00000000036D0000-0x00000000036D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-65-0x00000000036A0000-0x00000000036A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-64-0x00000000036B0000-0x00000000036B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-63-0x0000000003680000-0x0000000003681000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-62-0x0000000003690000-0x0000000003691000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-61-0x0000000003660000-0x0000000003661000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-60-0x0000000003670000-0x0000000003671000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-52-0x0000000002B30000-0x0000000002B31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-51-0x0000000002B40000-0x0000000002B41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-50-0x0000000002AF0000-0x0000000002AF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-49-0x0000000002B00000-0x0000000002B01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-48-0x0000000002B10000-0x0000000002B11000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-47-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-46-0x0000000002AE0000-0x0000000002AE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-26-0x00000000028D0000-0x00000000028D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-25-0x00000000028B0000-0x00000000028B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-23-0x00000000028A0000-0x00000000028A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-22-0x0000000002870000-0x0000000002871000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-42-0x0000000002A60000-0x0000000002A61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-41-0x0000000002A40000-0x0000000002A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-40-0x0000000002A20000-0x0000000002A21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-39-0x0000000002900000-0x0000000002901000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-38-0x00000000028E0000-0x00000000028E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-35-0x00000000001E0000-0x00000000001E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-34-0x0000000002830000-0x0000000002831000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-33-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-32-0x0000000002A90000-0x0000000002A91000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-31-0x0000000002A70000-0x0000000002A71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-30-0x0000000002A50000-0x0000000002A51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-29-0x0000000002A30000-0x0000000002A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-28-0x0000000002A10000-0x0000000002A11000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-13-0x0000000002820000-0x0000000002823000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2548-16-0x0000000002330000-0x0000000002331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-15-0x0000000002840000-0x0000000002841000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-14-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-77-0x0000000002820000-0x0000000002821000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-87-0x00000000005B0000-0x00000000005FB000-memory.dmp

      Filesize

      300KB

      Download

    • memory/2548-86-0x0000000000400000-0x0000000000536400-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2844-105-0x0000000000400000-0x0000000000536400-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2844-109-0x0000000000400000-0x0000000000536400-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2844-114-0x0000000000400000-0x0000000000536400-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2844-118-0x0000000000400000-0x0000000000536400-memory.dmp

      Filesize

      1.2MB

      Download