Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

3d66b6170b...18.dll

windows7-x64

8

3d66b6170b...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    12/07/2024, 12:35 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d66b6170badfefb74ff2d1377d5afb3_JaffaCakes118.dll

  • Size

    201KB

  • MD5

    3d66b6170badfefb74ff2d1377d5afb3

  • SHA1

    1212981f325c60a6a7d296929b047c7d74d16776

  • SHA256

    0ff3c9098a2b336916c3fecaf3d0a90354f6e3332c099f7171c302c572f85dca

  • SHA512

    d0f88a91ba58fa04ae883d59617ddcd83d8a654a6248ea3abfe04e88cbf296b25ed4fbafc304cdce2b067d57ebc198922cce99f596635b02ed4b20148ee03153

  • SSDEEP

    6144:bNhusqvH9ylSJI8eCgD8yCish9EfKfys/g+5:hws2918UIshGKfyK

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d66b6170badfefb74ff2d1377d5afb3_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1668
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d66b6170badfefb74ff2d1377d5afb3_JaffaCakes118.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2288
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2884
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:3056
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2348
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3052
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2796
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2656
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2656 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2612

    Network

      No results found
    • 195.189.226.229:80
      IEXPLORE.EXE
      152 B
       3
    • 195.189.226.229:80
      IEXPLORE.EXE
      152 B
       3
    • 195.189.226.229:80
      IEXPLORE.EXE
      152 B
       3
    • 195.189.226.229:80
      IEXPLORE.EXE
      152 B
       3
    • 204.79.197.200:443
      ieonline.microsoft.com
      tls
      iexplore.exe
      1.0kB
       7.8kB
       11
      13
    • 204.79.197.200:443
      ieonline.microsoft.com
      tls
      iexplore.exe
      799 B
       7.8kB
       10
      13
    • 204.79.197.200:443
      ieonline.microsoft.com
      tls
      iexplore.exe
      831 B
       7.8kB
       10
      13
    No results found

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b1efa80134718f43c82997e33ebf8fb3

      SHA1

      9cbc42fba5d5bafd7dbe85f6877f547924aabf3a

      SHA256

      2446ec82a657bedfe57e23d4edc1c53bf1180600967d86c29de1f22650c38599

      SHA512

      2d283b8d4f85e338c2a0826687e928bd5eb30675257a5e1a16b2cf4db51b21c31bcef44907be35d698b7d172cb3c9b6d7fc2057866e5ab08815341fd54c096cd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      eb1070e6d49f23ef41451cda214e1a9e

      SHA1

      68fc5f8885276229028d2dcbcad6913b1479c036

      SHA256

      96f62acf15f2027b5a2b4ff62ce9c39046f9c6d47a14ea3a78032f72f69bfd37

      SHA512

      e07608d2e72cf30e74b3dd5230c2357325a0c7b9dc107eec6fbffee6b22f27c64b669ae4988d042a6bf60b03eefa332fe428f48f69617582d7dd547cdbdbd9f7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ba12e39b67c352e628a5fb3d8330b16f

      SHA1

      e0040592b4c5802408f47b84894860b40e18184f

      SHA256

      28fab05d612562156b6ac8b3b7038eeab5fbd294708f5a6832a20a4b28dff407

      SHA512

      f3549e258c456a755f76536358f79d20e4ba246d804e11b16b34e2ac0e77cb2e4ad6ffe5a73946ccff73dafcf912df2769643bae45cfb774c14deef5362717b1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      aa7e7efe83266311b4f8b266c90c379a

      SHA1

      10bb06eeac9db1ebadf51181c12c3e98770714c8

      SHA256

      2ee6a4ff781af4e7d7ae7364676d0175e34ccaff652b709ffa50ad65de517c09

      SHA512

      90198c4b9c156d07371f770334f0f29029cde293c9264279e89db57b272ef69b67ca7280da519a3e1777a3283f3c0416ca7a33a1e41d14af09bf65a60a988f13

