Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

29976419f1...18.dll

windows7-x64

8

29976419f1...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2024, 02:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    29976419f111ed4ea5da69b13ab6c547_JaffaCakes118.dll

  • Size

    203KB

  • MD5

    29976419f111ed4ea5da69b13ab6c547

  • SHA1

    8da14205fdadaafd463db3b44e70856032add461

  • SHA256

    3db2166be67ee6eecd2ddcb66dcc72def90791a02ebc11edf99a0d96050fc14c

  • SHA512

    be01bce4059f30bd37960cb40dedd0b201bbb47202eda383aa061ef57ba7062ca47fbfdc2f8311a7bdef958eba229b2036fe33846e195c2ee1d2718928fd2128

  • SSDEEP

    3072:P9yAi/4iLoUCRUckAbTC0shNZtndkf7FZGYBq2JpUomA:U8t1BTC0sDU2H27zj

Score
8/10
discoveryevasion

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\29976419f111ed4ea5da69b13ab6c547_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2720
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\29976419f111ed4ea5da69b13ab6c547_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2888
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2748
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2624
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:3012
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2776
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2196
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2480
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2480 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    00915e5074a7ee5cbd30c1184cc8709a

    SHA1

    5a831e1e47a82ea86cca38f5e22b4ad75acb9684

    SHA256

    2e44ed0797a111d08992b8d864060da8b0014deed0a18d6784c189b5b89aa36c

    SHA512

    a836be2f935e65471fb2bcb046d5039157de9e54dc8a8b815156ae1f9f9bb25795a175c2f7b54bb33ee85a692509068389cf38b2724ff02b134cbc45770a9148

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2146bf6f298e08bf9eb7ad5089dfb751

    SHA1

    5174e673f756221443896520d00869cde3a82d67

    SHA256

    5e934b9d9586a8fde64e133766d56730c160675178bb58307ca7cf87fbbd798e

    SHA512

    b86a32cf008eac5f85126285bf3ce50ed545265f840ce19112f7e87d5b103b13dece847adc4c983b7f4cd4b0940459fbc16881bad5858b90209db177886a7fef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    20784817423a4d166099044d40224341

    SHA1

    374e1f3ebf64afa10f2c8cb405567f7e41d56416

    SHA256

    389d54bc98152be1b60931e953bd121f592079cf6ff1f7df26cda901411c086a

    SHA512

    c62c5d5dd5ecdb4ae337bc92fc9686be886601041949ae45c669f862ad61159273179d464eea7ed8068330f4ccc374c4fd245e68b787c2229fd918321475f07e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a1cd04ce5563076e0397c78262640d4

    SHA1

    5be760bdcd21dfe0a7bb5822d0f56177865bc249

    SHA256

    3b764f46025978f053c7fd04fe6991bc29245d8bc2d05178f93e312c239cb90f

    SHA512

    1be11af855657842f7902741e006f474b5bf342fd9084d67e66b9438f61a694753572d5b6c7c623281db2924bcc35e8376a3d315e061fa4b7db448b0f99b4742

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a94ee6830a6d7c144e71aab08b57640

    SHA1

    cc3478541e0efaff54ae6934b69f9648f5fd6b50

    SHA256

    16f8b38362b94d52762eae34b745512a82fb88b3e80c3bad5c8bba3b50e77916

    SHA512

    f5ade25214d1b7776c6a95f1c057a38202910cac4794f2b412a0df7484a096e25b106e28fd5ae3ee52ea6d6fca7ef9603ea319c48dd641b480696670a03f0c0b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9f5d36b2013917c0db08d29b08f4cfbd

    SHA1

    50ab6851dd3d76939ba30514b60e145d1aa6e115

    SHA256

    92d070fd0d7e969fa81df9facd912075150adfecbb9b945c155eb8220ef949c2

    SHA512

    109a77e217cfb857d72d6a5aef97ba8fde45009a52846e105eef9a680ba5751d252910e8a331bac69f2c21bba9d8f92d7fdf4e8806c9c69b88092ee5e985b614

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    877e894fc1cccb0581c1921a2cac21fe

    SHA1

    7a47037b9b791a9d0a5e2ff97f7b45fc65186b70

    SHA256

    eb296c5e516e5c9cb16fa55c3bee848ff02819487f82efb137ec5f598bfaab0e

    SHA512

    476a0c219335ced8aebcf97c80c59fb227e2ee6cb69e88cd3eb801d4234fc071054b12479beab1af94a32ac6c86ad86747261fde8660c62f7fce3e3e96147ec6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9caf7e2351fe6070e706ce5bcc196fad

    SHA1

    f979af00d7f20e6e8678d74ee53ffcb1ce094ac1

    SHA256

    e1e300b63310aad62f4d5a0c72f53ceb920ad36906390c59dcf74093519c5e90

    SHA512

    4d1f0b89241b00d902145642a9120358d50c5c8d59c7e2fbe2eeb478149272b227fca77493e6b01e8f735c32cc7c87770f1babf22a31ef99c0e2c4217f786472

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9099965cab05599fd9a5ff325b51203

    SHA1

    b7a527325780099adc1ef5ff12d69144f8dde3b4

    SHA256

    7867405cdb78562c06ab52ed77a1d0e1b3d785d047ae89cef3fd7faf5336bd69

    SHA512

    5c208e2fbc56d18ff0dabc458dfe63fdc8143d450812f94514f27fe42299f6b2dcdba823c2ec0883389e484b50569e07b0153292853fc918adebed5f054c1380

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca4e7d0b2ec6b4f205c27a29d5e98acf

