Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2d5fef30a9...18.dll

windows7-x64

10

2d5fef30a9...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2024, 07:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d5fef30a933722857943915e915fa36_JaffaCakes118.dll

  • Size

    267KB

  • MD5

    2d5fef30a933722857943915e915fa36

  • SHA1

    a18e7d4c971fe989a16106f018df4c85c4d02cc4

  • SHA256

    d5d0b1345578ee41d59308f8431d05537364b88b2be6b857489906ed9d285fcb

  • SHA512

    a349583f0d166b9359da766ceb9f9202038aa329d1a52719543594501807b98c4c517beda870ef57be001b06e5b53ca4dc60b572ba59a4809d60f72048f4c8f7

  • SSDEEP

    3072:C0NbrbkYHUyP9eECVWfpIhbWoVnW6IioARoKO7JurqeBTg4vRP86TvOB5n+90f//:JrkYHjIWeWcd71bynbe05kYv8Y

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d5fef30a933722857943915e915fa36_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d5fef30a933722857943915e915fa36_JaffaCakes118.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2584
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2352
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2072
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:340993 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2260
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2528
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2528 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2616
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 220
        3⤵
        • Program crash
        PID:372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d4e3fc67241e905dfee85f7249a8fb4f

    SHA1

    2b619a077a392d74a09c2eb3e9d7ffad9a1c2cd0

    SHA256

    c0da57c482acbdd5e40e79708c4bef9d719b163f288141c4e7d64c26f2e9049f

    SHA512

    9ea31e8ef7230a67cc8e8d88ef102a069af92f11607514cf50a83ea21c4ac93db579c313b22beab65a3a6e25458b4abb45aff315e025d219da31356eb860ca7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b17f1b0fe8bed69e664917b07be0839

    SHA1

    8aee3a69917c903a1c8ccfc44bbf2dbea1c74293

    SHA256

    d4a3d29e574db0390366ad6b78c17e55b0892a7d81f16c96383837b6799adbab

    SHA512

    78207777b7b1720b468bc31d889710891ef64d056f83d83fa67ecf58899e3b7660f612ce8e31a337601d0dd22ea1d63eccbbd4a2614c81d9bdec5de22fa5999d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3efc45563fcdcfe37aff9a6c97fb7866

    SHA1

    1aac6b351ac14a68fca83699c89fca3d23e9394c

    SHA256

    af6d66e862c019313ecd6f765dcea977bf0269ebba6d5004a08c1e08b751ef40

    SHA512

    953d5607947147b8593cdb4b68a5337e377930902623a089edeb681270b2fae9e3ce0f1b42e88143c5f83945d135312a6742c02623dcdca1cfe235a9b3f8eaed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cddf3e1c8c675acb1158bf45637ea3db

    SHA1

    0828d1124960d730d6aac45c21351618b3932dfb

    SHA256

    32bbe011d5df6abac0c7736753953d89078a8ec21f193262a351594660665d89

    SHA512

    80315254e4cff550b7bb1bbc8c1b9f2b93bd063b85b220759f498f51310fb70c897c8540367c122907ffa8cbc2c75a83c63cdac981a7a0052404e5bf29497af8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d3ef1ee223d94056e4a54680ecf09e44

    SHA1

    27140d9f342df0d01bd9a903f1e3cf1f4c7ab9d4

    SHA256

    bea35af423563517e1dddb8ea08a740e08ab62730f036d5e0af6beb0e72ce5ff

    SHA512

    cdac0ef606b41cddcbd3042691d9c797865bd63a4c3a94e57d6533fd4744c387eb2b16a9d128a592d0382e8e707876e106063374fd878d4dffec7245337fa66d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    054af47b36bf6a6f17780e4533163b6d

    SHA1

    909c8c1b7bb8e858e4e5c8c03d8c28bc8f95eec2

    SHA256

    49cbbcb772eb31d4b9d2004804817d0ee072def71a1087d7676cbf333bcf6cf4

    SHA512

    d493c0ef7e7d8a4722cecbd6af8b5714b30ce8acc87bd0f84e6f1fedeae259fd5f6f0eed37f94167722faf02754ced0d387e88cd23745a8fc1aaee845fa060fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5ef7adfe15b7f3012d11d6a80b664edd

