Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

ead5d26dc1...18.dll

windows7-x64

8

ead5d26dc1...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 07:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ead5d26dc159f712880d2bac6f98d936_JaffaCakes118.dll

  • Size

    199KB

  • MD5

    ead5d26dc159f712880d2bac6f98d936

  • SHA1

    f5102c294429f08ebb36fd5c7e50c1d2c259712b

  • SHA256

    ffddf58d1a5c87376b48b433c4035f6e2797893f8d839e195256e900306ebf91

  • SHA512

    b2e8587e5674a688ea09fc3a68c26c1681ec4973e9a70710ad2bc37a356ce4bd3bcffa2c73bea36d0a0b2cd18411ef215d540066682cf71714ae49b1ffb34256

  • SSDEEP

    3072:1I3QR72a/FHs6FAM2f9irM1Xd5YaiReijmPF3q3WUuy0M1BjLeJs8sHF5:13/Fef9AM1X+/yPdqmUuq1BOJZk

Score
8/10
discoveryevasion

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ead5d26dc159f712880d2bac6f98d936_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2508
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ead5d26dc159f712880d2bac6f98d936_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2512
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2320
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2312
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2628
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1492
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2468
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2752
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2752 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0c8f5666eef59e83bbfa2d3128a2c0e

    SHA1

    ad057cf04547cd12514dc0b687754967366caf0d

    SHA256

    0207ad95e9b9b8fac69873650985fcf800435fbd2a52470bbe0f67bec4885820

    SHA512

    1558725c6cef566d61ed31526805c669b7990450f2017be8aab32292d5a4b3e68e32054865d8c857135b8ad229418f8ea87babe29e77d5f9f4c005afbe6aabd7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df371b508a050396347d83f53c7246ac

    SHA1

    5e081904fdcf386825de105a04da013ef38814bc

    SHA256

    878905371636ba09c18fdf02772cceaed092ddf9eaaaf5314e06ed78f510a4dc

    SHA512

    a282b04ea5534d4bc9546c43e29a3d2552c70000d9c92970714b1b4e21164c1f06a8a5885b9d157b3aa45ab82b4e096c5a2428e59453d8d02ead9857b7fbc5c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f2b4e4e7a8dffff5d78d2aa296c8fdc

    SHA1

    7791591ee6b640063e2c065edebb691dcb5ccc3d

    SHA256

    cefb8839665963e904d3bdec26f22f6107cc3c33906c2d5b9e941c85df6b1ef8

    SHA512

    8360659d279c474392ae8c7920eb4b1eb77b2744be95637b24f527d3dfb1f69e73610d1042ce36895eacbb1b3908a18e13e51593262893ae8662364e98e60c6f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    09173790d6c8ff48abb476f4b8cb5c7b

    SHA1

    937c3542c51ec95940e9e06e311d5532b88c9091

    SHA256

    e49d81551a024f93db87884ef8c1ba1cf8ab2324a07164a9ec002c0897b5596b

    SHA512

    824a152d529e8052aaf83fa5a296b970407d5c4f9d4465359479242049f49d2cde56a6d73c5deb41611b90f702e31f2b1b4bed53802f58d96a494993ce8068a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    34e1c1a4dbd71941a0ca3973a2296c6b

    SHA1

    4acc270fe6eca0b62dcb60edd3dc8cb6921053bf

    SHA256

    79d5ce72c4579a89921eaa1a00ee5745ef32a5cebd230b4f19532830d0c8ee7d

    SHA512

    069c3ce0732fb86c51bf8706ec029cfa00aad670a53771965ee1d78d1b1a31930d2ebabf19721dc005373d7e87a4720b3f8e5c0d5cf184df21a270d81e078bb5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aa594fa6747029264018d3d1d16b06e7

    SHA1

    6d4ecb0d559479ef4422ae7ac862155aa4f1aa20

    SHA256

    5e1a65ffe5e01e851bb19c1e2897ef3609ca98c7d5bcda051d1114e8d92343ab

    SHA512

    c4a3253c1f8ae65130ac6dc8d5bcd8a7833229fba106053fc2b61069f97af3aeeb63ebaea67cbaee0c7fd9ec7f061f3e6abaf90ac5727a809760e9fea34cedf5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    02550efc77ebbefa4e7552e827ec6558

