Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

3e7e1e4be3...18.dll

windows7-x64

6

3e7e1e4be3...18.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    12/07/2024, 18:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3e7e1e4be3743aa1dcdfb4855361eaaa_JaffaCakes118.dll

  • Size

    553KB

  • MD5

    3e7e1e4be3743aa1dcdfb4855361eaaa

  • SHA1

    17f350f8a6eee8dc99dd84d6d380f7ca6c1a641b

  • SHA256

    439202af5e70b2ca14cab29bfb8e90ce4be31c829b79728e1dbf344e01c96d04

  • SHA512

    05a9639e26058010daa61c77b77a20b9bbdf1d2dae477aab66aa7e3ccf4e66d059c6045ad34906efaeb878b19e79ea64b803e860ffd8f015a7f244f1ba62e695

  • SSDEEP

    12288:Uwcu7OXseaDMe0Pxdt27mK/zYsLR3T8Nk0evAp0URIC6sMlmSd:UwR+seaDMe0PxdQLR3juP2Zs0b

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies registry class 15 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3e7e1e4be3743aa1dcdfb4855361eaaa_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2376
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\3e7e1e4be3743aa1dcdfb4855361eaaa_JaffaCakes118.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:2952

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads