Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

3786922230...18.dll

windows7-x64

3

3786922230...18.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2024, 00:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3786922230f2b25fb0a42ee32fdbe9d3_JaffaCakes118.dll

  • Size

    220KB

  • MD5

    3786922230f2b25fb0a42ee32fdbe9d3

  • SHA1

    b9f0d9811b10d951833c87ff5bccbe46cc91ebc2

  • SHA256

    a07ed293035f109f2d92170e39d3620dbeee3e3fba8f55cf24ee1cdd70d9c9b7

  • SHA512

    34f8f3632c4de29035d16eb102fc656d3597b76a5c8ecefaaac722ba66502623a92957cc95408c7914e7b070dba16540afa9ae7737f35f160bfff8fd64d36405

  • SSDEEP

    3072:UaaRZyqo5tr7sOQ4HgUaTr1Ks6PMeEVh3abti2bm2ubNIXsKbZwP9z+UMD6anZ3n:B2AHgUa/n6PMe7Rbm9GbihcvnZ3n

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\3786922230f2b25fb0a42ee32fdbe9d3_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2420
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\3786922230f2b25fb0a42ee32fdbe9d3_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2520
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1852
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2396
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2656
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2796
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:740
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bc0aba79f95404f87f8119bfcdea634e

    SHA1

    b2c16df4038c9fb744017a8563c365d7bc565e68

    SHA256

    4e0435af1b52b91b3f9db6022ae3e055b4ad80f0618e3e453aacb6006d2e7352

    SHA512

    50ba3890e491f00d716159ccf805afc323c9f41a5f211821eff5ca8989f958ff3c459179134f30365aa691b6c116dc725362d4501b56b262de5baafabd076f2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ed89e72e2bbaa35a41a94747f77d6513

    SHA1

    60291d856abebba6000a4131673040b4aa91d02c

    SHA256

    a810d59769cac47993ff5372c7a8c6943470232fdfd5263a2fbc4ac1bee1a564

    SHA512

    7f3edd88fae2c753f24973d1bda7ca9a74b43c07eb58532d645f28f9f7351a4f05be723ebdbf0ac47cbb6557190dd589abf27edb8f627b386f75055a6ccbb391

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18e91e66d97641cbdac8d58e7dd37424

    SHA1

    51c0282722c9b7166a188aa5f587fecf6104db1c

    SHA256

    9f4c7c82dfae6b3e1aba436feb23d9c24f9d6ba5a75d32dbe282412587bf44b2

    SHA512

    b6c92721f1747fda8c33d2f80c54e8722e570ecd0102f99cef19893f4efc1188da5384dcb54a849c84d36fed819f9fb38fd61eee21e3b71c0aa954fca361e04f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    60d48c17f1f1b4182eb9607432a0acb8

    SHA1

    705e6b8367a40f53f92a7c1581358771bc82a029

    SHA256

    de63049ae2bcf9fd51e8cd085a7b240d1998b8d430fbb4d8ef033c2f028c7334

    SHA512

    934da289d15aae2f1ed0d3e7e71ed41feaeebb27798ab5acf2d83056e2b2dfe53fdd27f560cc26835248e080464b45dfeea15a591f57337cb103437e7fd5c797

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cdca5a0ee6d288d3f0d397aae7ec7483

    SHA1

    f38659c6934bba4a76136c05f11b744f20e0fd46

    SHA256

    bd016ae36ed47339dbc9fe55500c3ca82150f8fa1004443a432e52802a4b3b28

    SHA512

    1bd38ceef5f5da1f06cb0e29deea618ab2591ea75fcd815a414cec9b8ffd364220882fe7ea4b2ab8e6541dcc4c1955f1cbd5e28199b6b5fdef22453e9dfd0eae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    caa9545246c008c2fd36dc0d406c1a51

