Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

3b740dcc02...18.dll

windows7-x64

8

3b740dcc02...18.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    150s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2024, 18:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b740dcc0236ecf8fb87128a6649ea07_JaffaCakes118.dll

  • Size

    219KB

  • MD5

    3b740dcc0236ecf8fb87128a6649ea07

  • SHA1

    15362c2651dc9e360f03da9d767afb82b43fcdf8

  • SHA256

    ce713d9968dd65da3b1878269b7013f743e55a138c1e61bb01af8ca222550261

  • SHA512

    bd955b6e99237f82a7c5fb5548659a5fc5dd2641d95cb0f15425abec29645cda2f9a7c13143edde27a228d403b66d3e795ede8f1d20b3cf2255db92b7fe8ca5e

  • SSDEEP

    3072:inn3Gs0jc2h9ptGhIE4y6atOfc7HD35HXRr6+UXaYvldMfaoDhTJZsWpvrk+Lvoo:a2/c54y6atykryXfvlZoD5bNYtvc

Score
8/10
discoveryevasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b740dcc0236ecf8fb87128a6649ea07_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b740dcc0236ecf8fb87128a6649ea07_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2496
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1380
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:1752
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2636
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1356
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:1796
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2604
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2992

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    84c88fd0f2528150db9aecacf93b3fd0

    SHA1

    ce763de84e4fb858f5285bf4db9a3f5f1926f4a9

    SHA256

    ecfd00d3010c75a0eacc9b000c80b2b454c030458ae1aea9fbd188006eaa67d4

    SHA512

    378acd170032c9830b1bcf193657daa1e49289ec35b50bda502e69593dae96ca71cf5b21c3797bcde61149e8561efc728512bbe8e82c1efb1f2b1fcc3b38ad20

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cf6de36f9704ef4fb845fa50cbff9b73

    SHA1

    3b2501778fc8034429cd102ec1f867eb6275e2ce

    SHA256

    0e7ed06f6bc1185ee0fcad677ad203ccd14cc02e78ccccbd45ad44471f976025

    SHA512

    1825578f7ea98a4e9981dc6bbc7655160a46b23fc9364fda7b8e6278fc9d9cceaa667a43653fb0fbe8b9fc6da6ad878e71b55234e3b6197441dbf3d4d98ae8dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff56635c95cf1321dfe75886364352c8

    SHA1

    b17c47196bdfb48c24f635098918a1c348e039f1

    SHA256

    9feeb3b48b2c0bead6b1f8c77a2b0db46a391749f97d71e8dd060f2f1881fb68

    SHA512

    5fafef5e37f65eb0286b1a6e78c6cd577d5dc62ef9f6832e9cdf973e82eb0f25d0d2f1925bede5207ae768974517ee21f26744281b9b9a39d514fb8c496148dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a23508446dd990e7803d42585e317618

    SHA1

    8240e62bee70fedeee977d3a14dff328d606d866

    SHA256

    e70105cdad04896d978a29b8bb55549fcbb912c556724394a2fa317f7acfcb26

    SHA512

    39d980a951147a89d4d30f94ff3c3d747a5b92b441ee385a5b511f2559d850a4b0fe4ea461aacfb56c598c4f6bcb78e9aadc7c10643fe3ce5008881caa0c5625

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f952218f635537f8e5647590f976713e

    SHA1

    fff7f642769a8766e0f66e78afd706187e5b17d0

    SHA256

    4a4ed639c3c3029f328b755dd81ae09424200a5f5dbe25521033e2cff640664a

    SHA512

    c6a7a3925c2c44da77e38344c5e51a44c31c53ee8d01344270e44de59b7035596d242939ee0e4eb5b5ec597907262d8568ddd1faccce1c9cf08642cc823f8fee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    34435289cf53ffae81b0a8062fe59e00

    SHA1

    ee6308933f29566123c533b2aba31f1671669568

    SHA256

    ab7bccd6f5b8b4b7f0409922bfd0e2f9ea433d6af8847ee33bfd2028a27aec89

    SHA512

    081faaec48321d0baf1ae3984475454ad9e5b06443c469670f743a95a9383bf93e31a8090b108f1c241835ad1be7574044ce49defa1c87b23f71c43b1f491b04

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b11cfcdc167db5b5453303328dbce62b

    SHA1

    171e098eb0e0f9c27e537c65b3e4596d94d06445

    SHA256

    ebea031fcd6f835e085f5d30ee96330fef090b6de8fef6e624f26746531b7ca5

    SHA512

    4577f8552bb7a0d490770a187f949d494e559c1b84024d562bcb1b8c090f64d7d5c34156a0f4f87591bab9d3b92cd707ab69fbc88afb7efff5c5996c4bb9ebd1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cdaa084e0b363e8d80806e5b312d2966

    SHA1

    1edb6f49ad557818e1e95e45bec3138a4881f372

    SHA256

    314c6e0b0f64308a765f7225be050255fd3381f4f16df705c8eeaa2d7a271814

    SHA512

    179b6290b75a52c8cc641bb001ca9da9e97b2ab0a63f1109f1d084b24101e468c2d3832e22b0e6d4075892ecb6cdd3fc123bfcac4521575d040723d742c3d36b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d30853948f40993f87b447f88d470479

    SHA1

    70a86d18f8a08be7281d63c40664efddfbbc1032

    SHA256

    e063c755a3253a4513d0ab90e8956fa35683dd46c61b3404664f04f0d70fbfef

    SHA512

    526921a2cee4db73ce7eee701eb36f97be7eaeef6e09daa4ed0852e45d599d408e2a3bc2d67d4bf29fb9c7213af0891216f206328a2edfcfcddd76709ddef67b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bde1ed94a37e337fa506aec7176d6c03

