Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

610613fa77...18.dll

windows7-x64

8

610613fa77...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21/07/2024, 18:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    610613fa7732bf81c2a98e5479a0b180_JaffaCakes118.dll

  • Size

    181KB

  • MD5

    610613fa7732bf81c2a98e5479a0b180

  • SHA1

    8e9aca851098cccfe4b701466ae170214e0d25fe

  • SHA256

    ebc2a69929e84bdfaca4fb3804240ab1ceaea69c6664cfa29442f6b52b31cef6

  • SHA512

    094a9a512d7d7459f1c41479f5943f3f29df4a279b179a62edf8d473db6aa17d3fb173c5f43575bdc2d4800df64e4bc6560047ee423aca8c0892484656285a08

  • SSDEEP

    3072:tBrNNeA7Flky1ZRWIhh+DNdoepSEvAMyzkmWK4Z2O+Q+1Iic6pcmdy0ZyPIouty:tpb7FlkevWFJdo2dyzkmWK4Z2OsWibpV

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\610613fa7732bf81c2a98e5479a0b180_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\610613fa7732bf81c2a98e5479a0b180_JaffaCakes118.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2208
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2796
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2928
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:1572
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1884
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:1484
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2864
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2732

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      86fcdd8708df99b828123c43591babb8

      SHA1

      5009eca4f53c1304066bd4160aa8aedd647b1a87

      SHA256

      df52b110686669bf4d8c19ae09873309d9f108b2cb90c3d7f962a332e8555675

      SHA512

      28376d900460a45be763da0903ef3af4024b8d8bc282aa332642cd06dec9907554207617060c8c24808ebd33fe4997625d03b8d892009bdc13837e5cc5b73ec7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ebce3658b4ca40f2b489049de3725dea

      SHA1

      37958b65f4294635215ab19cf35b2dede5cd68c1

      SHA256

      5d8b3bfce512f81e07c37a41a95ff1103eec6d4a9851c00d731c785c08ae60d1

      SHA512

      320801566eec0a3eb3d22525188d117c5140a68415fc9928a4bad0ee091dfacf10a722c082110ec31cd5136ee5d10646b2f566f6a46a6a1278a272c9dfedc466

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5298d11be53e819f6e7faf4b633b0cf0

      SHA1

      e6020842ea556a05e993d3f4c42718b195e3926b

      SHA256

      38a99dc57d5e4e499161630b388b5d72eadff4c2d08901f59aac6936228f67a7

      SHA512

      276dec9426faefda47d95e4cf38a5c12d15dd0632329fbe3d06fda3a6e93576dd3c9b13ca51c05080a59e896b05546cdec36e4388c4c3040e2a7f66abea99539

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1b2361fb393742f8577ba11482078bae

      SHA1

      b5fb9257ba1535845288c5750b02d86dc6070441

      SHA256

      8b358a18485bf4630284cecca26b607238db4b93cce902b74a49693ed9730bd3

      SHA512

      47772fd5618838bd0978445a855cacd17ae6bbcf68c9b0a5df71c38b6b598ad851c2ab7f75f548d3c68d3bda687a64345771e83a0b1b224911b8f17986e6b278

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      357318770cb7a6a72879858ce17eaff4

      SHA1

      047b0a22dae61ad4a2978792cff7b826e158b171

      SHA256

      14d869416923793376585e019b6efb166c2f3af587d775be5cc8db8112dc8165

      SHA512

      c4e2ca0727d585e6a5c87c4fa322959d11596008e8e32e2ab4e09084623c542b6202f413fee53dae7226de4e6c1bcf98b7cbb40d4c90abd5dc0f8b729605c4b5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f506992a873a1d8ae4d213485771581c

      SHA1

      d6d660b535d444c5331ac431897df428bec2e599

      SHA256

      99a8373d5b7a3a523740fdf355ffd5c1d8adb051103db49c23110875a7f31bcb

      SHA512

      6ff4ef36b65d71f96294c1f33978d20ba3bb22af75e89e9ebefb48d078f24704c6f86633e20495de6984eba97c68770bd2ba87902c979831bb4e54ce40f13bb8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0f6a5df83475ac83cee7fd8306b7fcb5

