Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

aa83af9984...18.dll

windows7-x64

7

aa83af9984...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    19/08/2024, 09:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa83af99843e5acb69f85cd778294d59_JaffaCakes118.dll

  • Size

    116KB

  • MD5

    aa83af99843e5acb69f85cd778294d59

  • SHA1

    c98bbe9029b9a14804040cc655a7915542fd3aed

  • SHA256

    1a4598e530dbab0c338cdf323b7e74bc420aa3eae2036ae91c4f52479658379f

  • SHA512

    3b63e5a151e54d4d87361b28af95ccad8ce63e70082e0e6c41178ce9ee1907417fbfba1edf1aa845155e6313301dd2efb6c1ddb4f299a571e2001a22a0ac32e8

  • SSDEEP

    3072:yv4/6jfCX1DqMtZBkrVr9eK2/gqbTkKm/smKcua6/JRYs:4RfU1LerVrg/g7f/smnua6R

Score
7/10
discoveryvmprotect

Malware Config

Signatures

  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa83af99843e5acb69f85cd778294d59_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:484
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa83af99843e5acb69f85cd778294d59_JaffaCakes118.dll,#1
      2⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1044
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://cheatchit.blogspot.com/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2476
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2476 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2124

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
    Filesize

    854B

    MD5

    e935bc5762068caf3e24a2683b1b8a88

    SHA1

    82b70eb774c0756837fe8d7acbfeec05ecbf5463

    SHA256

    a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

    SHA512

    bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    1aef93e8903372a0aa9d6ba0d1f06d04

    SHA1

    afbbf555357fb8822bad3f3402ecba6031414b4f

    SHA256

    cb987a002a4ed3098c71223462b646ab382f11be4810ee9c81fba56475c99504

    SHA512

    106865422d33e50022a5f7b3b230111dc339bf7c89d568734cfa3e5648cdaa7836bdbf53e102d0f208462ccc78d6c518e08917e0a33817dfa4c58b8e2d0c9b3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    e70e9de2ba3b18ab12f70230e31edb72

    SHA1

    f9a613aeadd237cdfc70627f5d55eb0fe8390e2f

    SHA256

    d354d01a19653782920c719fbb128e876dea793a587de8845336f3d2a6b8b3af

    SHA512

    377634a08db0dcbb82f78aea7ea967733009f4125c3d10140372032c9254f1660ec5f71daaaf50caf606a13c5d1480ff5b99367aa43598031f428770d86367ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    7ca6cc3188cd28f9c71705b924419fe2

    SHA1

    2751b0593d7c3e02d5ac80d311096a0076920051

    SHA256

    0b3e5479d8b1845e3c4f12fccf7e13e27a6e11a2ba20336132adc2ff76fb82c6

    SHA512

    310425fd3db5ac11a47644f6ed4518953ebad2a35ecedf51ebb5d9ea200a1a8af8d098515802fbe8155046843a31aa4f8f352b43e88be5c5359dc9a9bceac3f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    315ed30bb5f01ecd66bedb1913979868

    SHA1

    10397aa314885f1ecc1391aaf565783ec68d9e88

    SHA256

    66bcad23f55b00edbf90b962012ec3251082880aff7b52dd5ce6c239f5bca267

    SHA512

    2ef8d13494542e186878484e7b1703834b8a1c3841d6bf345a69d7b354269313ba47570a185f03875e82968c48f7b089238ce0f327e6318a6dbfe18716b1fa4d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_D71A94740B0CED76EBD7AAE2374CBE8B
    Filesize

    406B

    MD5

    814ae69d3cd3f85bb45dbb4f1cbc77b2

    SHA1

    361fdd546334f0c7fc46f8eb0a06b00b52391650

    SHA256

    eb333f1e7f6a551337a12ba6252465dae5f965b030fd40d91248ab7ea644e3d4

    SHA512

    ad7b3f9653c6d679e1e84d7dc87ef70f8aa7514cf78458aa7a62ad23247987196ece674a839658bf0a53a615dd2cf1688a2d1aaf13a7698cfbce9de361235106

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    464552766d45e7b3f58cdbf2b0110083

    SHA1

    60c219b43caaab23724ecef3dd38bec1b295942d

    SHA256

    1a6481320ebf8cd840f085593c731d355263d99cf4dbed231cd637b528e15ac0

    SHA512

    014f922d82dcc68e76429d75eff802ff49be0b4ec8053f9c36fac79b95d81df6d1a270f54cb30b1a960414e81a8787540e34c76615d8121add588b7ba8115fc7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQ7VMQEC\platform_gapi.iframes.style.common[1].js
    Filesize

    55KB

    MD5

    aada98a5b22ec7188655c2c17a083c57

    SHA1

    7c3c2fb8744e7412d8097e28f588788d91b9cd9b

    SHA256

    f2f09baa213dd3dd95edb5a30c7764e4a44d9a79c0831f90b1ad8ebedec9dab8

    SHA512

    a780aa3b9e36f61be8240487e75c19a96fe26d54abf9006680a00af9d1d394e81e517f0bbbc13edff3a7190679260ecd56fd5cdd7c2d2f416ab8982c3277b953

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SPRIFH8L\cb=gapi[1].js
    Filesize

    135KB

    MD5

    cb98a2420cd89f7b7b25807f75543061

    SHA1

    b9bc2a7430debbe52bce03aa3c7916bedfd12e44

    SHA256

    bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4

    SHA512

    49ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK27LCMU\pingjs[1].js
    Filesize

    31B

    MD5

    12ffff4acbb9995507a036f0ab434943

    SHA1

    5552f524dfff06eb2dec29c483d6be85bdd64a28

    SHA256

    0901f11dacbfb21cfcf98a8553ed0687171af2526c6648f71280a8e073122ffc

    SHA512

    13524800a01e5de3abb977f4f1eb0a3de82e4c09b1a0f7d2f4aa4e67f8f4894d4ba7fb70746b479488c8a4cfe5aa123710d81eb57f50b3ef4247e93a4cc51617

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDD37.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDDD6.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1044-0-0x000000006D300000-0x000000006D337000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1044-317-0x000000006D300000-0x000000006D337000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1044-2-0x000000006D300000-0x000000006D337000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1044-1-0x000000006D300000-0x000000006D337000-memory.dmp

    Filesize

    220KB

    Download