Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

87da55dee6...18.exe

windows7-x64

10

87da55dee6...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    10/08/2024, 22:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    87da55dee6342890df8417f0fbd930f0_JaffaCakes118.exe

  • Size

    329KB

  • MD5

    87da55dee6342890df8417f0fbd930f0

  • SHA1

    95659280e7a4c7808a649e926b3c5796387afeca

  • SHA256

    4bde0f4a64719cc11ca490ab16a2bec59447b0e3b521cbda74dab911c9e8b645

  • SHA512

    2260c6cff3a0f51ff23f7964ec37f5881dd524a430f6a7309013ab2865a10caa561e22e009c13c1996562b0acb9540092ee53c7397fe97cfaa8f39707b1aa272

  • SSDEEP

    3072:jrSFhxp7xHSc7qzPKb/0at9ayXAVJlz0rpl:0hxFxy8qeb/9zaw+zyp

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\87da55dee6342890df8417f0fbd930f0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\87da55dee6342890df8417f0fbd930f0_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2652
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2856
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2244
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2864
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2904

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a7a03d3f540cda96dc144216da30a3af

    SHA1

    aac91d26df8f235b34f1d11cfc899fbfee079fa3

    SHA256

    382a019463ee040a4bb8ddb88079f1d61cf299fac742bec201580c9c16c65e3a

    SHA512

    c90c049e95bb3849f3732dc360c7d1231204aaf01a680cf48daead484292a41fc8a6e52508d67f48a581cdd024024d65b99738087fc510ecd14cb147c77fc781

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6b7fc8c7e5aca3f6d4adcb499a3b06a

    SHA1

    41d5f0c33b70d36922b5019cbe8a900d7375d9fc

    SHA256

    f5afbd8059d9807fcdef76e4ef2af3ad0ec64a409275dcf95a19e262d122164a

    SHA512

    c6e0c2a359df5d283993519bd0787e7b385df6eb26d189fc33434ba57e429856f4219dda34f30545b185003b4a23610f0abd467e856c91a984e52a9dcfc66bc9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f37a483a8d1287511013244f9887e864

    SHA1

    02716747d05def9668e5bcb41946113d36315228

    SHA256

    da32016599db071f7403996e7bed4026f86edd3cc128a6839ee8c0836622da3c

    SHA512

    6a07ac5b0d0500769b620606bd2ce1cb385a04ab722f316373d82b1ae09fa889149da0f40f63d080e9da881000a3b75a4399391612be3ce0af29a9d6ad556fc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b7157c9431e70fccc69f1f871b752ff

    SHA1

    424b6875dba093fc5c516aa0ceef26d41a004b40

    SHA256

    547ec685acfbda4a8abbf1668a617dfc1c95f29784252ece3ab07c32ee68dfa7

    SHA512

    8c597e747667c9e22f74f03040ba149ca062b313146ce6cd87044200ea00e4296d5daa3862d2a7ff52b902d80758cfe18e3a07dfef832295c9079a1b1bf7118e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f508b03b73338e6fe75e7590082737f

    SHA1

    fbb8ed517a08eb809d93981c6f17cce0a584fdb2

    SHA256

    3ac2be6b340c78986ea1b87026b3ec80e2f5f022226d7a35a9cfd7739163ef85

    SHA512

    39d38720d0560ebb97ea513fa9aac1acea6d84935a72268434154b1a8334ba9f75426919e1eef669a1d1888dc64b433b34e82f948c4fd5bca12d4cf6d6f6ec59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a53095602f5201f65eeba5576ec9a7f4

    SHA1

    d066578050d945a282e62b09ebf00487272d10e9

    SHA256

    86fdf20fe0c2e1d5ac24bd9335ae6fdad25b7742608a5225e33d93ddaeefc895

    SHA512

    db2e627979828967c30e767eb9afea9b3934d0c3a907a9464680c100667c9253682a2b0179e0d1591f575008790d3f61afab9a68a51f69009853383af0f069c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8557d70946a1ab590515afc6428c3b0a

    SHA1

    0677a1c1c40d1be44c805907b76e7dbc4c85a2a0

    SHA256

    9792fe215bbc6b8f03a89cc0ca209ef7d9036af34b9ad576494802ce844c3cdd

    SHA512

    4b21d8e2895b0f3e480b8cc2f0ff7558c9c602f460d8a89b902c81d3ae2b1d0a04328b80d4bea79f0bb62f5caa2db6752a0de0cbd237be9fe58da39e65050928

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    10058ef31775bd94c8ab43595ebf8f72

    SHA1

    99fdc7bf9a53f0a6d75e83b52ea11ff8c7592edd

    SHA256

    f864bbf2db2b2bb02211fee95a9879e16b756556a03975de9b1a5d3871a5682d

    SHA512

    6bf2e8cf073a672777f1315a32edae93e6e0ce569d35e2b0abc0ec3085b2b58a0a120307dde9dfd87986693e0f40b9df5c33ae14c23a1401743225f3fb3a8bef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8d1837589f4a187ccb24bc118b4403b2