    SHA1

    90910da4189e9640436867bfd6b248b235304508

    SHA256

    d94f61807c1a500b88364e3906914cf6f3d251664dd40ad87339448a17a25cce

    SHA512

    f62a0dbeff92d20b31645ac35061ea52dc6498a2ecfc5f5c76c5f44a899e7955ec05a4c9d77a2987aea4177e504408082b56158cb27a40aafd23fb2d6153d073

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d0447c4657827357e32e53a6fe151d3a

    SHA1

    ab2ff8c9003dbff872155db70149043374a5fcaa

    SHA256

    6206f258a8b9b83c16fa569c7f576f418f07e168195d4bc8c240087b7347c5e9

    SHA512

    c63331421c22735b53daec316f16e62bd58e48ee65d280c88c326db5f272025f18802eced51faaa4af8bf97022c0cff79b6c5643c5d7d6fb2c718d80085b1ecb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a78ca040cdf0f4083127f273b90db039

    SHA1

    26626dfe688793e3e4f9e84433e8c7dfb9001780

    SHA256

    4ef033b46be6d2d429f8de6e8546daa4fd8faea36f7739f4043e7ec79a89109d

    SHA512

    72ff4275199a74ac0b3704c152cc4873e626f9ccc591f784faafd689be61a0980b329a3fd256f61cac833118db7fbd0d0ea777d0252f1d78675db85889b3c028

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67dddd96e1e0269d4a28cb84ca3476a7

    SHA1

    05ede526c1bb586e9b22027f5f3f4c86e64e813b

    SHA256

    aaae1fceab0b533a34884b793a26cd27835ed6ddd3cb1b9e8c8ffa96f68ba977

    SHA512

    f0ab99dd5e990076665a48af4119dc1f48b650ab6018cb48e81cb2cab41bdaa557137e7f6e8bf77d98b32c878555fa141764b1fd44e52badb59b88d4036756c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6cc94a81f51068cd8bb81f5cab33ee44

    SHA1

    5eaf5dedf68d72acf276333789d19b9e5a2cbf67

    SHA256

    389f6b87b1040d6310cbf9b6b0663b8e621e66b6cbf3485cc6a1aeca5c7b8fd6

    SHA512

    48c61ea81a28a445ee570d5de82529873151e97b9e9b98a80078cd8ae033c8b4e6ede6cdaa08be5818f99010e03b90b2c2df4778d3c5e0e64e5ca54f8056118c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7640390c0ccc306eb421be88f0f18b87

    SHA1

    bd008e7e87c41552490cf2a8d3963e92b4c91fee

    SHA256

    b3f012a2c2ea398f1253a115b49bbaaa6fe6a66cae9fc31183d1e4609483b555

    SHA512

    9b512f0c1d42325424bccede59c372cb291a38a45469520c6ebef78e97e8114ff544c490d7cee11a24efaa81164a7b5280cdf677463a01e99ccc652a1b2c3416

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c1e5dc736ef2b20354b9c84c61fc59a0

    SHA1

    25a08a911a75f1bf15813b215fc209e903d23a00

    SHA256

    fa191ac491601f025b40791678fc69a79efede694a9988bb663b66c850a3d0d0

    SHA512

    7b987dc8dc5ca0040d7a722395170784fa174eed1d156abd4455294204b4ed937eba42fece8f2fce1b097d1c04108a7a42f23ea2fd8d7e8710af1840e648ccb4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    732d534a39b5570de92eff5471bc4b91

    SHA1

    7b30360ea7718886768a7d7449a91f76e1b55ea6

    SHA256

    8269bacabdb4baf65c418197af201b0e93f65f4bcf0aad510d63385687745077

    SHA512

    59da4ea623f0b37c0712431eb83bb0c9f1decf26aec0212441328dda14698ce1ad706c9d3499ea7cc869c18485dbcbf348eaf3ec24151df3fcf4d3102d3b58d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f4c6deee2940164d6e8f04d1adfc91e5

    SHA1

    4ddcf1a753f82a42d4cc70ea8ed1be3b87cf2944

    SHA256

    559f1e4d719f751628cdd9ab071572dc17a6b504ba4072354f86a5fd359d1021

    SHA512

    dbe81c251b053b4e044df698541c30d7b53976f20ab37341183df1ba2b8acc5f2564128a2cdc21b355e381c19b85dd3e2b4dd0842a359bbf15931a2ad303099d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a376ea9c5e3aa0406932e972ff0fc08

