Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

48c8d3cf51...18.dll

windows7-x64

8

48c8d3cf51...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 07:21 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    48c8d3cf51777df66b48b5daf42896e7_JaffaCakes118.dll

  • Size

    202KB

  • MD5

    48c8d3cf51777df66b48b5daf42896e7

  • SHA1

    4bb1be0a60e738225bb9f024ca01bb51031b0ed1

  • SHA256

    db0d0c3dc48d3d619b4ee7cdc63ef2726c7781c8d9981e836cfbac45b3d27bb7

  • SHA512

    a82cbd148d94f14420bcefe8744b86b8fe8b3081e5133bd272f17aa9e914f74423e7fcb060470c183ecefa835427061d62c096b56243a487a7593dec459738d4

  • SSDEEP

    6144:vE/tmQKul1p9sjeRcsBPcu5y9xaJr3tnmdZy4Z:vE/tmtuZLpJcusxKwdfZ

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\48c8d3cf51777df66b48b5daf42896e7_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2352
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\48c8d3cf51777df66b48b5daf42896e7_JaffaCakes118.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3060
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2512
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2532
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2080
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1868
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2756
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2644
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2656

    Network

      No results found
    • 92.241.176.36:80
      IEXPLORE.EXE
      152 B
       3
    • 92.241.176.36:80
      IEXPLORE.EXE
      152 B
       3
    • 92.241.176.36:80
      IEXPLORE.EXE
      152 B
       3
    • 92.241.176.36:80
      IEXPLORE.EXE
      152 B
       3
    • 204.79.197.200:443
      ieonline.microsoft.com
      tls
      iexplore.exe
      799 B
       7.8kB
       10
      13
    • 204.79.197.200:443
      ieonline.microsoft.com
      tls
      iexplore.exe
      747 B
       7.7kB
       9
      12
    • 204.79.197.200:443
      ieonline.microsoft.com
      tls
      iexplore.exe
      785 B
       7.8kB
       9
      12
    No results found

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      355f495bc6914a96ff3ec120e6928ea9

      SHA1

      857be39ced1c85a3f3f1dd9069b15ba67c4e99e7

      SHA256

      1079d8997a587a0380f70ac57e580ecb4b26dd4e3e62bf0583d15b2b844c3e64

      SHA512

      21c6bad7d6b3055c296f1fa2b0604d6fbf14726d1363024c8cb731082296bfc2d9ab03e62346dbedd4bd206e7e37d64b713317a622ff555a0d4a992e88eee455

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7836927fd092c7e0081de7b53c8a6652

      SHA1

      cbb2bd776031bd9921b73addce8762ad2861ffba

      SHA256

      8fa0d869756cb94b0c6d5c2a5bf5c01c63fcd25eb2a979fd21071cb0da15aade

      SHA512

      7806e2ea16ad1aece435fa01f1252923c106bb79b46d30a2e701ba76decdbc8674a5e39c0987b9bbe38e5347d0655de0731d66fab307106120590eec4f7e0e93

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8d6404042ecd441d5ec138962134e760

      SHA1

      ef82b023ae4ae15c2007318ab5ee28de29f59025

      SHA256

      21048a3a4bda6c85660fcac859df22bf3e6cb1a6e66bc3267945b033fe590203

      SHA512

      f276e88dee0c1d379bff17905410be38f1b57cbdb3236b5d6b70c545ffd2f57f47ae51840529a304b40cc6b94db2ecc7c87eae5762700d679d1744c1e1db3217

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      539430a634249b3c547d5eb849d2d7a0

      SHA1

      c53c1216b2d195f86bdd114645528fa275b1034f

      SHA256

      fe29b51cef0641e749f565de3f9b3c481a0205d9786d67cc36140d770f6ee436

      SHA512

      6ab3318347e6aae4235b2f41f95eb72f98de221696e8c513e125a9211d2b83684a2d111b7b42c4ce8cb1aa545d565611ae42f9c028ef2c0a84d8821798fbccef

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9f25614105b4327ea44254878de1e244

      SHA1

      e97045834a06900ffa82612899a4fdd36e4fe123

      SHA256

      fef47901c78d20ee27141822a20345cb893bc5027f82996d0b345d957117da7a

      SHA512

      cb43c46e7a35505381cfca65ca209d51dd144810e5f312e7c4dec975fdd2a7f7fc1e4e8d1ccc1e61fd38f3c6deb405d43bb742a3dc69568020f7ef166c7929cd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      21eda7d8d7b02ef7382520ca5f4cd771

