Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

d5bfd797bf...18.dll

windows7-x64

8

d5bfd797bf...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/09/2024, 05:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d5bfd797bffd0d482122f914b16ea6b0_JaffaCakes118.dll

  • Size

    218KB

  • MD5

    d5bfd797bffd0d482122f914b16ea6b0

  • SHA1

    d56c6dbfce4d9bd30a1375c7c21e058e5fc38743

  • SHA256

    ecf81ed9fec100e108a655305c8ef4e4386a575a4e280684c516a91caee79dbd

  • SHA512

    dfa76bff58300a90ba5059bba8dbcc731676c5e2c91a03bc874c76fa0ed677469daec99073d632120e54e2870e9bd51d566b7efe11b15501d9471dfc9c506d95

  • SSDEEP

    3072:qyKGuljBliR1jjx6p0PnlE43EXU1VtlUxRX/um1onTuwcTfeMUXaCZLns9VCr:qfGu9Bkwpud3E+4BqT10feFXaZ98

Score
8/10
discoveryevasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d5bfd797bffd0d482122f914b16ea6b0_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d5bfd797bffd0d482122f914b16ea6b0_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2072
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3040
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2528
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2756
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1252
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2224
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2252

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a4c9d50d31ae676096a51d14a3f86009

    SHA1

    6023e2045b17103f421acdb4cce758580c300eda

    SHA256

    ee428c99db8eac77caf9b0caa4d8476f4d4699959a84c9c82a091f094133af19

    SHA512

    46854ed808929521d9d269bed0a6bc564666d8633343c00b7fa4bfb49bd3850619d3c9f1f6e933711c8c75bc4b6daf9e5ec8185307aa28bb5a7444fe080b7025

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b82a70f2f61b973f9835bbc002a674c

    SHA1

    2e1d65470c01cd69cf4f9d81a5fc9ef573f336a0

    SHA256

    6732dd7816ca51b45cb1b570c1467ff423600528ee3dd3c4495893de85a4ec61

    SHA512

    23c7cef636871bd6572724fc286896cb9a1fd9525976def9f9f0aa43027d4dfdd2f56ad0dd4246531047d48cb62e36c2c82d934bee87cad17d53db795f90212a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    52f84a90117d2fb7cef4d04549dcac87

    SHA1

    a43903afde3acccc752160e4108b39378c7a5adc

    SHA256

    65131875bec0939cde30c9ac44f7a12950bd8d2d126856731a8c34b87b857fd7

    SHA512

    d91f5ceb2ef15f5736f17761f6bdd6f61bd5c7902d1d4b1ab971bd15b58c326b672a4467692e4191c59f252dce61536ae0f0a53c0e446859ca97f15e5fda9c3f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63954aa04b159a8aea98b196ae1aed6c

    SHA1

    2db209fe6ab4d36502c425af2473e6713aa7ac4f

    SHA256

    5bbf66330f971f375cd9188779d7df40341ce246c49ae5f10618caf55e8f0387

    SHA512

    ef7f5b4136333df20f327ff31fe77d0dabdd31fad73eced31c4ec3a7fff605c7ba60a71911265fc995ea05c1ce2a6efe2053fb070350af6a32d6c087a83b0063

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e8b8532b4a589bf7e1194de06933a99c

    SHA1

    633689956b2ca87e7f4f02547e631433e03632ec

    SHA256

    4c9c2f838bc51d3e37f9ffc18f9cd81f0aa502125261817cc8f829930e01bac2

    SHA512

    f4542d3a825bef4541fa1d3fb7fb7bdb4365c8271c5166b499069104c6c8993c02ac83f05a638fca79bbd46c01552a8477865fd1679aa8c37e426cd38c58fe47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56df8be27e6405c78328c5fc138af171

    SHA1

    e7dbfa016c0f1fa722b7f776e571b64a4e4dbb9d

    SHA256

    d46d8b5028834e5c933f12de07c9631b4c60f29a24b3db19431817ee6fa079b7

    SHA512

    824d4b8d91cbf686781b477dca12f47b6bd70e0b6f244bf6cc1f17ac5283b6db2a3fff4e46560bfe1657c72a138090b6040baae5052cd0f314d39c411a1b36ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a92943979b19de29e7a05a296961cbc

    SHA1

    dd71e62d220bcf6fbfe9309eb0acd41bc07e81ae

    SHA256

    0e08fce68b85bf09b493b0170d0810ce63afce23c18df17f514ec0b23cf6d603

    SHA512

    f7d8db8796f9119299cb1ed3ca2a2b7db45692788878f9465f97b164dce1726031b405d215c640f31eda844403212c58b8290c8d2a073ae993de1bb841814de2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f60211c9fd6479365ae2c3b5805fa72

    SHA1

    90f1bc06c81d866f30392cf4337a71a69a74d00c

    SHA256

    53dd979c69412e4352d898a31c7def06bf852bc10136cc19b35f671711be14c6

    SHA512

    00360dd60196043d6b206e1cae4855cccf8fcfae1ec9cc8e3dd1ff9bdb7682437af65f573c1ff59c1c7f55ec98a7881aefb5579554345345c8005d2ed216a635

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8d07dee05b76c34fb67429e20f188dbd

    SHA1

    9ebd29f6523ffd5e499fd6146da8dbfbb5f475d9

    SHA256

    2a7d1cf6214780dcc9c6b35abe8095b81a25bc327033554ba72da789afae655d

    SHA512

    4f503918c7b1fecde11a302201a8316af03d5aa28c0c4881dacb573da22e2c4e9ad6e6ac3ebb158c973c74dee01a97cae4d58ad642e662b6da7f5178d2cffd09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca8cbdec328b430f21860551a7196e5d

