Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

5c4d2fdd71...18.dll

windows7-x64

6

5c4d2fdd71...18.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    94s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 14:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c4d2fdd71d0fc03028a8d1aa8873ec1_JaffaCakes118.dll

  • Size

    434KB

  • MD5

    5c4d2fdd71d0fc03028a8d1aa8873ec1

  • SHA1

    a7e137cd34dacdee947a9be6604379f42b1aa9cf

  • SHA256

    69ef1b568b9c104f90298202f044034b89941aa8c5af4c6e3d0c3c88286741ca

  • SHA512

    4f9c250d4b76b08695ad7db23d9806a8a051e09c0de6d16651e1276fc78112bf9c78b260473283f083470d305873bfc6758ebb93764099a4d19d05eff98977a4

  • SSDEEP

    12288:ho8hDrtHza8gcEgKJq6xGJOpqqldcBJT+wT9oKqhx:hThDJtegKs0GkprlST+w5odhx

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 15 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5c4d2fdd71d0fc03028a8d1aa8873ec1_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\5c4d2fdd71d0fc03028a8d1aa8873ec1_JaffaCakes118.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:4740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4740-0-0x0000000010000000-0x0000000010097000-memory.dmp

    Filesize

    604KB

    Download

  • memory/4740-1-0x00000000029D0000-0x0000000002A2A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/4740-2-0x0000000003A40000-0x0000000003A43000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4740-5-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4740-6-0x0000000003AA0000-0x0000000003AA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4740-4-0x0000000002C60000-0x0000000002C61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4740-3-0x0000000000FA0000-0x0000000000FA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4740-13-0x0000000003B80000-0x0000000003B81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4740-11-0x0000000003B40000-0x0000000003B41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4740-20-0x0000000003C60000-0x0000000003C61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4740-19-0x0000000003C40000-0x0000000003C41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4740-14-0x0000000003BA0000-0x0000000003BA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4740-18-0x0000000003C20000-0x0000000003C21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4740-17-0x0000000003C00000-0x0000000003C01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4740-16-0x0000000003BE0000-0x0000000003BE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4740-15-0x0000000003BC0000-0x0000000003BC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4740-10-0x0000000003B20000-0x0000000003B21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4740-9-0x0000000003B00000-0x0000000003B01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4740-8-0x0000000003AE0000-0x0000000003AE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4740-12-0x0000000003B60000-0x0000000003B61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4740-7-0x0000000003AC0000-0x0000000003AC1000-memory.dmp

    Filesize

    4KB

    Download