    SHA1

    77758d8ca9a22e529cc63fe7e038dc6023a3d43c

    SHA256

    4faac1b2e1065acbf70929a42ab18248314baf6c66a12e9131bc42dc8ee15aec

    SHA512

    e6915260d15356f4a75bbc43d6a7a2ed6f494d32c8e399b13a05e10d232ca319bbb5851d3967616c3302c0aa0a2981b91a538bf511fd7bc6a190cb20ab956cef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d0fc80ac41cb86b950f5708c2e5d32cc

    SHA1

    a09b760c8d993cc3ed657bd9f475c5a30ee03c4e

    SHA256

    d1803264d9e143d35ddb426bf65d80c06a115fc77ff70b9bc10ea45a12a9d4e2

    SHA512

    a06b4eee83f989a82cecc7aa2fcb860e0e2d9f8175fe8e5f1abb1e16d185d0159bbc5fada5360c0df1673fcfbe9da4a92912c66b1dc6b823c5a0d4e672e99eb1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a1be539142938cb05268b5ed3584d74

    SHA1

    964152d97efa8bba1fa777d9f90cf04890e0e011

    SHA256

    140babd9ca5be4cd68cf0b7efcd124c76f28894a9021381d69725387f9daad90

    SHA512

    e3ac0aee6aa52bcd35dec67ccb23de46adc16d01494336e9693cb915464d22dcf73af8a643889f63a456ee6abbbde96cfdc0180bb082264b6c023329410cbe05

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9fd2d6353a8b606095b1b259f42f93b

    SHA1

    f87a6b7d9d8b26d7747a45dee0011d96bc196618

    SHA256

    04a6c3b57bc71d236a4c83e14d7180a4e5fb7de06e2556521ceb0dc790f29fe8

    SHA512

    0193a4410d277b25a6443396f7573538a4c27eb039be15dd18d2617e4bc62a4b64d3a37ff2092ecf48927f8795d1ee4bf698f92e2fd375e94217bb96947ccf3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    934b9620241716da29098172138de7fd

    SHA1

    6d73eabd11f8a20e19fbc28fb371f51fe0e47d06

    SHA256

    448887aeb0591d282fc5e73384d5c2887f3c10c81d1935e34789d7ec829f8a8d

    SHA512

    009de53982b77984afe2b4f277bf3bdfcfb91fe38469dd775a98de0212725ab47f694183264b374671a64d70a2b5e0f1f5c0dc858169f27c516c2fd2ef18bd7f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f3e1f9ea3e3919e40c039b667eb0f9a

    SHA1

    5f67f42defee7db57a74cad4462292c5d33db120

    SHA256

    dbfbe77c63c11a090f62d13c84eda4e0d377ab716682cac1e7810a3f9f579a1c

    SHA512

    62a906c833b04be8c3c13b3a5f9ac06dcc46a81cfb812732f21e17ddc2690c6956e2738dc4924da033a803e159049b434d45b7882e357cd8b7f8773e37b7bd8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    101aa98bba63cc00f9691d188f2ea178

    SHA1

    cde43cdc3ad7f94199644360af800f696365ba83

    SHA256

    4b32e85837d63fcb3c6ff76623f2c5a8f89fa83bd82f50e11b6f70ba977a15e2

    SHA512

    390d536ed5d1035c646e19fbedc9cdf1cea9088c55d21db07f2ea0f86769af41f0be731fbdfba8a278e1de13cec3848c3895665779b0371f85198a5398ae85ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a41f4a763fada01e9cc4b8ff1f33b4c2

    SHA1

    d04ba2ac5583359e38e4177bd3464c3bd093cae2

    SHA256

    92f645828aa853bc0f291903bf530944c494b766e75cf60dffa0667577153a34

    SHA512

    3514b50d7944a788aaa099a743a998007b4a6d6834fd6f751b104257c8d247ce5724352b70943577b7fd25dae57a305df5c286585324993fc287b1e81f079042

