Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

ff88cf959d...18.dll

windows7-x64

6

ff88cf959d...18.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29/09/2024, 23:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ff88cf959dc8ca0a4181f21ff2f257bb_JaffaCakes118.dll

  • Size

    383KB

  • MD5

    ff88cf959dc8ca0a4181f21ff2f257bb

  • SHA1

    2375b07299cb7ce78fd049b45d7a7a58235a5091

  • SHA256

    2b51c0e6cf178a2b628c0fa93657c6c191d0ddffb9bec1181ccd6b2aae317bf0

  • SHA512

    6f87c54cd39b02c2ff75bcf554fa7bd80dc086f3535cf2965c731edea42025a988c14d4c63226d43bb78cc095ade97f9e960de608f6d2e4087569a4bcca0577e

  • SSDEEP

    6144:cMBdMtSzV8T+V2ObRYAH4DspcPNo1vKW6GUA33A/VeiDRCavFKBU:3BdsUq02O1YAisp+WhKW6GUA33A/VeiT

Score
6/10
adwarediscoverypersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ff88cf959dc8ca0a4181f21ff2f257bb_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2516
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\ff88cf959dc8ca0a4181f21ff2f257bb_JaffaCakes118.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:1036
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2328
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2328 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e673f3db0c2f7415dcd53f0c606f3db

    SHA1

    06a0cbb1166b7d5a0c2107c1f4e2e97f6054d82e

    SHA256

    64034e9583eea3eebd79d42258d47592a81dfc50fed390b64713df3d1f12385d

    SHA512

    78bfda02723a2074fb97d552fd119dc6f6f564b200b5a645d44f76d77d99dca3fe19ac040d5c8ca373a3698ab2ab1d6d13902c375f978c9ffa5a9620242d3b48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    39320b062d21e6d76ebb5a414d300ed9

    SHA1

    e59e6f496b532fda0b427f0f135565d2b16c23d7

    SHA256

    86878fe786df03ff49a1054d48f1f0587a470bb7393d37707905be45cd76bd4e

    SHA512

    41931f8263f97ec1895cfe3c7b09c79214950a0a93649f8c1a5ffbb5578789a732cbb26918d1f6dbbba972f25a48754565625684e68f444d0335cebad288dbf8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9afbd887c7259911dc6df5293a755407

    SHA1

    00488008a2a1d3a3103f81acd0603213dc62bd97

    SHA256

    2d8a903df0c3fe84cef957f277fd137ce44ba90c2fc13634b0518a1aef6ab8e2

    SHA512

    299a8bd7d8541453b8fa1b39ef37514f5287a380ce9ce9c1155f9b0c1f08a3d944de338c234e72763e3c43537c5283853cadd36ef7f3a570391e274db06e96de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec0ace1b539b412a8aa85de7458b607d

    SHA1

    7adcbfd0865eb71bcd10a76380ebc143d496d77a

    SHA256

    83f067bccf47406376d6c3dc63d801f0052550c2a4a3f650c2e615a8c9fcc155

    SHA512

    d7b4fce70f82cba2dc19247da3fd47d874dd67c791174898372f5975444c4e74131a9b2c35c1453464490cfd2e9c7f78f23aea28bb15bbfb5a2c4422ea71f2d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3b180b63560512be824d2fa1282b85b

    SHA1

    14e5be037a30e85766a95f4972701f10b30a6776

    SHA256

    6f69a6180b4d51c50e5cf395c3f50832adac145c94efba2ddbe84962b84657f3

    SHA512

    187e8291ae48b05c5da4a0fa811fea1380e982d994e1327fc2e23106255b9453abba782e556463f1305e1992545eb67689850f2eda8aeddc2c378b7a35e47263

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f207e365ec5beffba56500f4f28b870

    SHA1

    0d229aad0a26f27e1ecda3df23824fd6128239b8

    SHA256

    37db6c1c8a986c2b4271bf3dacd2d7021d0bfb82ae1d7c9d155c27cd9f7bae17

    SHA512

    82a7ecf0044732cb2a24a08cbce6deda2323db6854d69dde592b266977af2d23fd48969a15782db994ba1eb8ffa424f65bcf01f9097ab05a72be11b18f4745ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3290bc4376e935a3a3a5af04d82298e2

    SHA1

    f2724341dd66c38682db3198690fab991a4e5340

    SHA256

    d0608d35502b6d6af9f458428f0afec0dc33e7bafa80a58e97452c0bcedf17ee

    SHA512

    0cdf8fb93631cd5f5ced18384c4a5fc25050cdafb34542d8bda91c34b4108473320104dca09079a557b1d5d388d20de00c2b374ecd4db07e423228a296fc9663

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    24f419d94b0880384c1f3cd264728ea6

    SHA1

    bb32f9d3ee2dccba51b943491b55bcb53402b62d

    SHA256

    33f37b47a81ba788191e64686e36bdaa4da5c44bc92489d1d9623a091d280513

    SHA512

    dcd940ace97e7c675e05fa9d109c59f95a01187000e11da11cfe1bebfffe6b005b8021490f3e4b917835c3f4a1eb2b2a9cf54801594da432ed11a644b482a0e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    655f36873d69aa1de690cab036c0cbd0

