Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

75b12be6c3...18.dll

windows7-x64

3

75b12be6c3...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    26/07/2024, 20:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75b12be6c33891cc202c1585942a5120_JaffaCakes118.dll

  • Size

    26KB

  • MD5

    75b12be6c33891cc202c1585942a5120

  • SHA1

    86f5a614bd99b726e76ae2b3c5750452ad0eef6f

  • SHA256

    e22891d8190f9aab17960d6b4ebb9deea71c322c8c0c35768f80733e48ed327c

  • SHA512

    37d4679e639bf5fd216079ce04e16a9fc492dea35dba8fc9064306e7aead1fd9be2f25554a68e26ee2412130a9fb1d3f6f70ec9c28db0ee75bd62499885ac2d5

  • SSDEEP

    768:6x9svDOWi9RtRPw6/GgBHiShZJMRO0bzhl7Xt9DNk9SNdNrgC4Kydwl+XWnhBroB:6cJerd5h

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies registry class 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\75b12be6c33891cc202c1585942a5120_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2420
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\75b12be6c33891cc202c1585942a5120_JaffaCakes118.dll
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:1672
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2896

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd087e5096fdfe09ff1ae568bc478f2b

    SHA1

    f4acb0cf3652c4766f0e0d9395e29e679b003a93

    SHA256

    29992bf3f1d96e8a93826dd3633ecbd72295ce69421cc31efc13a0944305109f

    SHA512

    1f9fd0a0b27c166706857a39998d266de8b5657d9843a1f9a04aedb271139185ee5b99cf3466b9d39ae70b9af969048ed0c06a494645da666fb6c2ab6944133c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eb0b2f96ee2dd0a406107f7f88f1405f

    SHA1

    d267006641dd33702346c9f74c6a1ae3ed51df84

    SHA256

    2654f9836dd5a19fa053ff7febcb6c852dc1af4b917771db38343108e39bb039

    SHA512

    23a291e44e588e68a2e383cc7930e74bde1e3cd61dcf3baca4e27b5cee08fc87141e182d6bc455ca5de2d9ad5d33f87a142f549196b5ab25fa05ba2c44234276

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    beafa4cb38e9ee00fe440a0303b0c4c6

    SHA1

    95749668a97bb9450a75657b522bb787d98c359a

    SHA256

    870f489f16427c8145940422c3566e2d7cd23c95df6896e0ed561adf83c86eeb

    SHA512

    42ae232a3143ba0f9e772d775b3592ccf56d0ba09d47a8db300962ada3b848eda452c02dbf290c8e13a0c2992f24cd40dea61991403aa0f06c5c37ea42fcc22b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c18066198837ded544d39dedc3591083

    SHA1

    9a67e3b3bd40bf6251e5d59c49771b903800e692

    SHA256

    59474decdd61b97149a0a2484f8e62a9cd1d9a3d3f5d64ff61af5a7945a56ba1

    SHA512

    495f431de28cd66019130dce9be0412f3df4ab317fc53c5e6fd49484610cad6895f668b49a832b0ee5e3a1467c833ca7c6accba47027ed4b5904c5765ae6bab9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    681cc922f1adfe11d28fa198956e4936

    SHA1

    bd47e97baeaf0af186d70e5af5dab2961c1937c2

    SHA256

    ffa9e1ad368574d4a37dc438143cd059d630c277e3a2c6dfda50beba0fcd9449

    SHA512

    8d0a4671298325297a1ec9e3bd4a95a5eaf1db8a150986472e5f8048a9c073faec08a2f9325a8e9866560cfdaeadc9837a841e19cfcf1b81e20c571d4fc8eec9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d3787dfe971adb6ac514f08166c5fdc

    SHA1

    2cf75b06f26e935aa937e0f86a07271e6564efdf

    SHA256

    8d69914c4f9d1316a78b9c73023c99f04de13d8dff8a146a3c06819778a47245

    SHA512

    24a9f5a150bff1b85ec82b2e8599eab94b4e999f5a237f36e2c9db55ed12db6375484ce78b88db89a650568580e4bfd89021f747c55952019e88caff6315ebcf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1c46deb9e1ad9f512b07b06c2a7066a9

    SHA1

    ee68ac311e08ec5922144611d0109a7a7a8a064e

    SHA256

    c02ac4befec74336e15e0ec43b54487dcd8e0addfd20452984ffb49daaaf483e

    SHA512

    a6f84493a40de5f7981849c3757c500686f2bd467642f6363e7e6fd5773bb981c834ba0a270769586bad38ac08d02e543a73b4d51fb1f49c6984287db9562ecc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    565ce394ca150f63025463c0cd9d97ae

    SHA1

    f72c968c7056718160913ec6a7911111a8f4469a

    SHA256

    89884f1aa4a1a75bad01ba1725e68b46c242e1dd3e8c8ddb898673d2906b1cc2

    SHA512

    a8cbefb99ac7ee4901c382cdf05a319d8cec6254158701bf61893c1622e23e4d8f10c22c0f8ae657f827e78962dd9c13946818dc30ba9186a0a89d0556fbb4dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82895a2d2c94a66f857841dbf7faa015

    SHA1

    5709ca3befbce0de270d24c8063018351f5374a4

    SHA256

    4db12e1310ecc35d7bfe720b81b515c5c3894c9ccde07f85678421dced4d386e

    SHA512

    e5a3cfdff5de77a42f32f51162d24db6b28a7751cddf66cf79bb22da42f4795b62fd292edf634e4168286c108ff3944a0b2e454bd0a5aae43629991182854503

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD77D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD7DD.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1672-0-0x00000000008B0000-0x00000000008B2000-memory.dmp

    Filesize

    8KB

    Download