    SHA1

    cc99ea2ae76747e659c3450d04954befecba5ccb

    SHA256

    6704f25293d45574c6f8ad1f356f6379ac115b83808f840461b63445c82e0174

    SHA512

    20e0056031f90b63c82a8e5e1c5ca5bc416477c1b4f1f565789175f3e8fcd9803bf096761a31478040008cd3e2784df4a3faed6e24bdb1031588cde1af944e7b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7da7713298de289cd5f3f4c825e22962

    SHA1

    c61f32c0cc3c91686f849dc3f549f5c0cb363598

    SHA256

    b9c3a0e56caa9362f9dbf3325d4e133a1e066f8c4c6a5ac55700dc09f21e94bc

    SHA512

    61fd8b229194eba323235cdb148b10664dfe2c34ff79175196d2a54d0b5b4dd1f35328ccfed40b4d1f0e3995db75d42e47a87f76f5e5403ec1932e088e7f87ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    84f5b1dff10c16d47b9fb42418a15244

    SHA1

    4a8663c3d2386a2e0dce0af8f2bb7c8b468af927

    SHA256

    9a6c1d3812797c6c8e740ae6658810c79e832e2bd272b578b8c42bdfd9cb55ea

    SHA512

    353e18b4f376723ef0c4185fbb686a61cde1889b2b804b5e765d776da5cb3d5151020714926cb223af8e85539b1783389aa9611831b7c2cf1a4bf34ed59eff7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a512a7fdc178bd3bdd66163ccf126e5

    SHA1

    cf4f0c37892524037cdb269de059d1029a04d594

    SHA256

    b1efcc8798d065aa791238f61027e725c0464d217beba996a6331aced9ef1db4

    SHA512

    7b2a25f313e26db9fed26ff1ef7023b59ad718374ef7263528035060980166b43a50c5024db0e134e03087a01fb0948bebe14da83e03a0a133065b16f93893a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    840e9792efb9716fedf4899f45f6bf52

    SHA1

    8eddefbfa4c5c98ba04c2be8da175b39f8cc1fa0

    SHA256

    10f076c080ce4c7bb94f43f41472ca33b73440366207893fa3fd7a3e1a911a52

    SHA512

    1aeaf9be3e35aed0493160edf146e81e115dbefb9c675304aabb9f50dc923626ea7ce28b3830f1054fd029f8dac90ca0ce5f574cf215deb1d03ebe5ee90db794

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2984496f890b3169ed9d1146cdaaf88a

    SHA1

    74c79c8902ea9b213d97291703a777fe26061913

    SHA256

    eda91736e6f29be9e2979e1dd4f8082af9695be6b7bb5dd60455e418a8c95533

    SHA512

    0282f7bab83f6eff6e538a55211c79acc1f25eaed1208358507c4a1c182a3cd25e770d04b0a623d9b07811c7aa88b65ecc5b66faad5ac46527e8df22cb646cc8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63ca9b03b198b1c3fba9b804f01e1153

    SHA1

    c2ad081045225059b2543026f14d0ef71c1c48d4

    SHA256

    252cd6ddcdb2a96cc38d4dde8bf6859508cb3659197c08bc6e6ddddcef724571

    SHA512

    58333bfeae8b46e33735b685e94d9d3944d3079fb9a9b68df569e88ee21c734090a6dc96e609521acfff541fb8cff3426dd9ccfcf18dce9a5c79f20e9c23cdd0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    55c6392ce7ebfe466d61a62e38a96192

    SHA1

    7be6658c52c107aa02f413830345cd5ff84204df

    SHA256

    a6db8f952435c3b418a88cbd2fb334878063197c109f55ca5a7653a1036dc49c

    SHA512

    bd733f028438fa95ff57d72e39c8f607f1f05b2c3077336879674521b1dd814006d9877045330d5b260c8f9e5975655779de36c2d5d44225748de655baaa3dbf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e84f21d7d254e1349495e2988746efd