      SHA1

      792c01d74c33ea9aed3fdaba5782ed61bf5fddac

      SHA256

      7bae2824d71859106563c3c4b7f60261fde50df8169388a3fd0917be3bcd9355

      SHA512

      858daa5fd66fbc3c45afabfa690a682c776406f6915860cb03a99c23fb732aa85a0a9f2461b297268b139549451102847bbe2473dbe1de54fc7f35be45859f60

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a9fd49826221284cf37eabd2ac07659f

      SHA1

      237bf20e9af39b2e907be101a69177e2c5be7e32

      SHA256

      b0ae0a7a950ffbe92f504294eb378128cd21b986c6018a4fff7470a7bf215f03

      SHA512

      5539eaed290dd6c27528ac954186f481264680d5c72c5579910c0f907acfe0606f562a2629fdad04b91d9feba19661ee46cb51669356ddf12e36dcdc85be508f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1f190882e077a5c18bf9a5f68922d3a2

      SHA1

      c2a34e5c712f82bcae04b18245ce29ab736ca671

      SHA256

      87fee96eae17dc63331f857c6103a083d6c5902e7497138eff56889bc1a9b62d

      SHA512

      877dbee021f1b29d1c8ea6e50a8a11889a29c81e74354ff767542f029afcf6a3e8fe0bed6551cad422964c5280a802df05a37e772cd6cec72f4b058f038245d4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f8edb33c6e6f90767bb15cb951ffd2df

      SHA1

      9e811ab8147cbbb5857161e5a60af054f211e984

      SHA256

      fd1e584aabeb02e3841f194146aedfff2fd841abffeff26cf83bb9f3278a4179

      SHA512

      6ea35a339fa0877ad9692555749202d24fbeab86e3236b23c49fec196a8a63221aa3f3a406a5e1ee41d93fc184b8aaaf07ee59657f5548d793ad5c1d608d0670

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      85a8b3ad7b8a2fec8179fe5369267761

      SHA1

      3a3482d59b4bdce910b2d3114c9b2b44af8c3514

      SHA256

      23e762891c7912101892c27e2de6c4db26da40029a11d31e3bdff909197a6fe6

      SHA512

      7103d2490522996ffeca07084361231901bc3869de37c9b6c7cf0c717d07bd4c270ea73794a4e9c170cc7be5662a72e6874efbf212b51d75d49c373cbc501271

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      71f366eb3253b769ae7999e38c002efa

      SHA1

      4b60efbb359b95aebd152f0ba1204d68e6b7699f

      SHA256

      6c4372aebbcef1e7aed5ec6d675de5f61f0a74eecb250a4e45e18ff37d47c882

      SHA512

      2a811469400dbf2791be437b15bb957d4c58dc2bd9578e7dcbc16120769cd49c82f60158c0a85a99a1056a63e8680818e221ef26306ded044e0ad395e46c7cf1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab8613.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar8A7A.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/1868-4-0x0000000003D80000-0x0000000003D90000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2080-10-0x00000000003C0000-0x000000000040D000-memory.dmp

      Filesize

      308KB

      Download

    • memory/2080-13-0x00000000003C0000-0x000000000040D000-memory.dmp

      Filesize

      308KB

      Download

    • memory/2080-9-0x00000000003C0000-0x000000000040D000-memory.dmp

      Filesize

      308KB

      Download

    • memory/2532-12-0x00000000002C0000-0x000000000030D000-memory.dmp

      Filesize

      308KB

      Download

    • memory/2532-11-0x0000000000330000-0x0000000000332000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2532-7-0x00000000002C0000-0x000000000030D000-memory.dmp

      Filesize

      308KB

      Download

    • memory/2532-6-0x00000000002C0000-0x000000000030D000-memory.dmp

      Filesize

      308KB

      Download

    • memory/2532-5-0x0000000000180000-0x0000000000181000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3060-1-0x0000000000130000-0x0000000000145000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3060-2-0x0000000000400000-0x000000000044D000-memory.dmp

      Filesize

      308KB

      Download

    • memory/3060-0-0x0000000000400000-0x000000000044D000-memory.dmp

      Filesize

      308KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.