Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

05cb6f4bd7...18.dll

windows7-x64

8

05cb6f4bd7...18.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    01/10/2024, 12:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05cb6f4bd732cdfa184071d26e8284e3_JaffaCakes118.dll

  • Size

    175KB

  • MD5

    05cb6f4bd732cdfa184071d26e8284e3

  • SHA1

    7e4207509dea333231ddd011cff0f40e7ba825f9

  • SHA256

    cb3c8311c807213b79f79022259beefa8b35037246c02003e5a9638002d6bbfc

  • SHA512

    a225eda7cf547e776e25b49b69f7484c1adb248ba419df983dc30ca08b9da35499d73f413d8a7a1d9871d343a7c2261f5caa0e9c1aa8ed05dd55af2a6c0a26db

  • SSDEEP

    3072:0/TwQI9CDr3bX6L+upR8ijC3IAGXv7Fw6J68ZIn/u+zXVULA140wyXkvrUlVN2/+:iTRr3bKL+uEi23IVRw6k8Gnlzlwz+Xae

Score
8/10
discoveryevasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 5 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\05cb6f4bd732cdfa184071d26e8284e3_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2892
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\05cb6f4bd732cdfa184071d26e8284e3_JaffaCakes118.dll,#1
      2⤵
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2896
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3016
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2720
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2116
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2628
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2776
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2812

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\NOTEPAD.EXE-x.txt
    Filesize

    581B

    MD5

    19cb400d42094a3bb99cc1c51b495b2e

    SHA1

    153f7eeddf74276326d2f7bf3b143185e5a66c18

    SHA256

    02f4d471b368815a67ed4cfe30c72b2bf2657a2ac6aaaf1f7f3c593aa580fb8c

    SHA512

    8ebfaceef17c87e2c21903a745bda43b88b61806ccc6a14af20e3f042f2c19f3e18e66e019bf81158f33d0f3e33f178a7776eb1f4d75b6382e7326d49bd8f3c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ac51f5146a4045f5a5b91cb243258ad

    SHA1

    0fa2fafd60962392326e97ef5362ccb5f5c32554

    SHA256

    105e469c39a31360dbd0ce84ec4bd94fd5cef8f21fc2377ed0c1297b848905c1

    SHA512

    9bae8e48745a675bf329c271325e4be866a3273dbc12b8b02b1118caf515f284d826172dea3905eea7f946fd95a40d3baec9faac74a088858dfce169dc0ded4b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    96e8ac8b1b83262e66fe49409857f19d

    SHA1

    af8b7662cde4cc9daba0d20162b3a5709ce33dff

    SHA256

    1b0b8c38aaff2c193fb27a13fd5dbf15c679c7d4e3ad4cdbf0762d1eb9d227e5

    SHA512

    169da5af799caa51a4b70eec5a7231aca728fad04c59194d8814c372c5f5701021f3d1441b1e42ab3caed299b590aa151b91822a7ac0ded35ad9703599fd7ddc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    efecb2c7b63ee6adf47525aa8ceff1f0

    SHA1

    76f3db7ea33b953e00b5ba5242d44d7482d5a5fa

    SHA256

    423c659807e8636883af5b74671af18f98b78cb326b6eb2ec71daa1f11ecce37

    SHA512

    764f7a3d1a46ecc3acab0e1d2acdb70190b6a9576d466d2d11a738796a58ee94551c41c7d12bd548c32b6084bc4f70998c65a319a10a1ff5c944d23679fc0c88

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d76814a11d5840c8d1f771cc718361e

    SHA1

    71a9ff58d262ddece288f189e2141bee8f4f4856

    SHA256

    c4468ee513736dbcddf179d7ffc87f0863521aea20d30a3610e31b42385aa0aa

    SHA512

    d078cb873ec78e4f65f733a331c14d83e7aa05dc52c920d6e4ad9b7bbd9f9a650bc502812046e114fd5637d6c9fa1eb927fc43804bd41f11be4ab3b67045edb9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b29a836102014068fdc4c9f4f8c41de