    SHA1

    04b17045644e90458db26940ccf3e12e75c72ce0

    SHA256

    35c2476b37235d929b49d7dff63dd4887349c31b7ba9f4078775736cb432d326

    SHA512

    73d026bbee198c5c644b479f84849e09732a51ea261d421dca38140e5ac56f827ae668c8349ef8ad728bc9471e360f54dc17c8d70929a29496c8c13bce528445

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    23fce2c25b5e85642a96721551256d81

    SHA1

    48cf35306ac2e2f9e74dc56e1422f1b77fd1f94f

    SHA256

    c8084c82e626690288f8a4636d3e87aca48e10f434e18e7acb16d7255742b588

    SHA512

    bfb9ead93fc156a69f29f51a47efe8ce47f653b1f198ec475c55ce3d733771a29dc3bc4a259d94aa0d96c0de4d8c17ee383c2ee419e9f9267ea78ef03d1fcb1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d1a4dcfdfa4db091547bd63ccb317b4f

    SHA1

    62cf16c229cc4624474d5b80f7cd3a3b83a664d5

    SHA256

    7fe7b74bd138d2249dca0052b81a6a71fb29413919884e443467eefcaf130d9e

    SHA512

    59f736e88931634a64f67d088eb94cc2d616c54c98b741080846ebd72e7ac11937c7976ed484147cef8208f3d3215b2f32f325760a94c698521f79845edc9821

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4602691c6616df097519acf96eb0b072

    SHA1

    d9d6e665d5bd63049b44255bb46371ef4a91d214

    SHA256

    fcb87107a35ef221eeb5543aa1eb4751160c154fc04bc219972a49f9554b6e24

    SHA512

    c31328a2b19eedb7ed333791211adc45a5ea29255603677a11a9f7c7575ca45f21add7c57ea67d16048f06012dd5108046a2d47cc9ba7af6a496842939aee655

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    371b683e9d2f50f6cf33e468a02a486a

    SHA1

    af17bc0d4d5432bbad847145631e3a528f5851bd

    SHA256

    554a34a69ecad847de1a9aef0979332f394727dec28be438cb026909cee13802

    SHA512

    7b62514864b4fe21ec6ea479d90aeaabd3ee4d0d8be6025f8403ef0b42d61786d86a7d2e5e0448d096685bf305b13ffbaacf31a47677a379c3618474ba7a6781

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    74841b953b823c1f48d35d94798ccfe7

    SHA1

    cec3001a0bfd9e3533efa34a470ca968a7592a74

    SHA256

    52ba90e0fae9643e82b4dbf6559a724b4789fe7e05153aa5db123b9128a6a047

    SHA512

    55a81155d814479dd2d8a8b199efcabf1501e6432818e7d2720df165cdc5da588e7dfc5de4eec505d3a1a0c73489a64180e092213e836b2f255a94f784b0af32

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    533a93ab6e359903171de8a16f3d184c

    SHA1

    a43278eff9d4089be61ba917fe5252cdf1528b01

    SHA256

    ba753c51e673d92d55f86058b76c312ef25461b1b06bdc8692fd539c0f1bbb51

    SHA512

    065dc22ca99e10f5e082a80bf10bc947ee6447f06eb5bdc0c48a668f7843fd414e98d88c4445f06f3d6ec2271ecdadd4578ed47b2ec74cb348368cf84f7d0f35

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af4c55982a38c6c12c822108449978f5

    SHA1

    8dadc5ab104acf8dba9b5fe44195f160d5368136

    SHA256

    5d38800781be285c4edd5c65924211173b4ecb1d587a11e92c074aaff9fb3859

    SHA512

    be3171443d1bca8b19538aecb4087ddc729028078789e585193f76ad762c008c3b8d764d189995ad4cb0fd51efb346607aed0593d274b4c9141bd39113f9c595

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    297e1356ecd1f020087746b3c8bf6d0a

    SHA1

    45a5d36cc38f85156da5a0644b7fb63421d3d0d1

    SHA256

    6723e5fabbcadb47d538322e580b9a75ce29a1c1401ed9f2c7427bcaccc137ed

    SHA512

    2484eb8a361219ed2e1996181371d4e1d11327a3f0f65db67fd35e3f2eee2aada4459602151b9485cb68f9a64d6432a28f8e78c98458d72b5a238118e8234078

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d6050b7f176d3916a21f04809b9dbc3

    SHA1

    5e9bdbaa6ca891bca3773d670770f220f592672c

    SHA256

    34dbc97e60a16be3e4ede547264b25fda92b031ddbb3442f5f68f2b5833f1622

    SHA512

    f718d2f4cfaccee2502559331434127af7ce9e956e23a4822795b22f979336c40670fb682b183adec08bef7a2bd73430765c786daec769e0f8be83a851481b98

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7958.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar79F7.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1252-5-0x0000000003D80000-0x0000000003D90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2072-0-0x0000000000190000-0x00000000001E9000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2072-3-0x0000000000190000-0x00000000001E9000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2072-1-0x0000000000190000-0x00000000001E9000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2072-13-0x0000000000190000-0x00000000001E9000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2072-2-0x00000000001F0000-0x0000000000204000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2528-7-0x00000000001E0000-0x0000000000239000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2528-6-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-8-0x00000000001E0000-0x0000000000239000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2528-14-0x00000000001E0000-0x0000000000239000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2528-11-0x00000000004D0000-0x00000000004D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2756-10-0x0000000000530000-0x0000000000589000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2756-12-0x0000000000530000-0x0000000000589000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2756-15-0x0000000000530000-0x0000000000589000-memory.dmp

    Filesize

    356KB

    Download