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d9e024174057bd919ada7523a4b12413

      SHA1

      ba8ffb78839c21ee434b8ec52dd1adeda212e225

      SHA256

      edcc9a8278c79a0ad9a8a486f8e1e1efd14cd6b5b23dd6119aab2cbfc3f134d6

      SHA512

      9a9d3449b2628755a1765622fb41e58b0b3d2f3d6c0893d782b3b7d873360e906a0bd047e0b4dac90ea83d2a8da82372e17fa9f0e3c529b648b574c87fb76b48

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      41495af87ba583e388f4ffacea2f825c

      SHA1

      6eac89b97cd355ac1dd52430f71693a361e7eab8

      SHA256

      df19d9d4fa6c05d1a3802c7ee5335d23c22e0c64e1ac502f8fbc5045d646a380

      SHA512

      db625d6753225cd4b29c181388ddd48e2995ae99dd0182ffe1c2b03c361230fa702f32e34d34bcedffbd028d525490f08581a914f14727dfab7d2d87f32906ec

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      08a51909dfe2e2ad10ae58a35a6fcdbb

      SHA1

      d8420d15449b53a7dff6723c07960909495846a4

      SHA256

      bd2e5dd72d9d2fc2c743129446d1b18031ca28577a2e0939a22ccb4e4a785fdd

      SHA512

      bddce9513e77b7d6965ae96159810f01fc0bc3269f9bb9951e41af1c23ae9df4d62ab70432bab5cb95db193e74d42bd0e3fde7fa73a0bfab771fa502b18bb0e2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c60f19b0a585a6138fe7d0a0759f964b

      SHA1

      9b59e8ffe9d279ae925e092f43dc448bb068d639

      SHA256

      aa73f27e87e6fff5e1a788b446e543723e45e733df28784583a24ed6d62174ad

      SHA512

      688841959bdcbf43a3a194089e43592ee021515b59532c22d48efba53a55459467838d5da3d22030c53f7a61f28077fbdcf0b0c0d12ae6966e50c81fcd9b4ff8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0f9534cbf286ac96323c314f58b9ee4a

      SHA1

      2f0fe4b97650e3dcf4e90e61f85cf82fa22f07c0

      SHA256

      fc27242939eb1d5d315efc42175d63a15215b79eb546f733e78210aa020a3ca3

      SHA512

      ba62e5919b55c043dbb88922b614aeee91697749b007432e30f98bf9b4c7b798b85d5879e10af20545a40f9646b9c1dd08050206f1c6de6090813a415b079562

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1232811ff919fcadce50f52e16e5df3f

      SHA1

      3b2e3304a16fcbf18196b6ebef823315b2568104

      SHA256

      c36d2f6ef6028a6a0b6ebe7e7df5c70b7328ab9f98107990e93e34e719a9c57a

      SHA512

      dadb223ddfee07137320ceed4af42bc0d52a3c601fb8f69657c2c31771c1965dc3234fe5c07973908d82d22be7c0a7aa31e95f40a8b19ac155cdeeab739b1a65

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3a4373975d9b8b50da2b9dfe6c51aad7

      SHA1

      28317ed6132e97609a1af80c6955bf674d2caeb3

      SHA256

      7668f74b107ea884770dd97bfdba8a0d56c980e5f58484f13cc3592bce46702c

      SHA512

      d969658ffddca5169203e5ad9469a5ed000ee2e3ff35fb1d0be11b01024593cd713d55211a69075d325be271b7ab3fc5acc19414803423d82b51e440f6adcebb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      31e13247a3a2304a6c6c0de19a824945

      SHA1

      fa1098faf0082d5fbecc9e23c2eca1f4d3677a48

      SHA256

      0a9165503766d7742cf0b628ab096dc169f56642c6bf0d5a023c7e296fe1b9cb

      SHA512

      6ebcc2bda278709afae81303d6f0529de4f434ecc6095a6ed0afd962ba4dde27ffbc792c8e80b51b581eaea3f7f6b450ff5370ac5a0cdbb697a7d5b95b80421c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      74081b4baee309e171ebb089a1f38ded

