Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

72f92cf469...18.dll

windows7-x64

8

72f92cf469...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    140s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    26/07/2024, 06:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    72f92cf469816f0c7eb49219ab48b1c4_JaffaCakes118.dll

  • Size

    63KB

  • MD5

    72f92cf469816f0c7eb49219ab48b1c4

  • SHA1

    86294ef06aad386ecb551656365713dcb0a6b699

  • SHA256

    9c00d0e1f410f9c4a5e565750d6907864dd0e8e87ca67da16f1512f9264361b2

  • SHA512

    8bf03db01aa4b762fdfecafb1538ed8239ced904e4f08d90c8834be26dafdc5ef72b7ac3fa19075458b2520d53e9361827b8f2fd34efa3d8dae292358b41f944

  • SSDEEP

    1536:5/4LP/0vLN6a5Ep4MG+D3QKAFP2BIp8AuZCLR:KLP8Ua5E+GD8P2BICC

Score
8/10
discovery

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\72f92cf469816f0c7eb49219ab48b1c4_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2152
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\72f92cf469816f0c7eb49219ab48b1c4_JaffaCakes118.dll,#1
      2⤵
      • Blocklisted process makes network request
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1940
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2736
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2736 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3048
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2736 CREDAT:472071 /prefetch:2
      2⤵
        PID:1524

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f701877af72d385a372f3812bb1ee268

      SHA1

      596173dc8ab6c303e44bdc2469b31cc88c69f28e

      SHA256

      0397c2220821e3c0986e2a661a723637bec3da34e9ee00c1a1729507121f1718

      SHA512

      e02225de0f072b61867c631c58add663e39d3e1f26be34f17e1d0a34d706d9dffa510151083d1d4fb83d2a22da66f4c6ccdd760f8bb32f0495dacb67278ce2d7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6a89f10daec673cf69bce08ba59b2616

      SHA1

      d28fd99a8b0681ecac58f157ec4e2d976c23e637

      SHA256

      814bf70af49044d5ef7eb28abc3478275e8c52a7ff5db06138413d24fa0d80b8

      SHA512

      d49c152cd2234e8e890b7da1097d0c1867272b51020433699eb4c0803bb40ce203727db76c587123e8363b700deab67c5bed7187fe1ecbcddff872da0ae62133

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d5d0f85b94a985982821f7f2c9831e16

      SHA1

      2948d8e2e638d01356727a5030b0c872d2775207

      SHA256

      95bcd979a072f1cdf016de462abc969b36f06e1e5ba6aedc42230526b1bd994e

      SHA512

      8cffda065f5012f1bf17352a94ca66d4b14513acdfc4921c3afc103f5de129de328d2b1148cd2ea00ec3657be89999210b18c99213c8d1fe4ab72617a859f168

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cdd0c24c1f12745aa321ad70625c4299

      SHA1

      d3fd2744f0d42fcb841539c028c897cba409a181

      SHA256

      e8aa0f786a9311c5daa1955545cce84b0832ff22d20e1f4858180b62b4acc18d

      SHA512

      02b2eec84108022ee1d00b6c110eb1712076be7ed19e6a9d820d962209dafb13621215fd06acba56da2a9bd775b19b736418b892603894cccdbca64ee2e8cfb4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e8c203d7f70e2cce318a0f2691fa51aa

      SHA1

      49675a3c4615ce0e7f784659d56e8d466d5b8224

      SHA256

      d5224647bb5a1e6f2324def5aa8aa98c896d31c46a9160a7efb086e6827fb052

      SHA512

      fe7a4da4778cf141001c88f01a6dd6593755ca4bacae39d4f6d4e99d60f51151fa8178be754bc2b7b2a0c634a27086b4a4fcb2d2460af354139d13282b9f501c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      da026ef8bdd44602c88bb8c96adc7c8b

      SHA1

      f89cb8ae4dddd3fa67d5fd68a5bf9dae4503f850

      SHA256

      d6003cb3d28186b1f3508af55b977409950f1a0a25697e764827442c81238219

      SHA512

      1af2825a5d78394af9c9bc51bd2ef360b53122523d7f1432c55199ece70e21478086a8c67a59c42842d059a6fc5b6c3a53b2c764bb730f5e3ce7795ee18cdcfc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9d4d1e6ab47cb19370626d5250d73c01

      SHA1

      18217f20aba2b01bd68084ddd7a059ff58f7ff63

      SHA256

      99343c48ef99d452c413b8ab1fe6fa8426befc617b8b766d6d557d95b28c87c1

      SHA512

      97d2e252cc4198a4295d858e4f4f1018c25068e79be88c939c7a8e99dd0f08b731f2d8a5343e45f5fe8e4c8a135333f71accc28e6a201edcf52cf1f3539d91da

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      641163915e67eb5a6b90f4b38837239a

      SHA1

      d8ea02954fc80722db8947ad78d1788835d7ce9b

      SHA256

      07d3db299488e2134364aeaee320147b621f7312e0bd3a20d7891376d525dc42

      SHA512

      bbc2b36fa0891f56d53890f5406b25fc28a01a2ec6c883531f25d88c95431e8cd53a38d5c0c2bf61c5d0fc2a746ce05d8ed3695ac31bd4743ae934461812e05b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9010e6bb120ec17e29190ad4b690664f

      SHA1

      3774e6bcfecfa0df5dba6b067e46d82146864670

      SHA256

      be36ba5224937adf965b80f043a142a5ac09dc0dc0b61bdbdde7d1e77e3b9177

      SHA512

      853a8bbb3f27f7ec0158d79afb2bbe8ad72e5c7b7dc433a345794404857a321337ef5e8dd747ea99bdc707edd74287e21286122cd03ace6f89e9a70e7e8ac1e4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f9235a53cba40d05edd06be3a8bd6ad2