    SHA1

    586b2925b0cecf6fc9d7a25b1eaa0707f04cdf39

    SHA256

    407d67298f24ab6389919e2871315ef9af57bb43cd30c3153d63428ab1974474

    SHA512

    b47a29492de84f248c052c7ec027911ef40e1ac35e3e6a52bb3cf694ff92dbb61007b5042a050c2bb24ec4892f5ef6dc526e20924a96090baaa71d1aff16fc5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    358bb2f4ed17b0d2a19516ace6b470a6

    SHA1

    ab2f8ca74ae4fee04efb5fd2de8cc4987e10179a

    SHA256

    173f873e9f490a29ebeeb4f2f8c463b76f43a9f98329d27222d71c95c1baa26d

    SHA512

    b7394a1b0a1c58bc36ee36f99e6fc9ec7a51b9e199de14838db6233ff4dd5b7255ab8b352a0ec05e07f6b20021a0eacec624e125194f7ab400a4f975bf11af00

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e294fa0fafc912c2b4bf77e874693309

    SHA1

    8fe4211f943394070fcd795463eff25a4b433240

    SHA256

    7de2dd08628bdf108846754a4631d6cbcb7cce7659e0df4dec5396d077a492c1

    SHA512

    8656945412d420b91151ef9bed43a693982bb6c04b2cf4e3b82bbe0447eefeec1119f3b12c1f5bb45419931d23b9730347622de00ec7c2e0e20eeea88db1c11a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18792539084576b8d1733db1b3ddf262

    SHA1

    d190afe655869f06e7e8001403c384be09fe35bd

    SHA256

    d75567f66722d556bcbc1a8c23136cee293c50bd49768f801bb72ab489db0232

    SHA512

    3fa6ea37939671dbc8a3dec12d6ec85e14897a15ef5bb59a8acaa2849a1595d2a1cccb3b1a1deba2b902cfa00b504f0aba252438489296a0586d4aacd273f5d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd0e5ccace062eac23e5f953659bc666

    SHA1

    2e1018492ef0532d5aa5a22ff2d1767851dc6c75

    SHA256

    1c7c474d7d4ef072c845d12bbb3a0d71af2b52d6292b5948efa35ee92bc1b558

    SHA512

    35bcd25c2456d036218bc707b021fbd9dc7711155cb5873f902d9bfb547975c2d4abfee04e57d89f8461022ecac849d8e42fd67d4c04f3c121d7b2421b2d9c1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad960445ce3474033756729306a6efde

    SHA1

    dd20cb2e7b39c79b4ddea4e49c4a93ac987e4cf9

    SHA256

    da8d6ae53cf3bfce647b1cd5ce265282e5deb225788e10aababa810494cc7aa2

    SHA512

    d8e1a7f1fd22d28654917ce813b9b26de707725f6264732185a3ca69a49aa37424edef9c35f3ca7366321529179cdc74814424e792b932198c376dc8a6f74868

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6fff7b9a65497b34784695343cef8722

    SHA1

    2363edc430efbe5dedc344ab9fb6635b6d9f229e

    SHA256

    50ab14c7e8c7d5ecfbdd5cd7c432be0c5a2967906443dcd07a5d0f4261abc769

    SHA512

    f13a412699f04b7142ab5e1d7151dd5187e5b4ddb7028788bbe7d1119dc1f7e3b8bf0f6b62c530b64431cf26faad30abe57cc37a355bbc430daadde858797995

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd8c1f13450c120713eb309586a7f918

    SHA1

    b01b15a8ff91f94decd55d8e2b83e26e2be85081

    SHA256

    5cf8157d1bdba1b751fe11357c728ec41b4425eaa6f8fd11046be30e3a652201

    SHA512

    0b8f3b826937848986943f8587203aa2e3c5ca47742d23dc3cfe91ba1308c0b772187141ed29147e1bf1d9fd292263a1d6ce3fa6fccd55fae1e98aedf5ac3486

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    724e8e56b0038cf2a085de4a72a3e531

    SHA1

    5f160709c231ce9db2d433bcd2cba35641c95411

    SHA256

    52c5605fab6ef100e39f7bb0b5eeac2612790c51a074f6eb7ed590e2143e737f

    SHA512

    20c9ed7a1abcdaacea5911eb63ccc9e129995184802080c5b9e5603e88d97ce9b5068bf0f805d5f4bd71ee9e492a53f50a554e07275595a02b164646ec62ed7f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e215c89a7fa862f729dd56aa374bde2

    SHA1

    c51c877e8b30441826557c180d5a1ad2cff9a396

    SHA256

    aee3f284294bbee82ca39a9b07552fc864b63493b44dccf9f7c79bdd3ba6ea39

    SHA512

    8b2f83b7396e1b66d724b06df61422a907ef0efaf6bb582948226e9eefce13784dd679bdaf4447854d3572aa65d229a28346e462ff4e3e12271622239b7d6553

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab346C.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar350B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2624-13-0x00000000009B0000-0x00000000009E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2624-12-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2624-17-0x00000000009B0000-0x00000000009E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2624-16-0x00000000009B0000-0x00000000009E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2624-15-0x0000000000370000-0x0000000000372000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2624-14-0x00000000009B0000-0x00000000009E1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2776-11-0x0000000003D90000-0x0000000003DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2888-2-0x0000000000310000-0x0000000000341000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2888-19-0x0000000000310000-0x0000000000341000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2888-9-0x0000000000310000-0x0000000000341000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2888-3-0x0000000000310000-0x0000000000341000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2888-6-0x0000000000310000-0x0000000000341000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2888-7-0x0000000000310000-0x0000000000341000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2888-0-0x00000000001C0000-0x00000000001F1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2888-1-0x0000000000240000-0x0000000000275000-memory.dmp

    Filesize

    212KB

    Download