      SHA1

      da201b3f2757c296958926f948743d9896a06e03

      SHA256

      9a9ae4e0aa7276a4548076102ec0e3e22aaf3a0f46e533d93565925d48feec23

      SHA512

      e7faf0bfa5a9ab14475a695423478bef48fbaf66297366746dbaaad8068e0f2783ebd103deab7886af580026db89c18538cec3629a78be736f1d9a8c13301690

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      56f773ad7dd5cbe55199856be177672c

      SHA1

      9b4dc7e321790f71b7a3db8183b4119400858b60

      SHA256

      f4f710e8dc3e6c862ea73b131cf88c8d769efc3824930f0ee4370e4155e1b9f3

      SHA512

      85e52790be8363bbad6c0ad8c9f01098a9d9891b392c92e3da3468bf6454cde49806a8f36416ab7bc199893a3108fb40e9ecc6d49a2ee48ae820b53f51dac727

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d6418f328e7e31bd55dde63428220b8c

      SHA1

      5dda888f8fd6c87942ddaa2dfd26d70a1b10699b

      SHA256

      30472342b45b09d2177fd7b40ee2c17a8f245c6d05cbc4746e22479e88b0f785

      SHA512

      43a845b37dce200b118dcb4f9f12cea1435be823f0d1727c6704b03f47b028829368fc2a3e593603a8cd73ca0c4c6718d0d726c04b46c2254ee63086e6404b61

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      781b67ec60ec095d07be9108606c59a5

      SHA1

      19375d43ae31a637ef1e77c9156012438718b367

      SHA256

      452e5c744ed94bc5d5557a75d3cc544a03eb2a1a6d7cd3fa73f1ae20b56a7564

      SHA512

      06e2a6371f31b9ddecefa36f49eae1d96d45efccf80ae9b65161ef935a6c5f37db2126f6ae28828e9b57e682e44ab5b39e2bd322ad6b9b6c7501a8a6d162dbf4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3b93480b8bf58614f31939d35a6201e4

      SHA1

      580795af3acf03d57177a74ea56675b9488e2574

      SHA256

      58895a0195c6048319e87c3f68691ba418cf176f0d9927f00ace1555f0b0cd85

      SHA512

      732074bf62f637f43e249392b0ca26786bf360f0eded0f09d47c2f146e3249c06d25844fa1340a51397f1743e34d7585bdc1218de9de41a559251c32f6d18f75

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      312d2d9856858785d0336a5efe321a6c

      SHA1

      a375dd0cf183b7737cdcf69e41e4f8fceb98c477

      SHA256

      b420b531570c163bc39bf663c7df5021e792c5d9c1b098b102e5f315a6b362fe

      SHA512

      34f7ce6e2f370cb9de914aaf393fb807b562b9200cedf3264ac52b2fc0d6159d684c4fcc41021c956695633e6b14b26372225d088fe4208664a05ddf175f8368

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab5ADF.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar5BBD.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/2288-0-0x0000000000230000-0x000000000027E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/2288-2-0x0000000000230000-0x000000000027E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/2288-1-0x00000000001B0000-0x00000000001C5000-memory.dmp

      Filesize

      84KB

      Download

    • memory/2348-11-0x0000000000D10000-0x0000000000D5E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/2348-10-0x0000000000D10000-0x0000000000D5E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/2348-13-0x0000000000D10000-0x0000000000D5E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3052-4-0x0000000003A40000-0x0000000003A50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3056-5-0x0000000000100000-0x0000000000101000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3056-6-0x0000000000790000-0x00000000007DE000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3056-7-0x0000000000790000-0x00000000007DE000-memory.dmp

      Filesize

      312KB

      Download

    • memory/3056-8-0x0000000000890000-0x0000000000892000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3056-12-0x0000000000790000-0x00000000007DE000-memory.dmp

      Filesize

      312KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.