      SHA1

      2919a46ce74bdac476bb9f08070540b2d834e06b

      SHA256

      8d5646c2c23614eaa1423c9fb7f0b54b095749fce62cd8809642699ec0978781

      SHA512

      8a569ee3f43ef4a63ab14bf9dbe7e27887301f426e7918b6628ee6c6e391346416923e4dab76c0870cf282431d547363435ad556ef94e5cede9e1b65f627a19a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e311955e794eff760ec040ec2adb0214

      SHA1

      e45790c931d52d793caa20b1cd4dd1f75b16e36c

      SHA256

      48699f243540c8244655b886427d6ec83bf48d3a710d80498b784f88f7166a77

      SHA512

      4f733cc8e374a493822d2da36b0d3fe7cf495b9ed042b46ecfadf17bb3007db9589113d4a5346bf1c78bf528e56b73afb1d07db89d32be7ec94e6713f9ae3cf5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      88b034f86e5144c6285251c46eb5a1ec

      SHA1

      540e4e5bff5e4b19df2e0e27c1076ed9851e9816

      SHA256

      e726c2baf3fc625755bd5cf40b21c3b9b0369f5a97b8d8caa2a2b1af421eba02

      SHA512

      bd83fe324ff1464502bd7edb7310b9d05170b9cbdc9edb64feda2d6b43ab1d4cbf30b4c0653129de8e75b74292e6eeb2ae58173016444b1867dcc5465d81530f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5abe53f0c30bcb85f8c372f15eccbb54

      SHA1

      c0f1dbf87e42080e98cb4399ae5e3798ee824d57

      SHA256

      3c2879277796dd6a1916940a4f2b343d9ec1b577f28c8b656b62b6431ce75d83

      SHA512

      54ae750dcb7e789f313ad726109ebe76412195375bdb42a11ff6b8f7a6617f601345953d6f5d89eae2827e9470d44905359804744ef2b61cd822ef0d75343a4a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      99389683415a582394920ee39ddf4252

      SHA1

      572c1bbcbbbc91d93213d59d98d79ebde9275312

      SHA256

      43f4c1eaec98c2a669c19a2e4b01baf8c31bfa6d0ae5bf90229a458910191a02

      SHA512

      3c40101e827846e05fb32dd3299123056e75d39955934bf87833574cf280e5ca50dc8b5f77d054c876574652751c59933f372e84a4331c4859991ac82c78d7ef

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b4c4ab3a3613fade7671410982c343cb

      SHA1

      a75b0f8aece387a9f05ed7ba89bbe3ceb0534084

      SHA256

      1fb6bac47a920a51573532fe7ecf0905da5d27ce1b3d62cd46832c0c7b611848

      SHA512

      37f2f7bc1b4e1f69f2c047f8059fcb8ed32b21ba98afa97940b7a6439eb979c8430080c90798eafa891f62f10e7a703d1bd0b2b4dcd5c13fabe1ba75cf9406f7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      27159de6d85b7b76778217e3ac194a16

      SHA1

      ae23f9211e2d59f12022c2d4978b07dd79bea4f6

      SHA256

      ec39cf6dfb1ce4072541fc7419eb28bebfef801c7f989a1fbe1eabc861b10b6e

      SHA512

      86ece9e166b46a7f9b3c248ca574dcfe01bcb8a5547ed2602bc1ae777d2c55728cb89c502fbc609a105039766b623f4f37a1382e0edd9b660618efd042e6e906

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1d88b92ef696064730e58357848d859d

      SHA1

      2f0de64c38df4cd5602556f5a33f04c4c3422ea8

      SHA256

      aed161fe99c7934d2bcfcddb7ec280260828b5dc4c00fbcb80b3845f3aa2110f

      SHA512

      a42d5e466d2e5b1b4b4b0493fe43a5102a0d51bac037dd289e45d0bca3b1a5ffb263883c349e38b96502e1afca3573a6ac1d542fd5bedd0a15ce9d27f0743e77

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      207571347b82b6807b11b162ee566139

      SHA1

      09b09c7100d06e45e4c5a4d336050ceddbf9fb84

      SHA256

      65ec763995f29c97ba1f7192562f2bb56a148c3f2472b4503a67f45185993116

      SHA512

      df42d8ca66f27281a7a96e672703e04e369638f911ab8cf82feff9bfaec679a09b0b7377ecfb714746e9ed4f52780548b105521ebe0efee2c69bbe9fa6f79827

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab2907.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Low\tmp6C2C.dll
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar2ADE.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/1940-0-0x0000000010000000-0x000000001003A000-memory.dmp

      Filesize

      232KB

      Download

    • memory/1940-3-0x0000000010000000-0x000000001003A000-memory.dmp

      Filesize

      232KB

      Download

    • memory/1940-4-0x0000000010000000-0x000000001003A000-memory.dmp

      Filesize

      232KB

      Download

    • memory/1940-5-0x0000000010000000-0x000000001001B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/1940-8-0x0000000000290000-0x0000000000292000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1940-9-0x0000000010000000-0x000000001003A000-memory.dmp

      Filesize

      232KB

      Download

    • memory/1940-1-0x0000000000100000-0x0000000000106000-memory.dmp

      Filesize

      24KB

      Download

    • memory/1940-452-0x0000000010000000-0x000000001003A000-memory.dmp

      Filesize

      232KB

      Download

    • memory/1940-2-0x0000000010000000-0x000000001001B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/1940-11-0x0000000010000000-0x000000001003A000-memory.dmp

      Filesize

      232KB

      Download