Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

3e7e1e4be3...18.dll

windows7-x64

6

3e7e1e4be3...18.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/07/2024, 18:56 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3e7e1e4be3743aa1dcdfb4855361eaaa_JaffaCakes118.dll

  • Size

    553KB

  • MD5

    3e7e1e4be3743aa1dcdfb4855361eaaa

  • SHA1

    17f350f8a6eee8dc99dd84d6d380f7ca6c1a641b

  • SHA256

    439202af5e70b2ca14cab29bfb8e90ce4be31c829b79728e1dbf344e01c96d04

  • SHA512

    05a9639e26058010daa61c77b77a20b9bbdf1d2dae477aab66aa7e3ccf4e66d059c6045ad34906efaeb878b19e79ea64b803e860ffd8f015a7f244f1ba62e695

  • SSDEEP

    12288:Uwcu7OXseaDMe0Pxdt27mK/zYsLR3T8Nk0evAp0URIC6sMlmSd:UwR+seaDMe0PxdQLR3juP2Zs0b

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 15 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3e7e1e4be3743aa1dcdfb4855361eaaa_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3184
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\3e7e1e4be3743aa1dcdfb4855361eaaa_JaffaCakes118.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:2816

Network

  • flag-us
    DNS
    68.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    25.140.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    25.140.123.92.in-addr.arpa
    IN PTR
    Response
    25.140.123.92.in-addr.arpa
    IN PTR
    a92-123-140-25deploystaticakamaitechnologiescom
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    192.142.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    192.142.123.92.in-addr.arpa
    IN PTR
    Response
    192.142.123.92.in-addr.arpa
    IN PTR
    a92-123-142-192deploystaticakamaitechnologiescom
  • flag-us
    DNS
    22.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.236.111.52.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    68.32.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    68.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    25.140.123.92.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    25.140.123.92.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    192.142.123.92.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    192.142.123.92.in-addr.arpa

  • 8.8.8.8:53
    22.236.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    22.236.111.52.in-addr.arpa

  • 8.8.8.8:53

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.