    SHA1

    4774799039add85c58b3311e1b39a9e0577a2223

    SHA256

    a9dee959c08cfe3b4f1f1f8012bdf53032eeb1ccaed7fd6abd75f43897d71146

    SHA512

    ea94ed0ea3f964293b9bcf212acfeae378a50532f71298a16c24b591dc4a5499fe422c90c38bfb616bb58fe266f2975983463f14c101ba9acc0743d67805e299

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a2541fbf75a5715e71053a9146b8099

    SHA1

    713d82db60f2bb86baf4438c68d7c90c9de07897

    SHA256

    bbf9c4e23bf9c8a8b35d806482eb9891dbce6ee8ef46ebc8ce2fce9b70939f0b

    SHA512

    b43014e65f41284a5a3184864194753d6b04c439cb72dae62be796f212eb40615a9a5b6e019193a4fcdea9875a1845c8c0f626e2fec413d7e7178d2846dc3b46

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d2453bd12bc0b98355d1361a001d9825

    SHA1

    e1166b13718d574f3c3237062cd3ec6010ff2bea

    SHA256

    2770558a1be8ad57b9f0f0c6360ebf1f33a929f34a9c9a1a7f612f36fca95a19

    SHA512

    f635605228d7ddf82224f64c3242f16d2ef310de38f9ee54c94ba9b4eeeb785c67d84438f7b93ab77c7ffb3cef5e903489f4aff029beead3c7ed96e2ba8ed088

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0151dbed0d5c7c484ea1b3a1b278b3ef

    SHA1

    0cc5b6279bc3d98a88caa39cc980ef7f0389baab

    SHA256

    624943d2e113b7cbfdb3f661ebb4a0629c80d13a75f35a21c57a3e27dacdbcf3

    SHA512

    6cdcf9d66dea46ce8a5cda076ed47e04c93dd36e636cd95445227862c1417a9262dabf9526cc71712fc2fa7806573eb0dd2625b6e5e67e5c9fa46a977360c96b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cf36eab96fdab607540561206d9bdf6e

    SHA1

    1b24d1e65c186db51675b7dea371bf169e17bffd

    SHA256

    1d5f2547c06eb35f59e8ae772dc3b2c4188de73b3130583cf54bf49ae57b772a

    SHA512

    86f5566df8363131dbd13709051a360aec420170baac4f28b0547958821cdad14efef82bed1a9a76f8ca61dff237edf848b5aba59c38371d8c7f65de137d5ca7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    366c71fdd9f555c1641d7e1b048bbb8b

    SHA1

    0b2f30987182e13de780e56adacc628f3a50f31e

    SHA256

    00431aa5a77e790b5b6582f9e46b71f4c896270113bc62711eb5b9b8e6a605b5

    SHA512

    af2d9fae09bdb3912419b6d6c79cede16d245f3b3a22257e8cc69d7ddf312b64986591fd43b807b3ead389881b2ac7bbbfc20fa56bfa3e2449f7e00e660bcb29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc2ac9138c094d35b51295103d4e9ed0

    SHA1

    dcb27a87a1ed50b4b21a5ab2986a6b6760ff7c59

    SHA256

    0e5cfc8f3e5dce531de9b1a3d26a12e374ea424f16bb6edf69819e5892fbda16

    SHA512

    3be08e3c563caf98ad0a1f1bc9061b7b1b0027a30621e00c916a3bc8ab5ee060378cc27f3921303c3de0732bd00aed200707f0e110cf9ea5c9693cf5071a9832

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0709dd2851f5541bda386fefbb7fb0dd

    SHA1

    f26b0d8448cb38acb4203a4e18238d5690f79281

    SHA256

    ac05a16c3c7be888598f73b500befb90f83f7aaf329e151540d4c81390c3d6a3

    SHA512

    01b489d9a737c83fb4587eb0d5b3c8024cbe156e6965a389f2153ea1e1553e15a5e70225009a024f7ea505da03878d3df04b477c63c197f947ffa1f22c3a411e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    979047038e60db3e6fc1e6aa0542de7c

    SHA1

    89ab01d5e0ba25d9622374d834eb611d9e509883

    SHA256

    c19e418879417b6ba7dd45925b30e0a4042d7edca23cb6bc95d4bd392cd874ad

    SHA512

    06ee7e1bf9e745338df6fa6cf6424bf3739930248a81385971fd02dddb126d6e0551764e871110d95af7115b6816b6335a62374861b287d223be992d0fe73bec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0dde0ca49a7e62454840409df369da5a

    SHA1

    a902582c5a0923c22a6762b874cdb2d0ff6070c4

    SHA256

    ccb0b04e99d0a155ba7f613248716104a2e7540105e4034de23ddbc586414eb4

    SHA512

    f017129f0308ffd23ccd0e0272629dc1f06b4e41e08783f3c6679985781d90340f636af48353f182d5a4c6c2bcbf1a407cb2d8a25fa0e40351d4d12cc59c449d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA00A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA0A9.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1356-4-0x0000000003A00000-0x0000000003A10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1752-13-0x00000000005E0000-0x0000000000636000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1752-10-0x00000000002F0000-0x00000000002F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1752-7-0x00000000005E0000-0x0000000000636000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1752-6-0x00000000005E0000-0x0000000000636000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1752-5-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2496-1-0x00000000001F0000-0x0000000000205000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2496-12-0x0000000000190000-0x00000000001E6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2496-0-0x0000000000190000-0x00000000001E6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2496-2-0x0000000000190000-0x00000000001E6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2636-14-0x0000000001DA0000-0x0000000001DF6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2636-9-0x0000000001DA0000-0x0000000001DF6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2636-11-0x0000000001DA0000-0x0000000001DF6000-memory.dmp

    Filesize

    344KB

    Download