      SHA1

      421b21309cd41279a722765e42919acf0ad1ecf1

      SHA256

      5bc03679b1d80dc19112f3a030c0e92398174b0a4d11d4aad9dfeb61e7021573

      SHA512

      69fc394ac49efa9a718f6e0c82a531b8af3b241756c04ce09dca020366bf6265196d56d88e8dd82d41d9943f6cda9a5b6f64ed39f917ce753ea6eb672c5b0ce0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      af29554bed509a09857a5d9f4f2029f1

      SHA1

      b675635669dcd2a4b85609416c3ee6f2e9b4b889

      SHA256

      77f1c152dd7239db2406375f6c4ea9b27316e0483f9599143483b26f84a468c5

      SHA512

      afb657e8257e1309dc50439f50ad993266f4a6581ba8f72013e53d88b34023b75016f51b1748b7fdd2ec51910d434ef10ab2c287b05c1f3cfea9df19527c4b36

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c5cad78db0761003b85a9cc8a8bf81e3

      SHA1

      90797c1c5795a0550d7b5614bdf550f083459277

      SHA256

      e69f4c7025d16416da19e47deb8e594d39214e29d616e707ff3eafaca6641ce5

      SHA512

      6bde006fd192334e3c0abb3cb417e036d305bc20d0f290d8db3721c261420c78515ec919faa86c01f42dc5bdf7d1b19a48adb23af7d7d47a7b03394ee7ebe6ab

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b42fd72abdab2281c5d3620078d0a8e7

      SHA1

      f7bcb11770f21fe42c9832232ce7e07bbc3f53b8

      SHA256

      9ed0e17378aab435ded2f872fc3f3132ed9252e51befeaec58c2a89d38e12de2

      SHA512

      40797a6b1f6621149103ab66abd9cceca2e8a903af4681985dfcadc53a5d76b87cc6d5dd03e573c58878d70f1b0ad1ab38fb7b114bbd7240ebde76d8543318de

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      974ef48f898b583b20e9dc6a64090b5b

      SHA1

      18cd1b27f299d7dbe252bfb48570ab46fd60c7e3

      SHA256

      0e80a86e6ff9208960c535233bf62f471866a8081bc01a7e446043d3e0e137fd

      SHA512

      5dfb8b1d780d5b37ee197e19ba6597ec6d8261cbf7ec1b302004e74a6bbf7ea77f2ac046d35c3cae2a78908471f5ad902e634691058822d2332d643b9d24975f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ebd1bb1adc2c15bd152d27d6d78e45ca

      SHA1

      8b48edb87b0b9bb9436e25bc1120943f4209db26

      SHA256

      e4d8b358b87781eb8c305b796372a4f5e061a3c100a29a24af4a08ee27b3fd7e

      SHA512

      5ff8c0dfd84b0bf48d1d8d5d63020d557f45738324b23b9c28624114ba6ccdb46216ad4cfdcdfb462ef1d1a83c633e3d46825af2e67b291acecffab2a2407fbe

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1eab1f5f268f8273a0afde64678f9c2c

      SHA1

      828bb12200fe7c6da81eb9fd338d71ae13662142

      SHA256

      6601c1bbd70bc814932f9aaf8f209ba92683f9bfe657bd4dd3ee4e47dbfa951b

      SHA512

      7192599cdf6b6f75bad78049fac8acf68a5a1c439e792d8d81a71ea69ad1f4ebcb833a24085d514424927ce3b38f84b470630c6de05e574e0c367f9c5d4adfeb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2934294576834699ff39c8ef38c176b8

      SHA1

      73317c7d278c43a535cc95d3e0d33512a5804406

      SHA256

      135d22aab6ec3796831f0caac9ccfd9e1ed559eacdae14bddf9803fad7571fa7

      SHA512

      66b4fff6a7c50bf8acfbfd31fcec59781c135e49d55bca50f18506cdbaccc5714a67adb6b5a622ee8140b979dbb3a83f807d5e7db71f71cc318b11cc5bb17cdb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      db91bb62b5abbfcd85296cf95b8e6c00

      SHA1

      374533062f8ceac76576f8c34e90a298652214c9

      SHA256

      def6d329afd22bd489ca7a9762dbf4cf790d4a16ae9443e37958cee4e725bdd5

      SHA512

      ddd3cb123b8a8aa221427b8d52a2084ffe20bdc5a92e7bedbbd3a7da8d01a6114f21a71513888ca22a81e5c5c209638b7b6ff0d4f63c13d600830d928e67f019

