Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

eaef0db441...18.dll

windows7-x64

1

eaef0db441...18.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/04/2024, 11:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eaef0db441097deaaec2ed89e761d469_JaffaCakes118.dll

  • Size

    48KB

  • MD5

    eaef0db441097deaaec2ed89e761d469

  • SHA1

    9ddb335052e005a04887bc538bcf88964931c898

  • SHA256

    4fff6b52973de13110efd41c4bf75fceb13fb387ad0620ee248df7a812d37f63

  • SHA512

    5924c9ff1cbb9a5c939c63fbe79ffbb66d12aceb1c084f33c581e5a974efc89469d95b06de79fb9c7817620c0e02d036e1579c3aac632c67fda883bfc4d7814c

  • SSDEEP

    768:lQSGxvX2PbKq0UotCcSHoqMl77+YbvNgwTUEhpvZSCWbFZ0As:luX2PbKqVoquFpgwTUEhNyFr

Score
1/10

Malware Config

Signatures

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\eaef0db441097deaaec2ed89e761d469_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2416
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\eaef0db441097deaaec2ed89e761d469_JaffaCakes118.dll
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3320
      • C:\Windows\SysWOW64\Rundll32.exe
        C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\eaef0db441097deaaec2ed89e761d469_JaffaCakes118.dll,DllUnregisterServer
        3⤵
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        PID:4728

Network

  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    196.249.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    196.249.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    69.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    69.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    69.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    69.31.126.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    25.14.97.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    25.14.97.104.in-addr.arpa
    IN PTR
    Response
    25.14.97.104.in-addr.arpa
    IN PTR
    a104-97-14-25deploystaticakamaitechnologiescom
  • flag-us
    DNS
    21.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.236.111.52.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    196.249.167.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    196.249.167.52.in-addr.arpa

  • 8.8.8.8:53
    69.31.126.40.in-addr.arpa
    dns
    142 B
     157 B
     2
    1

    DNS Request

    69.31.126.40.in-addr.arpa

    DNS Request

    69.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    232.168.11.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    232.168.11.51.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    25.14.97.104.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    25.14.97.104.in-addr.arpa

  • 8.8.8.8:53
    21.236.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    21.236.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.