Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

f7df50d461...18.dll

windows7-x64

6

f7df50d461...18.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    18/04/2024, 11:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f7df50d461bc6b6e42ecec5606cd032f_JaffaCakes118.dll

  • Size

    562KB

  • MD5

    f7df50d461bc6b6e42ecec5606cd032f

  • SHA1

    052e9f427ce37f63c106b8e0deca5030a48a97b5

  • SHA256

    4ee0244c54b854dd46c83974051d7fccfacd26ac511ff64774cb5094cced1b56

  • SHA512

    c96514473639ceb8b61c937b33ef9accdd2225edffac8f8beae062870e2f91c3deccc7152d6db1837c93ff80e8308a8a16a5c28f39a6e9d56744e3f20936a645

  • SSDEEP

    12288:w0Et9YDc/Tk4Po4wSSqodPF9C2vTgYnREu7Rt:YtWDcw4o4Ts/9CknKIR

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies registry class 11 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f7df50d461bc6b6e42ecec5606cd032f_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\f7df50d461bc6b6e42ecec5606cd032f_JaffaCakes118.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:3036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3036-0-0x0000000000810000-0x00000000008A2000-memory.dmp

    Filesize

    584KB

    Download