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      47d4454f31f4463e5aa880ee9a085e32

      SHA1

      65333172249909b7a28b514ce2267328e5991bb1

      SHA256

      33fb49740bfdc3a8db9066fb757606c697adf3082a3c14d58abf49a0a29e008e

      SHA512

      81ea579acbb6ff99ee10df875c4cc06bb1606998f61177835953182944c2478c9da8b7cda1d1c59720b69e2e3414783f0f4a08d5b2b7a6ac6625f7db15574a5c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f53af0c7eaeb82704b60dcc2427faf35

      SHA1

      671768477a5fccdd8fc2510a0e2e40a1c7562da6

      SHA256

      bf681327af4da6bc8f85c90a2640cd6b23d157f49d35deb31ea94102eb8f267a

      SHA512

      167c12ff7756b1a6f0f4992121be703fa2b87fbfdad004324727e21b12bfa45c5d50764190bcb4e9c850c8339f18c49c06a8ee0e55506feb09945bc49e4289f5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ae4dd5acd5d2ed72d44c274b6873b4b9

      SHA1

      cbc66f962ac19df5a70c6572c0a821754fa251da

      SHA256

      e2b2842b721f63ba4727925989f69aba822a08a61df72a9a5f8785a1d2567ea1

      SHA512

      e77bdc43961149a481ae41c2871d0a9214d47ffaa4e3e840232e74cc628e8b3abac757e80fb9ddb7c5501e4f984a3cdcdfba1297ceec86a1bbf27e9f9604da42

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7f637f651e4b1345793182e53455ab58

      SHA1

      b8dee43e6b48b76ba79f8881ddc774f830c96f51

      SHA256

      c74a5527dc94db40bad8718a22efc7a54bf2c64e590ef4d1fe7f0234e96f02a2

      SHA512

      5200d33f9f5f85217854855af59bccf90fc7dc9b8ecb0a6c8eddb0e5d52de19a245e51ac98232e1c0c6c6e92b28bd0241144caa8a35d7b5588fc81be44b2a9b2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e2105239228f3027bed119da9bb8949b

      SHA1

      870d2e58f2458e7de808f90f227e0a36aea24889

      SHA256

      62eac180be0d39502a0cac91e8ca1fcea21a794f1537e31cebee750a164da968

      SHA512

      10b23ca52c3bfdee8f4b554c2671b5adc93c5961b6dfcf2ffa3b6be4075992516abba06877f22becdc348642f32be753840719b7a828a9dfef064080172519ce

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c36a917d9093669dd82233d33dc3576b

      SHA1

      1f614436d7212f7a6c64ac457bd00599e923c3bb

      SHA256

      94982219308cf00a9bba7a2da5f0f778ffa6ecc2451cb7e403888193ac6ba7cc

      SHA512

      42c279b26ac8fadaa5eebd4ee93c7ee7b5a92bdec28e7c2af894c9fd1ef8b76ed131a78d818e04ffcaaad8ccd877adac38b7cfa97e3c750322141955418636ba

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab4C8D.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar4CFE.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/1572-16-0x00000000001B0000-0x00000000001FC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/1572-14-0x00000000001B0000-0x00000000001FC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/1572-13-0x00000000001B0000-0x00000000001FC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/1884-7-0x0000000003B10000-0x0000000003B20000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2208-5-0x0000000000230000-0x000000000027C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/2208-1-0x0000000000230000-0x000000000027C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/2208-3-0x0000000000230000-0x000000000027C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/2208-2-0x0000000000230000-0x000000000027C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/2208-0-0x0000000000230000-0x000000000027C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/2208-4-0x0000000000290000-0x00000000002A5000-memory.dmp

      Filesize

      84KB

      Download

    • memory/2928-15-0x0000000000390000-0x00000000003DC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/2928-8-0x0000000000110000-0x0000000000111000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2928-9-0x0000000000390000-0x00000000003DC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/2928-10-0x0000000000390000-0x00000000003DC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/2928-11-0x00000000003E0000-0x00000000003E2000-memory.dmp

      Filesize

      8KB

      Download