    SHA1

    e550c8f40b6c73abe6e45be2a0712d6074f19668

    SHA256

    1a0f0cb2b4e394cdc53557282339869048bcbba8736c7bc678f2103a91a2f8c7

    SHA512

    a37b9fdf0a288489092d7c84502e443587fce89d14ece7a89d912fdd530ce212acf06e8add92b9019d26e15b2206dbe7efef2d130582c8af9718a0fd3abb49f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da92b63fe8c19dfabbaf216aaca85abb

    SHA1

    18401b037422643df0ff8105220cd9c7bba7caa1

    SHA256

    1d8228e12b55f73c825d2afec6210a63298245b92b9552cc0a8881b5a93c5416

    SHA512

    50bc0f93e0fb0946fe8aaa96617e92f2264f9264c25f7e48264dbfccf3b97e9aeffc5822011f6ec64a24f2e3da12b8b3205c6ce5a757873cad0ce9a361b44597

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d337346d315f32214220583f3280544b

    SHA1

    cec3ee7f598d80cf1e65f5952f96d3894d77103a

    SHA256

    a3adf5334b5c097519f36c07c95cd2f50957f6fc62151a4d6ae22c430f22d54d

    SHA512

    d6656dfa660256dd34d608578c4c145488733c3024746bfa31d31bd364517c09c198ccccbb4dd23f13c11fbae97d21b9a955ae42a32288ccc3e691ebdbd4d13a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    88f0c35f4e97a63e98b73f63a0fa0702

    SHA1

    3f901a7759617749c9c5d03927e8adcf6cbcdb36

    SHA256

    ff38e17f38a1955363b3a28115aca00a472906f73d5f88a7759650f0b2dc6013

    SHA512

    0c336c8dc5afb2f082bd7825823c08875fbc0d630704606b0aa8706ce31910c354abd27d8422ba87252d9858c3f0907c9f83313e59e1dfa8885b887d763d550f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63b2fa3f595bcc6f57b94f5e947a06fe

    SHA1

    aa79dc7aef36718b2edd8c1735e70e4f02ceaa8e

    SHA256

    0bc3f6c8de518ed0c12d2cc9776b8453d01e01123fa766ff6480a64e5181ca74

    SHA512

    0e6fa77f297d2d5209c6e4f4b98b4da7ebf34d590693b52da3a740fe855f23337b9b2b81339ce5d04c627cb6795e0f4f4cdc58ce77ca2026239f4d3b8978e69c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    555168a2a40ddfeff8ed03fe68d0f4df

    SHA1

    4470dcf7ea5f35a564d0910d6e00b2ded8c5cbdb

    SHA256

    74bb5eb423fe7c32b02a6e4bb0c03e68c9e6ae284320c1ff3abb87b19ec7f32e

    SHA512

    0da4f34165849c2c25246b0a1bad0e185136fbf375411dc11889c3ee78510be72c19a50f5ae4bde96de59cbd734c40303f01881ce2495b6039467a6e4c4c8cd2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    22c81ae9742e74f911124ddaa83ad42e

    SHA1

    3f6c803edb9935fa661f413ace6985d82c17211b

    SHA256

    a83623aec0407a0141718662069d3029cdac2c06f01c821680d3af00f7d65b95

    SHA512

    e028644c39bf6ce707f80c14cf3b8f3ca4e28eb11e57977b34269342b4e6f4c9904f3563577cf3b229b12dd8158354b995fb631c6cc2387242717e03cdd7df82

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f868d22e6b3d4279c3c0ba72548bd915

    SHA1

    8d3ce8ab388be20172de84caa545838c98cdcab6

    SHA256

    6ac893e06315bf9be0804db53a1b4d0a781c38b1a9f80fbba8a7aa12ced1674a

    SHA512

    e49402981d34e34199e61954564adba03f0bf9f7c35080def7b429a31308df8d32bd05f5ec0a0ef3f87b01de61d09bd246d7b5dc17c7385dae8e917ecd9466b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db7f87d2b10dc53d3b91bb12507ab943