    SHA1

    30ba2c836cc741ec25647299d899d769c7fa3487

    SHA256

    87efbc18c389aca51a720f8de5e4e5d1c0c38842972b803b6984410fd258c33f

    SHA512

    b63edabe0519bdf8837b8eeebd61cba45709476ab9eb037d3f363dabd38a668fef3fd06283a60f0f98fc37d1649186b2d32ed4e2950c373d3a576cf1a777ef34

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    89623c749fe6953b4163957bd5a7c2eb

    SHA1

    82c0fd592c5d716c76503603061b6f542f1318b6

    SHA256

    dfa95b6bebe4eb09718f5eaf3d3f151b47b0dea099551ea6fd135598ef392516

    SHA512

    0d4014db404e3333686b1c037b059da8739f186a567e5fb36d9bef7af242ea6f8928e2acd9ba06ec10d30c39d9e69fe5e149787405433c3141cd6cab6b60edfd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4e02e64db92afaf72616c86e8b176fd9

    SHA1

    4c7374094dc8ae891f323cc9e7afac13ce77d723

    SHA256

    dddf3b756be82240c6feb2dfacd31054c6d8c33e9ac9dd4d33550e2c903c92a6

    SHA512

    674612c59c870e25b627e592c3aab1215280e1a5760bb7356135a0dc07565127afa7aee0277c85f1cc7880791bad40730d9e39660f51e3e27d9ecf91142c1dcb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    897c40d57e89ec6070334a9eb9c2303f

    SHA1

    2e31306e9b7646b4c469d9e742573a8555a92cee

    SHA256

    f830f8727e03ef1edb07cf4d8503b13268116be0df927617406be06cc09e8a0e

    SHA512

    576fb45c68fea5edef2c270dda2e9937e4aaa8392983718a42588e4bbacfeffd8b5fca8e6ec8def9948730024301524cae30a1d7d56682b3b25dc216d982fa82

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7543408a95b0536e2ca5bf8f2129ea34

    SHA1

    5f2c0aef5ba5d1e51281783a81957c591e6efb08

    SHA256

    a254b4d76c5047c2c5d2bdaed93765b227ca2f162bdeaa8f6abaa9f7a1061957

    SHA512

    e44a043f3e2ef0fbd34c66ea8bf24b4baf9b0052f3e6e06ffe3c91f63f627adc96666fea5706f0338dafb1175b74b8e68633f758146077093db7ddee05c25e50

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7250c55ffd7b3581defa31669e346d5f

    SHA1

    3cd899b6be1d9ac2be0db154b55b08da1a19a255

    SHA256

    aad9a4d13e7c0f3853699a5b6979e4851568c53353c9cec2e2ecb61e1d60baa7

    SHA512

    9d665333fd032827fb29ec8f57a765fdf63fed88013e4f54ccd1eb742441669415b90cc76f59ecc22366e58037d69b823442024e2e58f9623e17f696ed0b8b3c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab677C.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar67ED.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1492-11-0x0000000003B10000-0x0000000003B20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2312-12-0x00000000006F0000-0x00000000006F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2312-18-0x0000000000AC0000-0x0000000000AF1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2312-17-0x0000000000AC0000-0x0000000000AF1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2312-15-0x00000000009D0000-0x00000000009D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2312-14-0x0000000000AC0000-0x0000000000AF1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2312-13-0x0000000000AC0000-0x0000000000AF1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2512-19-0x0000000000300000-0x0000000000331000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2512-20-0x0000000000660000-0x0000000000691000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2512-5-0x0000000000660000-0x0000000000691000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2512-7-0x0000000000660000-0x0000000000691000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2512-9-0x0000000000660000-0x0000000000691000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2512-3-0x0000000000660000-0x0000000000691000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2512-2-0x0000000000660000-0x0000000000691000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2512-0-0x0000000000300000-0x0000000000331000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2512-21-0x00000000005E0000-0x0000000000614000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2512-1-0x00000000005E0000-0x0000000000614000-memory.dmp

    Filesize

    208KB

    Download