Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

d5bfd797bf...18.dll

windows7-x64

8

d5bfd797bf...18.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    150s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08/12/2024, 06:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d5bfd797bffd0d482122f914b16ea6b0_JaffaCakes118.dll

  • Size

    218KB

  • MD5

    d5bfd797bffd0d482122f914b16ea6b0

  • SHA1

    d56c6dbfce4d9bd30a1375c7c21e058e5fc38743

  • SHA256

    ecf81ed9fec100e108a655305c8ef4e4386a575a4e280684c516a91caee79dbd

  • SHA512

    dfa76bff58300a90ba5059bba8dbcc731676c5e2c91a03bc874c76fa0ed677469daec99073d632120e54e2870e9bd51d566b7efe11b15501d9471dfc9c506d95

  • SSDEEP

    3072:qyKGuljBliR1jjx6p0PnlE43EXU1VtlUxRX/um1onTuwcTfeMUXaCZLns9VCr:qfGu9Bkwpud3E+4BqT10feFXaZ98

Score
8/10
discoveryevasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d5bfd797bffd0d482122f914b16ea6b0_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d5bfd797bffd0d482122f914b16ea6b0_JaffaCakes118.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2172
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2800
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2740
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:1780
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2388
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2612
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2612 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2080

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f51e29bc9a38c2e497f6042cd3634a9d

    SHA1

    8d217221ccb642f2d85f1476be58805ed97c843a

    SHA256

    c35fa87b820993975f1e686ec4e6946f948ad53debbad34aa89870093df4a9ab

    SHA512

    04f758f9d3e0c4c6f8a995ec4073cf28c8c95620e915b213230d5eea875b97b935dd1ddee595903b0bdf63915f63dbc52b67975da4dd4dbbc1da9c5c45ee47aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    704ef2931ae065df211ee3b6b556f64a

    SHA1

    affbf18260d570fcfa7efbc289186e67a731de87

    SHA256

    9e76d56160a3df210731168e1a6d7d3d9d0cf93a6701709fae5f41bd3cc4d495

    SHA512

    84d4c51ff563a320d68f627c8fbc0d543d962855e2eb5626025f6fcdd9faf2d0cb77139c0bcbb2282db4a689ab73a6b19336392475c2548908bb0351d3f80993

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21c7f59d6505856d7fddd61af9be0f9f

    SHA1

    63bcd41e7ecd07ce99f5f404be3b57e19f883dc6

    SHA256

    01f4090152ae5d05f19c478605ede085cca4ca5520ab6ead727378d87160fff9

    SHA512

    434e2c3739395cb08f41ba48fd85c2423a4d91f0a7dcbbaf2def2b1df04662c8b5a1ecf5c1658a2775d1139da6e04f443620259aa0cbb1ab0ae976c6aadef801

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7afdd62a6ffd07aab3fd70effb313344

    SHA1

    1a0a6813d900c4d1bdfefa42658a2d5ac2bfb018

    SHA256

    22b3bf3e36760bc474a56e7a747486a318eee3b1989cba79e6cd89a9fdba0640

    SHA512

    6ed99185807b789df2fdffa426f254ba721ac5071931e2e677fe2f2e2d2d0c2e5e77224070c92aec7fe5b7d6a562be55f026698b532423d941f53318c3e5e7cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8dc9a4e91a2ca9ad6799b244954543f1

    SHA1

    6d9f9e16a4724bbb7c4fc6f72e7cf0743b402d59

    SHA256

    b767b462f8c62598119f8c22f9a43952a61743535cb21b9ccea4953d48946b9e

    SHA512

    fba489d7cedf48f477393674fe22577f45ee0d583714b1a34f48fe41776ec2cc986e7b847b98b77c9369c499400aef3f482c8afd8fb05e8efa8a3577438f81db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eeaa56f3f50516658959d6f7a70c34ce

    SHA1

    c8dab62d98de88f6f86f345c3d5ab6b94820c774

    SHA256

    3de188ef5163f7ccfdd0101369e388bc0247a069e0762f546c8195bd7463ca4b

    SHA512

    be2fc2da70ba4850b399b59ae245f994e7965468a506030bb8a864870cf11a027be915e6ce6ce9f34651bd5b65166ea6cdb4e3bd73b9d8a273db99decf699b65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d203f5bf23b9de40db2fd24a7b000e03

    SHA1

    662bbe0b7ae17b3b0b7110d9f24548292aa89b18

    SHA256

    87b17c371f067e1f84f59cf6bbd2992031d6b5ad93f8ee2d8dc9bec50ecd3760

    SHA512

    d5d97edd689ddcd207ac1afd8f50905579f6ff9a5dfe3560b74f48abaa700bf32fc78b78dbef218f339256e8306c168e2acd3200b2840740c600e8181c22d79d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5fd5407619f5feb255e0b012169d98b

    SHA1

    5e5caafd7ff9a2b2c5c39015e2187b433d60ea58

    SHA256

    8a08cbf4eab9eb734a96c632a2be682658a7314c67c7542862e32824d2431b9e

    SHA512

    fcc606dfc857c79ffec754bbfacd63e31e2f96f8f9161d9396754ee9c448a520fb1c44692b6b053ee6faadc7a0df85af1485a6e4b8e9e92ad831ddcbb476244f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cd33424839b9af51cc9f9dcf51bbbb46