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b61b53bf359451f6060794a76d7d0c88

    SHA1

    b83835917a2f8e9f567bd03e719f8df47f0bc17f

    SHA256

    4813161a6ddd8e43bd655c1cb9658c2237ebdfdc2c64af21511fdd754504b777

    SHA512

    77b9ecc6de45de5b499feba8dae36e92369359f989a3a91e4c3df09a32680bdf800ebef3cce6777e7cbd3ffccc811433ef14b9a4ff92d92eab721d9ba535e1d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f65915c35fc8d959a3285068c72015b8

    SHA1

    53ebaadaaef48aaf5e85bf03a94722b46a0318d8

    SHA256

    5416fc681d39cf283618b4cea5c975ef2e7e7752432c53fdcfa43bb85f4d267e

    SHA512

    3a3a02648939638cecb6f0d09dfe4148c4d63e22db73123621de222dcf2d9ef31c009777fc3f30fe36973a937f8fea98df79476d42264eb451cf10c2076b37bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b5b2f256e680bb95aed6f6e802e6880d

    SHA1

    31f98d82ca59644ff3c9f1ccac573965942eb8fa

    SHA256

    9484dc6225fe6d0b334b8bef08adfd0b7273d2a83650af0fe3f1329bcadc38a3

    SHA512

    83b6d93f8fa281b0eb06caf21135304aaa340475a7e660ee553fa246536a699c8ba60cfcd03bc0bef2985a7f5fc3f465beca8bad1f1d63a11da0620746778852

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{36B9F6A1-8674-11EF-833B-EE9D5ADBD8E3}.dat
    Filesize

    5KB

    MD5

    82cd587de26f5c75737bce8b491e2f3a

    SHA1

    c3f51bef4ced75083be901d1540a3250d7153835

    SHA256

    cb57ccf3942ac965890589575b01ce3a24ea0fe3b5350be104c3e2b268e79917

    SHA512

    86ad0016205b9da254d50e3ec3b0632e031b05aad604f4c741b98c96c48a3aa8affe7c8b10c97ba199d92df2d2d3302722f96d27d7a93c8f47e86a3562708cf6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabEDBC.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarEE2C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    100KB

    MD5

    308f9d419f22b2ee22045d8de27f948f

    SHA1

    0550f68e09fbb61e19ebb7e538d1967604364453

    SHA256

    776c6ac33fa9b591d2eec946fb666919696845f09a633acfe8606c73e1999901

    SHA512

    8e36baf4c4f5c9f7bc001ae208abaa96a6d7d6e422823105abb1a8dc4a67e94da2506187cfe33929e018b6a88863d2be79057bfb227f56158a4c4a35f5b55ab8

    Download Submit

  • memory/2352-18-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2352-17-0x0000000000400000-0x000000000046F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/2352-15-0x0000000000400000-0x000000000046F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/2352-22-0x0000000000400000-0x000000000046F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/2352-13-0x0000000000400000-0x000000000046F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/2352-14-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2352-16-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2352-19-0x0000000000400000-0x000000000046F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/2584-1-0x0000000074980000-0x00000000749C8000-memory.dmp

    Filesize

    288KB

    Download

  • memory/2584-2-0x0000000074930000-0x0000000074978000-memory.dmp

    Filesize

    288KB

    Download

  • memory/2584-11-0x00000000002F0000-0x000000000035F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/2584-10-0x0000000074930000-0x0000000074978000-memory.dmp

    Filesize

    288KB

    Download

  • memory/2584-451-0x0000000074930000-0x0000000074978000-memory.dmp

    Filesize

    288KB

    Download

  • memory/2584-9-0x0000000074980000-0x00000000749C8000-memory.dmp

    Filesize

    288KB

    Download

  • memory/2584-21-0x00000000002F0000-0x000000000035F000-memory.dmp

    Filesize

    444KB

    Download