    SHA1

    1a82aee0c4cb982d1361702f60ad513add7f15de

    SHA256

    22e728c2139e08029622167b03e00e7a342329d313ee6f612f241ba6bca01140

    SHA512

    f821932764b4f20759728d0ded721f3040ccf47b506aa5bc1af93e360709df3ba2a83bdc204b4d50f80620fa7584aaa2a68dc49180bb0556b22f37d6519a43af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    89adef16992fb6b8b3fa3db102dbfcc1

    SHA1

    7c0a168eb43fe88563b31676f3a0efbb8476c841

    SHA256

    89f2a5e2dec964503a310c94fb979f3ee8c4bb398dd6a5194f95d30efc675806

    SHA512

    41bb90a592fe40ebf9a54cefa86b2d81c9c731aa0f68e90260ef85bcff06b16bee229d5c5d022bb1406bc2a229d0f0d9924daffff6d0524a698b6c4f86019ea9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b2da678934750f2c8c27dd9c556306c

    SHA1

    810a4c5686215062880dec6a771c186a7c453718

    SHA256

    ef03496435abfb07a3f6f79f92fe4e926e867905c2ee3c2cff14c50d1e83ad4d

    SHA512

    438f562568413dcc619ec28669870efa7706004b90db29b9a8c30d6a7c6e0e1d4ac088b73238d0ce1223c9d4fec4b88a4bd080ef7320de5c0ec46acf2f3c1004

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91222a517c247b25d54149f8e0bee7d9

    SHA1

    7f5eff4909ed20a7220f8b3adde00cb74324509b

    SHA256

    6b957c8d1d15997e17dd707cf2dd8c000288489e7445ccfdfe97243e90552143

    SHA512

    63d73f4c783bda9e2f3ab1ef2422104275d1407ce0c9147529abf245d3477dd4699a50fecfe9001cac02bc441e08b6afb4d9bb7cc3a2af5cf67958f16b85676b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e496ae371fb203aa17d2a5d4c621ed67

    SHA1

    f1c6782a693fa822091a12772e9986edecb08663

    SHA256

    71ab98efc58003d7a044a859e22ed82ab0323c715942aea1b2704ee22bd6a598

    SHA512

    17e3771a5fc5cc74328dfd85d54b62658ca59c3082a47116d26645e3d431e87abb239f81891ad1da4a814ee4df9063fcccb814247b75c61e215619803782e2fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2012a6293c478bbe8d7d12a7e87cc9d3

    SHA1

    9cd4cc70a22c80d6b9759a7e6a3cb373728109b6

    SHA256

    a5cdcd39a8ce5a8d284f36352a20df24ff438aa508613267941944bb020b6162

    SHA512

    947a5a2ee1fb2518a434e08b72353b2f4ede3b11cb907a6a9017619473739331f68945c8ce21c47777e3e69ddd6c7322c8175e495a5f9f4364c37ca707d18c52

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    558558ffbacc5024b3d229b145312bf0

    SHA1

    0df317a7b32d956616db23062b8ea083df3462b2

    SHA256

    f698daa7f6cffc59411429d2c5f5d278a2743dd1fc1bb81ee1a989e558462c65

    SHA512

    aac8d6bb6446971c477a07b51cca577ff72ceee493dcd002fced952390b58f046857c497e8ee1a65fe774599f7e39d31f5882902b3bd8933af4c73a4ba64a3c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d5f27f094437afa385d5b05d2926a87d

    SHA1

    b809ab413043e65a78a61809ac0cbef65c47bd82

    SHA256

    02b12519b5a4cdcf5afcdda05d264cd418e0657a03b7bc2ac29ec25cc78882be

    SHA512

    ed7a6194929c11c89f7762c5262b01a6c0e01924146a5613e6ee1ffaa719fb1a72d6acdb9a0b82757b21a1e2ce7aa8334b4b0226573fd150454dbffd4c5c6a45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63ee34f5c690c483a64726598362c223

    SHA1

    785e3a8c22872cf813bf8cc61231c339ec842f56

    SHA256

    55b16f29204d4a9cb2b2350514492bd9f925d63e5a2daab87eb5f147ead4f8df

    SHA512

    23ed2924fbc455685a4101d04a5e8b1807d940e1b315b0457c27a9c111611175cab3f3fddc79eb55aebfb489e5e9a2228fc4145337e01a190708477ba9c42c0e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6040f62025477418c05d462d42a5e155

    SHA1

    63dc54be09f8a19e9562c64dda8222b1283e22ac

    SHA256

    7b5744e711e893c6602f3acbf437f1b8b6ba69d6f5360ceb2152835877d06aab

    SHA512

    67a5ff6fd58dc5ef4898f6de8fe8f3debff6a0038f9b5dd7fee6198f4e64f9571bcd3185ab188a4402e96a467430a18385652a0bbccea8f4cd45083a588279cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f74c378acb18996d3fcfb8a5a14af115

    SHA1

    e4f6ddc31545bc683a9e3029de7a3d7382e73de7

    SHA256

    8ffcf11eacf4fd799b699a746dbd8854e82732aee08fcbaf3383fa987491dfe9

    SHA512

    6c3b4c293f66c05cfa61878e67affea3442f45a7236410cff7765241f61110d5baff5c0dc7f4a81edeb7d928d6a36e6b084467678ccd328c5506141475bf1178

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE6F8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE759.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1036-0-0x00000000003C0000-0x00000000003C2000-memory.dmp

    Filesize

    8KB

    Download