    SHA1

    d9b6184a212f6bdd8829a758b534975cfb0f503b

    SHA256

    b62d75c758a2c888d7c47423ae62ffffdb8dab41bb1a783f0d30da420b501256

    SHA512

    c8d9ff4b7c07db32458fe08a2da422b5767e4b72bf462517a86ab48c0e0cb0927a8792ff26b8629ed0b884de47f7f831c68ae7d49b7cae244fb216fd11c59257

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7189a018aff53ebf201660c361141d9f

    SHA1

    904d17f2719a7924589c4228383b5faa9dec61dc

    SHA256

    87b9ff65ac39348b3b0a0ec03d7bb74dd3d685dabeb38d7fd9512e9fac28356c

    SHA512

    52c9b9870c06d7b1da9e05a211fdcc2631b2da89f91a0024705f8623b0db8268ea452f4782eabe8d2a3489ca56d4925026310ed710818df9b827e44058b1c171

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6ec0e35e59899e206ac05c22c706135

    SHA1

    cb29f20265b71c507943a29bcef5e56ae211e58d

    SHA256

    408bee81d8651e8ab018c589c511867ea004c754506ae1124fb52a7ed954efde

    SHA512

    4e295f30a601f7c6a56f71b86609e150747525440b1b80f1f80957cff180c35efd557e8bba7f1aada8e1245a68448117edd9c78a92341b5eb10c3d98560c0711

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b445a2d767db9c4dd0caf2c76c8d27f7

    SHA1

    370a04d6e47de6ccfa67bf0618cc76acb97c33e9

    SHA256

    94f44b97cc2269ff9ee312a2be529e171432fff7639a25948a029a02847c6627

    SHA512

    8656291aed9112d6976bf61a83097f95b650c8f01bd77bee8d518541c3446acca716ab71ef21afa7e580eca7a20bc87d4ff891c4ddf402461702f98ea25837ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a4301a20a07941362d5c64387ddeaee

    SHA1

    fc74f14a60d14324621481af2978b53e6c5e10c9

    SHA256

    82bbe60b820ed8789bc4374222e488ffedd8c0d376b1683a3774eb9009bba980

    SHA512

    37faf5eba284ea5ca5085861c44c82c5a635f9bd9fbb565f843aed06ab5cc962e48dfda8adff7ea8c3d5b387a5abfce828fdf5add0c7d11d2c33fd3e9de1aa41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9cb8890b7c942e9ce0d6924decb54b72

    SHA1

    2cdcf491276f9751970a8082fa2a6334f4447db6

    SHA256

    27140c5a0958cefe6af3d89aef29f39e9c62d4909fcc98c8cc8e5294772761f3

    SHA512

    628e769a1839fd560c1562b0b22f8da67eb8bd6d9926204fb8a5e9bc8fcb670bcfd558322a377269077d76fec7706eb48d1a2aaa5516216cbee19d55c76f12c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    04d0e5a7511888f5b4548495e4028532

    SHA1

    f7016bc0611059ecdc95444d580bb74fed5dcc96

    SHA256

    302e5ac0447aace1a4b6db1029fbfea4a0b6a2849c4510c81a0ab974085c15fb

    SHA512

    9e89e3396af69e1fa2101d06a3ca38280b3f9614e94bf2b0d4a9a869543db4e3a5a608c40a952cac28ce48bed795725aa911189ece72e6db3670e5d80ffcd3ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c09acdad30f8c14b47635c4f9d1164f8

    SHA1

    db7bc8a86b7d653a96529daa081a6bb129e66053

    SHA256

    4da20c4da77356ad0ab15e26dc344ed01b4280d624c8299211610761e705de15

    SHA512

    99e52816834282c9ec864ceaf15489bc590482456c310f0254b78ea6bbf47fcc9b42b6158fe4e0a27c3cbf96bb0bd539e4d5a727bede0a36c432ca4e29d91ddc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{984445E1-5764-11EF-987A-EE88FE214989}.dat
    Filesize

    5KB

    MD5

    e3d649f3314b6999983656c15de5f378

    SHA1

    e0785df3c70e0650b55d89391e9722906281c7dc

    SHA256

    31e71c04cb6d82ea2cc9b89c95d4cb098b48ea7368ebe38f132d5102d6ab7a5f

    SHA512

    88293e176b01d0c36f7331ecbc8200eff3e64895f58e6bc7fa0f6d73d2537b70588440d76ee1c5c65b13d1071a9b166fd652eb9dc97a8cae94e79ec2c8e10f35

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9846A741-5764-11EF-987A-EE88FE214989}.dat
    Filesize

    4KB

    MD5

    b85121e1afd2d3f22fd8bb467f23377c

    SHA1

    2dc7f85f8b4de92ebe500ceda4b42263a7632eaa

    SHA256

    1637678012604c5885eccfda4b7547dbe0c723f745e7a109d1d542bbc48e9506

    SHA512

    4513d2e5ad8d95c94597ca96a4b7693c831f63e244f03b287d0657f3e7a8e0d7576a9700bfd1cbf6e21991cdccb8fb16df13d262776637cb33517c3932021f9b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab45CA.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar463A.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2652-4-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2652-0-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2652-2-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2652-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2652-3-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2652-9-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2652-5-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2652-6-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download