Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

34ab44b6e3...18.dll

windows7-x64

6

34ab44b6e3...18.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10/07/2024, 12:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    34ab44b6e38103593e27bd08a9e6c474_JaffaCakes118.dll

  • Size

    317KB

  • MD5

    34ab44b6e38103593e27bd08a9e6c474

  • SHA1

    0d729996f2c6e1da0da4a2ae1f53472942543c2c

  • SHA256

    17900fa640035d9c28fce788726e1941635a648f7eb671bf1e4e870c20662b18

  • SHA512

    983f730a575ae1f60e794a16b11983d8896cf8bf63a57b034566e97fae4a2d8f249a39bf5698f0b888546913d71586955eaf08850e4b98be9d9144db9581d13e

  • SSDEEP

    6144:8WqPHmKCGf9ShyTDnR6fcHIf2knG0iWBp0InD8TskYyf:ZqPHmKCq9SwT7A0HIf2knRiWl4J

Score
6/10
adwarepersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\34ab44b6e38103593e27bd08a9e6c474_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1488
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\34ab44b6e38103593e27bd08a9e6c474_JaffaCakes118.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2624
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2460 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2252

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9dc6026d55b6b6d41e1aa791db550740

    SHA1

    29b271eb3843618bb46093453f75214a2da6a071

    SHA256

    905074e468af40c68557d25c222b251d62be4a808403e6ae95e8fab40ee85e43

    SHA512

    a42ceddf20223d7d2acecb8696f8e711b5644d95c92544c66e1e7d835563deefdab83e97c1f2591d4fa988218efd2b98407e44f2a1b8179dc6b02f6a1e04f6b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ae9b260f1e6cee8d8605ea84e265ae73

    SHA1

    275ed72cd59da6d33264591f48923532568c882c

    SHA256

    3e12ace77b614127255e0dca54da044580d235bedfd3edb0bd8f4501f7a3d5a8

    SHA512

    071b845cbc59b923db99c8a9929eb38d5c678a4ccda338f876aeb62ae5b60bba9d31aada9a85c052c7efb1283921770fdc9a018242c2aa3daab0f99faedfa8ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f6c5c726038ae47e5718d82442fe0ac

    SHA1

    a30f7ab11afc24484800300c0df00e880f749e30

    SHA256

    304c634c8a30a35757e421b62fa3dcf2643767827eb0c366468794b2c707bd51

    SHA512

    8185b0843c8619f237a76fdf1f0ae297a3f2eea6bacc9a9f947cbf49d7f655fd7253072b8c51ead3100b204b2ebcc3757711b74f99289ec13d90373c99b51ba0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2aedb97fec7bdb0085e7fdd2341f61a4

    SHA1

    6fe67d91cd8e85a00a6ace37c6858c56f5523252

    SHA256

    1bb114047c7937ec004e1cb1472b8147c3894ce2f48e3b28a56b8eb68e4628be

    SHA512

    0ff3f6f5bb4bde9ee47386853362bd59bf5cd006bd2863ad66abc930f31867d9e8223ffbdfa51cec5ceb55847980353235961dab2644f9e38b394d7f771b05ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f70e6cac5eb5c5a536672494e285c7e0

    SHA1

    8c4d058990d0b4f93a7f3c858374d69d9a71f187

    SHA256

    9fde28c279f1fcfe835cdc8c8363611f64725a20d0cdcc9275e3daf5588f87f9

    SHA512

    706d215ee1a1feaf41a0f0de1c4c33ac6f652fc56b9d044d9ab28717409c421265f2d0c6c3a581d1636336de7de4f2417319902d4b5d4e3e51d16ff20e3b9bc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb7e34a3528fb01a27892e53ac62cf60

    SHA1

    a503b395d054cbca5f2d017f8a85264527764804

    SHA256

    3114609598c6d9f3a18abb203d447da59fcc153a76a8a0ff18c8977508444f8c

    SHA512

    16fe6149b73f013815077f687caafa60e136238f3f395f9ce0e53bd1e2ae5f080288e9d15dd78290a7c77f5df911b226f85b6da85f51ae5454b5e92007ee5170

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    38fc3b927631df9cd0ce2fb749e8fe16

    SHA1

    7651ea343fd147446ce2cf2091c02be71adc9410

    SHA256

    a9b66b3ef58ca78f255802affddcb5c39647c91795b98e2105b820ae0ebe62ad

    SHA512

    8c75bf77b043ba8e313971d0f16eaa4d96ad2c272270a2419c6ccf7e8fa3555b8794104b02a49c580de5b1324200daa35f3f609cd791f13bc7e8dd17b6555110

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9e61f4638dedee2f4a7df76d9f17c89b

    SHA1

    e3627aa7cf5bf2e0af02191995d8baf46229823f

    SHA256

    968fff058409d345a9291f99de0f6371bcf0f2d1aad893b390453c9526317ec3

    SHA512

    e3093a208133432bf8f05bd4ac59b277e36f047ca88137d5c3c915c84e83f84eddb7a4454f94336c5f3c7041a7c318c6497d1566f47385c113400072f1e48ef9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dbf6b72e3b522f53c6198ea4f9505201

