Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

2caa9f694c...18.dll

windows7-x64

8

2caa9f694c...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2024, 06:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2caa9f694c6ce6cb12c384387e9e6e14_JaffaCakes118.dll

  • Size

    209KB

  • MD5

    2caa9f694c6ce6cb12c384387e9e6e14

  • SHA1

    baab3ea6957332e81cf0278e298d66034ad25d80

  • SHA256

    3c48ff887506825059008079b3d465f60d4e6208902c35c0d757be2c747ea8d7

  • SHA512

    2e6887634d3f0fab6711bbe7826237c66d446df612d9429e1fc0cdc46e76a2360055732af5f85ca0d6830b7302576d469df825c47c89a9a3cbb67b47ddaed8ff

  • SSDEEP

    6144:gWBod5j7uVeHSnh4T+jxoctnUfx1G0lLjgb1SjIxyubz4AT:g70ekhu2ZUfx1bLc1S1m4AT

Score
8/10
discoveryevasion

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2caa9f694c6ce6cb12c384387e9e6e14_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2888
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2caa9f694c6ce6cb12c384387e9e6e14_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2244
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2344
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2448
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2560
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1048
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:3060
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2788
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    84069143d797fa37f1a9e97437f10117

    SHA1

    d5a24ff2968bbe27d3f53dea2220f7ddf8316128

    SHA256

    c44d8d7af0a88e98e76fafd15d3395f84064624ef7977fbff6f319d280139ca3

    SHA512

    a63176c2bbf02e0749aaeb9c35416da2e30eefbc6f9caae03bc89c6db456cb0c49cd8f48e9eb045604ce65fd2648f96a3d9ab631f65116f3e11caa0bc81b06a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    68ff0c66ce7bab5ffb29ab4cb4a96ded

    SHA1

    c59c8cb4f4804737e5a566dcddb2c8f28f00f9c5

    SHA256

    7899192f9fa238fc10ad717fae5eb13f1c62dcfd6de6fdae521336c021e45a49

    SHA512

    c40dfeddfdc2958c8e72518dd6ea78b8d66b89398743731c9634e398ed4817b57bfb9c06926295a172c88d00a195afe6d44e9debe169b554bbaed5662e9375d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c16aa59f6b42e14f0e418530282b6cb6

    SHA1

    8c01cd754f83847775da50c6c0e7adfa21c54ebb

    SHA256

    1ac52d19f02fcc39fb87471dd7e7a76ee4d3762db7cb89474e0e74f82083cd3e

    SHA512

    9e72e9f4ae6d132ecc431b2d48656a25be9e539ca9aac58a42f480565a0d8dc62b71afbbaf3d1a70cc4bf473f09930fdb042ac9f9e28c2ff4a9dcb71721c45d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    85e02cd18058262865abc7ad32b1d41d

    SHA1

    672df5b58a40ff7f95773c1089062c812c9820bd

    SHA256

    246466f18e73fa46ddc219fec28f3e309efcfbc3af0493348f365b49ed9e2854

    SHA512

    f0f14759102a596de8c159a257f962c21d5aa64eba2d1dc4b613b0907a53e27342dc9bfe1fa70ccd6b0912433e51105c3469154b742132f5a3812dd9c9b918b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4fe5b2d776efc41febb5f2ad0fef1776

    SHA1

    1e307014da0f1e3bd768d95fd7add797fa6dbf49

    SHA256

    3751b758214a1c53a10bfaa3d8a09d7a7d6811ceb0730898542280b43f76f843

    SHA512

    f3fd2b40098e876eac086ef7c99939e5fed62ccf200cd851b7cf9b5936d60e7f5f081443ce28dfaef36996e68c9ca337c2bdde6944ab28faa6bd4324454f08e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    02ae0afbacf0b0860e3a4fa154b59883

    SHA1

    fbf8d997c5958c1e930517a53c1f5623adcee1de

    SHA256

    056a611abd90edf6f7c32b3f16fbae73eaaa810c8bf446bd95912420b25d7eac

    SHA512

    ad846ffbd4ad24e30d84c847fe5e635bf82dc9fb75cf36b49950738c2b8d2d7580030c43b7e73f654e3d1bcc23e57a84d06c35fefff4bbfbf11158e0e2f078bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    120f00957354cda4baad325e03ea18dc

    SHA1

    f5fd992e20cdc48ce6246fb185eaa44c9390dfea

    SHA256

    ae1f96b6efdfa894ab7866d729612a72c97a45958850cfa69ee5e010d0cbd84e

    SHA512

    584ac04b0bbf4f32ba2f964d50b9290fdb1d12757c26193b2fa88a04ec0d27c3311df6508cdcf03caf0178bcee1fe443ac87e608bd876e1246e26b599e7b51ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    802537bd192d8086c9a90a8b435cf418

    SHA1

    1a52d40b2ed50c04009e834bf9fe9bb5650c08ae

    SHA256

    7f122fca7295d601a35981b17ca235b2ad863359047354c26cf628e1d9afd206

    SHA512

    9c0abe19cdf583cea8c0346204e13f29f2862f1741378e8aa0574a358b2bce042f1c5ff11fc3f630fabe93fb1a20037328b49b0a828ca86070348cb3146c8e4b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    97e097eefcb4b433ece62151f223bd3d

    SHA1

    8a7abda6696b2d2ea572606a6143acfc322fa06c

    SHA256

    3547a682cc5b87f8893c659ccb61ca32608eb3d0550564eb8ae0831a23bf2370

    SHA512

    f0dad04f87506e9abff8e235f07d3a3da10baefb032abfab7f0c8d272dc8a369295aadb46e4d305077ea9ede8c9c3cf6b568fbc2ce92965a6fa4e239934f2a12