    SHA1

    dcd049f333e96b42fe1413be587fbddc68c74ad2

    SHA256

    9ff53bd069319221d4164a2daa01d50e3d0888ddd181a54103e5c66a46ba73a2

    SHA512

    683c7f7caeb358c6e2eb9dbd1fa018f374ec116e6c35ba2dca93c8d12ac1571d207422104cc02db2d495a4cec1db86faa8a70159a3d60d147385f3d66f542dc7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    288d2e87ae11f135e93e4c734facb14c

    SHA1

    da39aac9fd8ddbd7c9ca22c0dd64f5357edcb6cb

    SHA256

    1777f8016f33ccdfe4e7e212cfc40268ce99b289baba82a98162ceb842ed1f99

    SHA512

    8e9020c3f590655ff6a4175acec3680330e9a0fd3dcb1832b62012b5ad526b3f9dd1c3fd55dc92e371a66ab09a87193ded32c51756cee892cd4934611dace8e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    39833efb9c87a85c5b2ba0ad25811b4f

    SHA1

    c0e0f6963abed699c9e1594be663f80fbc0016b7

    SHA256

    c2193647d7c13a6c0b3474189dcfd6663079c8e9b71dfb912e4a5a9ebab7bd03

    SHA512

    69c06f7e62a77fd7060d51eb928c1d8c475326fb3bd93ace8dc43a993af24198252edcd7d3f88b67489baa9ed5b992793a74518dee02b5e70fc2873d6f04e9e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    98b0fb59f45f3f9e2012a6bb93445874

    SHA1

    053a0b0723333f376e80047263ea7483948f13cc

    SHA256

    7c53144ba15c4253c05d6a88f80444c14f8ab4f5be7be7914f3338e11b009f07

    SHA512

    b30f0f2ea227b3af0784085a64abe5c8c427f4cf31041cc7cbe06bdc8b23f4e6e2d18d5a6cb0ecf6fae9f937165e8fd35265dc1cb885b21be62a0a8a049d2d3e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    788ee3d6b5cc35dfdede4de34564f8d9

    SHA1

    d7c4db6016aa293953a13afd329b461d6f6e2f60

    SHA256

    ce979e7d7bc4407c368b6aa97d90a0180fe791dafb1687159faa960f37e201b2

    SHA512

    44c7c68dc24b16f7a5e58f4349021846b1a5a785d894b90fc35a372180f46521819f83884298a2f881f441cbd8ee220454fd6d243b5c6a5263d395d2870beecf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    49cb44b6ca31a079920403e55f6a10ec

    SHA1

    280cfa32185105a276adfa18e4b0e258275f3fff

    SHA256

    4582f116b6ccaa44173b88cd123266aa6c7968a3446adfbeda5435b76b0871cb

    SHA512

    210ec6c6823879c9aa7c451d6c770b65a7b844c326f061fce0b519bdf6ab58eb0396c4e6ff6a4b30260c07ee0d6920059987eaea48a106ba917bcd07248b5b5d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab8CB8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8D57.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2116-21-0x0000000000430000-0x0000000000471000-memory.dmp

    Filesize

    260KB

    Download

  • memory/2116-460-0x0000000000430000-0x0000000000471000-memory.dmp

    Filesize

    260KB

    Download

  • memory/2116-22-0x0000000000430000-0x0000000000471000-memory.dmp

    Filesize

    260KB

    Download

  • memory/2628-6-0x0000000003B10000-0x0000000003B20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2720-7-0x0000000000190000-0x0000000000191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2720-9-0x00000000001A0000-0x00000000001E1000-memory.dmp

    Filesize

    260KB

    Download

  • memory/2720-10-0x00000000001A0000-0x00000000001E1000-memory.dmp

    Filesize

    260KB

    Download

  • memory/2720-17-0x0000000000320000-0x0000000000322000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2720-83-0x00000000001A0000-0x00000000001E1000-memory.dmp

    Filesize

    260KB

    Download

  • memory/2896-1-0x0000000000130000-0x0000000000144000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2896-0-0x0000000000190000-0x00000000001D1000-memory.dmp

    Filesize

    260KB

    Download

  • memory/2896-2-0x0000000000190000-0x00000000001D1000-memory.dmp

    Filesize

    260KB

    Download