Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

cf59205737...18.dll

windows7-x64

7

cf59205737...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/09/2024, 10:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cf592057377cb88d0bc95a377b8fd9a9_JaffaCakes118.dll

  • Size

    690KB

  • MD5

    cf592057377cb88d0bc95a377b8fd9a9

  • SHA1

    5d34b78e1d917eab35ecba32788bebea4da7388b

  • SHA256

    9505ea27895537dcb6c2488b2eee6c0b68b35747eb5b362ca6c4888fb9b115dd

  • SHA512

    95a0e9eb7be4d85214ecb5db4bf04d8b573348c0d73ae89cd48943e74f3cb79f812c2448e4372fb5fcc76a8700d77d7b9aa1bc8c2b437cd28615faca5a0a07dd

  • SSDEEP

    12288:y3JKjAhROhOtGsgyZXVSfbJXE+nc6cf8zL4XpYyDvQo2bNvL:y3KAhRygZXkyf8Ysbh

Score
7/10
discoveryevasionthemida

Malware Config

Signatures

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf592057377cb88d0bc95a377b8fd9a9_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2508
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf592057377cb88d0bc95a377b8fd9a9_JaffaCakes118.dll,#1
      2⤵
      • Identifies Wine through registry keys
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2364
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.moderngaming.tk/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2008
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2904
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 604
        3⤵
        • Program crash
        PID:2100

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd876ce46ec2937adf8dfcb336c40043

    SHA1

    9c7a957bbd377fed91f8bd9d567239f3cfcfaea0

    SHA256

    c25ba61874320b2d1a79a6cb031584dee43b9671255b2cfaee618d4b4b362cfa

    SHA512

    7445ee549f8dff4e7e40e777639502953f76af366b03e92dc6ec0fb0a6d2bf0675fc3fcfb2a68f99feecc1a09727bbea04da75b73ac1773ac506245dcffe1ba0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb028f31110a5c3290eb72c45dbe3fe4

    SHA1

    b0c41b2d73070faa5d9bd9d2e8ce468a404d3960

    SHA256

    ff35ead948eb75a2e5e5e520ac0fe74a7ef12f79b48a399a7632539175038f47

    SHA512

    d7b7bd4580488c2456d350bb5c64882853c320b059833019bb0886e23abd874bdb26e0c06417c32b0218175cff23284d64194219a5b50a81c1f569612ff792a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1b1f275082f72ec4236e00e8acc21bc

    SHA1

    a80e1b90a130a51785ec7b878a6a71e839f10b66

    SHA256

    dfe284b23c922f9bc1c20bde29ebb678107ec886be5be26205d845911a83bf5a

    SHA512

    0db4cb73397d8d0c04c2af46949cc1534c2c7748f73d355328e2b50d23f413d02eb5f2320496fbe872adaf0b69b9e83f1701a921c4bfd1868c5b0a5b9cb05c5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4d09675d0495fa3332b15f54a694d4b7

    SHA1

    8b3121c10488ea8ccf1cb754065f5d203fdd78e1

    SHA256

    df7a8febb053ab25abea61c8a5e7eb92adeb90388fc71bdfeb7ee44ad5e213c9

    SHA512

    85cad559e01e39ce0bbd5a38bb98c61a329173eae8fe3869c2eca53c95ef37f16f0afda5640d063b8e35e2f26d24484434288ab2e9e8013aa51122ffd59f58fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f33b5da83232c17feded4063c9d4813

    SHA1

    f91fdc570f3763cc747f3ab8d51f08c74bc5679b

    SHA256

    b287e99e2fe6b1037771b0ec0f32914c4a75d175e553e49138394cb0026fa129

    SHA512

    1e72f35f4dfbb236f1300356dd52efd7dfd870470da5cb5e5fd4c588eae987890faf6f08899abcc108e84029477d38568a10f86ecd52659dd211dc7ff6002c4d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a2319086801e11713a44c509aee1dd0

    SHA1

    e797b1093f445fc1519beaa59519fa99685f0c25

    SHA256

    5daa7a17b0480717d6ea1f3738b5332ceba6db7e4b8516fd89647ee40ee47ea1

    SHA512

    d93158e0e8d3f2fefb9d3a7ebd88dc3b950a5609b5398cb4d1428df4dda97ae83deaa6169df35e8926d4b3475a98cbdfa8bfd657caf6953183cb40a40e11798f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5df1fcced6a67c88418ee9ae653ba430

    SHA1

    22dba09c3a32a4f05844c90ee2947cc71306bd35

    SHA256

    b62f2aeec456dbe8664900046606faeb066478af6083e072cd1f61dd18b435d3

    SHA512

    48e61ab4fe0e233f8af6360a07c7a1539b67621a48870f4a5f22250363737bc7e84157986f4ab1258b43251163fe096598398de2d42c0f028ca10cb5152ecb6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f0c93ab2b7f27803da108686122ebfac

    SHA1

    712136a3b1da4abfa6b3e2fc9e572db6b21a2e97

    SHA256

    1b2d1d87d4f2e268bbaf506e55b6d0bcefd1e264d0a712de820e9930a9cba246

    SHA512

    2cf94fdcbd977619065b3a57aedeb112e33367e1f8e717790750267091362bd0c45ef833b90bf1e6d05eaa0f490b94d69801b5ec4fcac9db5be66d2356d1dd67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    22be9744699fb71bfcd819a143d534dd

    SHA1

    9f58bedfec0ba794693888f4ad4da2e055da6322

    SHA256

    75e6c630c5f20c171874130ba1b8fb2c76339fef58378e341e96fced7eeccc8a

    SHA512

    f53164a00475292600bfc5960ffab6ad01644b406127edb51440fbf968259ae4025306706110866ea2de39a2daef8249fb0aae779809c900de55985590233d1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc273577717761bcb89589024eec7631

    SHA1

    57690e32debc996d943f28713a236802951ff9a2

    SHA256

    7796e41a50a636e9d5edea1e6edfd0aa369e64f32c8ae163c3f0ebd358b0c6fa

    SHA512

    0596f2031ce3f54a296f370689d47c721cbc1bd57350883bb30a21fc236c185b14aa869d958bc04cdb5743bc55341b8ddd681dc1185901acf6e4c3d844a51bdb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a0140c323cc2bbff09de2b42d81bb8f

    SHA1

    4b63660c00534a5e75313004d42d58b642917615

    SHA256

    102bb0a73f7f1fb76ce715b774cf367340643e6d57d217f6a9295d40da8ad595

    SHA512

    52419a0dddca64a86183bf86332b43a3896d3753f64669c65267feacad69a543b236f8644a76fb59c6f11e6a84a03b66cad37c0a79c5c75b8c6a6c6af01185c9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB2ED.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB3AC.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2364-0-0x0000000074240000-0x00000000743E2000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2364-12-0x00000000007E0000-0x00000000007EE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2364-11-0x0000000074090000-0x0000000074232000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2364-3-0x0000000001F40000-0x0000000001F41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2364-4-0x0000000001FA0000-0x0000000001FA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2364-5-0x0000000002070000-0x0000000002071000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2364-6-0x0000000074091000-0x00000000740A8000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2364-1-0x0000000074090000-0x0000000074232000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2364-2-0x0000000074240000-0x00000000743E2000-memory.dmp

    Filesize

    1.6MB

    Download