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b4c36e5af6a6e8b450f291a2de9c8ed

    SHA1

    7e501b727db2edad53112c1313b83549a543d901

    SHA256

    9099762b88ed689f5cca7e7a1b224c2eb59f1758a4bbae13419abc261734ed58

    SHA512

    8a7c287a571b465f2c816f5a70af21985af68ed321d3438e3885ca73fb0a123474e4e1f5e0c5cd98aa5280ecf3f4161fdcba970ca8bb2c2ea7ccf5a10ea653c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c53a9d838db15db5fd65900a48a3e1a8

    SHA1

    229872688f791380f070268b1a1995e74858821e

    SHA256

    cc49ee81a8caa08f34de84632d6c1b48693a98fbeb5e0f364c941c3584c4d9e6

    SHA512

    46e9a529ebd67576b0caaee3581c0361590c48c0d9d919dda048a2a10fdc11d068bc55d54e5b4a436d778b902314c314e8b5ffa5791e66ff43aa7afc43f48743

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef5e5a08235cb61259539f53a4808ca5

    SHA1

    0d58847747c9eaeea569543e7d26db3a10fa3b7a

    SHA256

    3bb598917ca539ad444f59be18a28284b602c01382c99a234feda84afe225cc7

    SHA512

    80ea543ea0a0404ce576f8bb8cdee33167dea9cebbc19bdbe687812fd1ddbd0cd31669995272b5e8370b64d67ea561447cbadd61ed071616ab59e0610c310f37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a163e9aa72c23ef9807771f64a7061f

    SHA1

    eb11d4bdc3626559dda9817ddb90aab535121f19

    SHA256

    c11ffc5e9abb4c16eac11c2e4ffeb9bf318c9a96c3149ba8d281d8030e4f661b

    SHA512

    f3a6467c636f4e0b3a22b8887c793f18f049603a90305f845b3691d640477cfc72754b7e1934ab77a6fdc716e0c892cda0bd2acb19bd54f5253300dbdd45acdb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d3cc5c66d97f58f3a5ae34bd2be8e2e

    SHA1

    738aa3614541feb17191148aa35c55700e1ed965

    SHA256

    240eb0d5fe67b0a7c385f29f4f2e941d07d804d9436dab9a56c2528fffaee1a5

    SHA512

    348fa7d27f0bd1a30b859d5d35cfe2c27775ce43aadf187806aeb9dc3e21c95b48010d4cd53ab5c3cf1fc82187b5228e8f060592df9850619ef7a4ea8dd1f247

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bb579991db5aa3feefdc995de67cecc9

    SHA1

    7e1f6995e445fd509fbeab0f28c63f4a889bbd93

    SHA256

    3f48f67299a5de4e0362574a2d034b66f5e3da5dfa21ef10c26f643a98c2fa2f

    SHA512

    5d7220a416719a3b970d2c49f5650a99bc3dfd26d05d64b39eb315a2d89ca0ce80fb86ffdda00115cfe871b95f995023fffc07eb26a29d2ec6e127850bb3595c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63672c8d8d1e9244a5d0f2e00183634b

    SHA1

    5df451b4c53fc2f51b5bbdc54427e681aaf2ef1c

    SHA256

    1e55811e9c297ccf31f870a58fb0e825a79e4471adc4eb31fc7068fd0b92d010

    SHA512

    cf1311756c0abba385bc967f52b95d50c211a484dd9a433b0acac12189fe1db56fd9bb3fc8b4fa551fb601806a42e927f6217ef3995c477de7b7937f450a5f0f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06a6330ed4cd6a1746ddc8c256a0443a

    SHA1

    eeefdb7b6fd9205f741c99faec87bb655f5294f1

    SHA256

    b05d8ea0a277aa07bf1e88035f486d115b1c02013d955a9de5aaf44851096930

    SHA512

    4eaed8c21ef31e15b95377106058aa68594784208d0dc6e0c437d71aa882a507f3e17d7224752f293e080ff0d40396114d5af588028600c227b08ead4c5ad655

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    66050adcf3f2b55dfa36624febee7d7d

    SHA1

    8ad90d1d52a4a4117cbe9d894d6f1c3cc6c9955b

    SHA256

    072fc4fa22da99f0f3e816a8051e2008184c612bb6e1ff1ef14e81da57849796

    SHA512

    bb508335ea7ac9981caa339663f820fb143850f74b016aeb2f3a417d125251ec594fda814624295761c709947a57d9ee3e0f277deaddf6c6619a2ad266857599

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA8B1.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA940.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1048-11-0x0000000003B80000-0x0000000003B90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2244-3-0x00000000002F0000-0x0000000000321000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2244-19-0x00000000002F0000-0x0000000000321000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2244-1-0x0000000000270000-0x00000000002A8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2244-2-0x00000000002F0000-0x0000000000321000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2244-0-0x00000000001D0000-0x0000000000201000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2244-5-0x00000000002F0000-0x0000000000321000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2244-9-0x00000000002F0000-0x0000000000321000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2244-7-0x00000000002F0000-0x0000000000321000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2448-17-0x00000000008F0000-0x0000000000921000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2448-12-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2448-14-0x00000000008F0000-0x0000000000921000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2448-13-0x00000000008F0000-0x0000000000921000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2448-16-0x0000000000550000-0x0000000000552000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2448-18-0x00000000008F0000-0x0000000000921000-memory.dmp

    Filesize

    196KB

    Download