    SHA1

    8a469f33d6687a5c67da224f67a115f5113eb891

    SHA256

    b5fa4074a8fcae0749d2fae0540222984e1681c8ab431f04c37affd74d3ce3a9

    SHA512

    2a3b06e503ec24466b78085dd747672d63c57e56684836ec12471a4849fb1de9d859ff0aa090688043f5c7d7561d6e1aa3c7e8b5cd58d49a295e16441b371058

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b3ad5d76a0e871f42317fb2c8c6c6601

    SHA1

    a1662ad2adc50a9fc5234c1321e9e0be36669281

    SHA256

    258b60a3e5b87a23c38c3c57f7723f979e76d08cfba7b1fbbf6e505590630799

    SHA512

    2f8cd29b62f7248a0806ea8618e15b24eae9f32d822db3287d3af506773674c1b68cad1a0ab0a832bbe75d90b718de3d54ee469a9a5afd5761d94007efa6122c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e902f85ccff5084f907fd2a03d75a232

    SHA1

    26604c1bf87df7bb1cf58ac89b8db45572cdf3a6

    SHA256

    d98e13ae8a0043b7ed06fbba77670bf7949506fa48ec8122b9068f494fb28e6c

    SHA512

    82245a2a57a6e24b3390b29837bee47b35d28e7e6f09a0ac03f97349d784c5c67557da930ce7a76f935240ed05b0780eee30c24516dd063022cfa80b7cce40cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f8a26d0f520ba2aced52e0a25632bbe7

    SHA1

    3a01a6aa368fb38d70c0fa52e33a4dccfcccb44c

    SHA256

    a0a60724f735d6e4cc0bcef40e5dd17d693d6ee43a599852a92613aa8ad85aa7

    SHA512

    8e1f5786c5953ceb80d2119d4dee0bc53469e61650642670ca45503f2d75f3f1f46bd460325ecaa56309c3f0b6968a9663649d4a0ddfe96515fc05ccfcf869da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b7c8c045c30d60fdfd22a0b0be140267

    SHA1

    bd68f1b1084d54921d7b2fb3345af9f28c6f9711

    SHA256

    c48043d19a0ab273841566e711dc94cd025b1b462bde85e0add62617cf10543d

    SHA512

    6e50072273d74d55733e018b5c81285a011c9ea304d4341d67cddfe02669e310dd8328f2997b284fc61e0b9a1352ec048ab3cd131c8a0af4d969484364a008a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56033c10af6e5b960bbd23d69fc04009

    SHA1

    d140d497d0d1d1eda075fa611522b087eb4f8340

    SHA256

    813bf1c9730757340214487b29f6a97fdf53d59d03dcb4c9994f998a85748edd

    SHA512

    b4a1b780f0c3c59f380de050ffe678b63531919ac8c0fa81bed840559cf3e4d743a80adb6785ca6817c0039a59f3489d4af0cd8a11914ee2629f34de949e7907

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF40.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFEE.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2396-13-0x0000000002FC0000-0x0000000002FF2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2396-12-0x0000000000180000-0x0000000000181000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2396-18-0x0000000002FC0000-0x0000000002FF2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2396-17-0x0000000002FC0000-0x0000000002FF2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2396-16-0x00000000002B0000-0x00000000002B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2396-14-0x0000000002FC0000-0x0000000002FF2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2520-2-0x0000000000370000-0x00000000003A2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2520-23-0x0000000000370000-0x00000000003A2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2520-7-0x0000000000370000-0x00000000003A2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2520-9-0x0000000000370000-0x00000000003A2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2520-5-0x0000000000370000-0x00000000003A2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2520-3-0x0000000000370000-0x00000000003A2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2520-0-0x00000000001F0000-0x0000000000222000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2520-1-0x0000000000230000-0x000000000026A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2796-11-0x0000000003D90000-0x0000000003DA0000-memory.dmp

    Filesize

    64KB

    Download