    SHA1

    c65767e599d32a9fae8a7a21df6d283cdba8b62c

    SHA256

    81701fd2e48f1b7f342e71644ca39db0b79f6b6951ce662b93fc9db88d5c2a5c

    SHA512

    7b7e37670757b40d1af988fb944e520c1c8ce1a5992550e162d7eace788f200574afe49869dc99f695af3dfcb366cdcd6d2048c3965a3be7a107c53d0ac59596

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    201695e20b8f01dc853b626a2197e3ea

    SHA1

    e698fbbd3107f239a5d8c392bdc57bfada49eff5

    SHA256

    d806c5c4ca56f2f27c3d85bada0fe571500098e39ef536a3f6f1f451eca77819

    SHA512

    b06ed64a75c7bf9884de709fc3bc630f1fc178045f6751844e93def3968d6b18a21cbe0c0a01e9485894b10e5b6250ec4536c802c392b394d041689c5fbe3416

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e615a3a688e761972698eba7490a4867

    SHA1

    0d9c857ae74287e52f3214fe4aa33c7158b4b72b

    SHA256

    348ba7c9b245b1975cc2c72a9403f9b85b58dc4fe2be0522e39bc8143065ade7

    SHA512

    6038139e2a2486ac09134ae9fa003edc53726df577072fbfe18137f2a13235c89e89cede32c560b4a59540882820c05c39e33f4a40098e42cd2d049c9d9d7012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5d8fc6751b2274646ad9140a042c84d9

    SHA1

    9088812966d0de86f4324fac35ae9bbb07ca5427

    SHA256

    8f8d87c163e3c143d96a7f462f44e5948cd702a77ae927fe3705c52fd5db247f

    SHA512

    d8b7062d60a607320b9b91ad143ca83c41f3d3ed9467801dd0bc86c98929007187798663f81afa17642aede87254ec62edb96316221c0df2acccb49904aa23d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    040c9e69199381479ef829afdd7b6704

    SHA1

    769252e1a9c7d95777b68228647716458829e2a2

    SHA256

    ce760e87ae92eb5d3742620f8b11de7694a57882aa772c5989dcc23fdac2efa1

    SHA512

    8151cf37ef26254f34feebfedd9d001814f6535f426aefa2d2f5f0b23afe95f6dcc1ed5e5536d741a4211f9a4b59e70500434a8082305551186e103ca6c657fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8371034865a47e4df3c8856d608c757e

    SHA1

    cb36547786cfa24bded089781abbf90761b31514

    SHA256

    4393a1adb6f2b68ff3d90d7890a2eac310515ae4b3e67d75c10d8402a79ba380

    SHA512

    9a63d24925cb4cee60dbea7a4fd938c2a3b723d3f5e8bb467a4902e7868975380fffe93e1d82441aea265a2f764c224ff7580b0e409af5bd3ff265040cc08ac3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0922b1f558fe6aeeda44603d5ace7317

    SHA1

    857b4df2c292969b05b8059ef416bac45c43b9b7

    SHA256

    1e2a80991c3affd325ad3d32cd66fca96fc5c1e1c190abeee3210dec2606e7c0

    SHA512

    9c232398b1c787feac974ea7d343cfc4eb680214abcfa7269ada179f1864f3d96b5a0a1510c401a1c3774f63b48a199715dfc8ffd5a7838f36cc7197832d92b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f162e0eca3012ec8f9976fc811add80

    SHA1

    fc90c10b6320a6ad9956deff810a41471f1000a5

    SHA256

    3c99714385a266593d45bbc620f5628d403ad8fcd8f74ab9d3227a4ce9528ee6

    SHA512

    da0289194599e2675106f1c2fdf08aad7e9793b5a5956d50231dd88b220c6d5def4912cc2a6360cdade49967e40a73896641378a1bf2f768b657089d75bb8a9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3393f94c4d4b5f4163deabc3ba186d43

    SHA1

    fa3fc8b8fdeabf9e6d5cb6c1e7a900dda0c3ea71

    SHA256

    0c928445bc8f489d97e0e30f1ae83678c1bf1d2d341921afe656125f6e05a3e9

    SHA512

    16c4d0554c9f04c423cac50cb765c71edcdfea25072d62177b8256f55ff503f375493961f7eb5c1baa33a5fe568ebbc5e058fafbab8f25bb2d2d639f12d1044b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c40ec8df9e9baadf9ac471e100d3b38b

    SHA1

    de89ca6dc44e7a743a3ee414d9274c641d9e2d49

    SHA256

    ace38fce1cf6fb519d81e2658ffe37f7249c2942e38216a4ad460a44ea675f36

    SHA512

    16590d6bd047fafce40411bc833375e3438e91b61abab2ea6e27a13252956f499dd64e971ab06d0dee06812681e220ade24c7ccf04a6c50449cb1fd53e0ed347

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab966.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA15.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2624-0-0x0000000000140000-0x0000000000142000-memory.dmp

    Filesize

    8KB

    Download