    SHA1

    3753cf75e7767dd0e1570d061dfc1b42a0f04b9a

    SHA256

    fcb7fe8447409d14590e1f6856357264b107d6c240aa5337c897919c33190fa2

    SHA512

    9eb1ce4b2689a861370fb0b0a2e9a06c20aa9f4f0938d0f3cbb292fc89cae9fb8943679a5ba5ad71273364fabd25a6d98e45e82e7a12876b430e996bca5ebfe5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9375536d0b770dd3ce985936aaddeab

    SHA1

    78f5e8fc5ddf7b4da9117aa47bbeda71d6a94548

    SHA256

    cfc45ad35dd2e0177ec443c477793f75713262dd13fe6ce01c5c34afc641e159

    SHA512

    2a3351559740743d5b815238521da3850be4f08b888e86795d070b839eedf55b27e1c1ce4455f26b965761eb81153d5bf9a40b9906a8dc7fbd1d87d5e1d517a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72b24da82e48c5366695207a893b8546

    SHA1

    988ec33f7ae215e634dc90380196e352954a6a20

    SHA256

    4063bb1729cc4778221e5eff11ebcbb27f0a25dd4690e540ac2496ac6c40fad7

    SHA512

    5c978efaf6433427410bbd446575d1054c753c550dc0d080a410b069212363fd54fae1dfe8520f40f0992507026802512f564311ad18704531be8386fba4e1e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    41f45ab7dc73947b2fee323db5694cf7

    SHA1

    09711841705077e25ee97d1e0283449fc41a83a8

    SHA256

    a00d8f28c736569cc33a50efa78424bc9ea6a0f71ebc108eb80b6ebc567126fc

    SHA512

    5be85c845e1722a78a87e4494a73080fb79fbd7396d8d651ecbac2b2cfef2e4f820d0ba8050be74746c143f20e8331605f3d19891b53b2ee863d47984058ae8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    006569d57f9b169f7331bfa113aebc3f

    SHA1

    6fd0fa86853cfb6a583ca5b2bbcd5a1ca6953c62

    SHA256

    b87c0a15bd4a5e7a09d8bfc37dcb4aba2b477112605e24312466eb8309f19df2

    SHA512

    1a451ba3b83a1f14c62318f438d1c3377d4d4d6c007a9d87df6c0d8c3d2100af72ca565515f0c78a3b586d98f6b16219adae632cb5f3a2af36113fe1ed46b303

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    feab55cbcb3fabb1e60aa05c18602fd1

    SHA1

    157843693170a54882e70edb6ead8d079a05df24

    SHA256

    dda2793871d5831b2450e3f3e83bdd218d51dd0bbda2c96a76887724e02318a3

    SHA512

    bb1eac14898ec1df7377ed72f5a16a9f52ed391665037e33c44e6fde5a96dc920c7897d2935b07147abab961fd12eff842547c98dc4dc5e6f3f07bc4bc9f9fb0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db420a934bcb23d7b642f401c1661e2b

    SHA1

    ae2d83300477dced2d10c27191c9019d8a3e4f36

    SHA256

    4c1abbbbd3486e197cc578b2b0ae43fe68280f565cf222547bc7e72d6c8b0d7e

    SHA512

    1c4e4664e0ed02616e17dfae9f3310f71954c6fe9288a0c8a8a4f2626118099d589b0ab2d520265413eb1882ecd70150a3a31b43bd15952a39d13cf6e9cde986

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e86dc9d4dc008163ff1e8dfd14b01374

    SHA1

    20ff7d977e53d477e73a422e96bd19e521fd1b0b

    SHA256

    8e9094cd7847e3f0e4211745f5a2a82f2283a8fb34d4953b3346aa2e59a2bf96

    SHA512

    946fb5c1b74a83c3dd4a534953592ce185a3864bd8c07c183225a0b700e10503d6e471d86889b5426e02d2dc226a77690453c7f62afd274e9517a7d2683fda6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    30a41e72e1fe01c481f7f9547019f1ae

    SHA1

    dabd77a69da3da51389c26d27532fa098160eb4e

    SHA256

    3eda143c915f0c79957ba50eef7d8cfa375a393d20a2e06976b55d6c98eb28f0

    SHA512

    72e86d381943eb731b4b00e5d0b8e3e3366e4ac16528789ebb0ab41d8ff3a636c6fd8901ea3e543b602b35e6fe661c230aac211b8a69fabd91f9dcc654c605a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e456f3cbd240daa68b757a2265dff8de

    SHA1

    644d927349ae83f146cc4b543643ab936d8a7241

    SHA256

    3dc0af5a8cccdc97f25750b3d45e8104e9fd0fe31d97fa4d519adfb85cec55c0

    SHA512

    74d67380a8ccdea03b6f9d679169435130c48637de4d9d66583c6ccb3d47307f828007f58bb28fdad6c5d0efd5f9faa011a2ed0db5ee5903d2eb6be871574f87

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2efeb13b91c59625b86e57499d04385

    SHA1

    b00540a6b2c2386bc6593513d3d6c7f86b5a397d

    SHA256

    d786fa4a864228af59a49904d82866db3511ccb783397aa34a8341dd54266ea3

    SHA512

    a79c5dcc6a1461e31dec1dfc326f457faad3f0f806cb67afc19cc3c781138a6732009f3d55951e3557bd39bb74ac0d1dd7005f6efdcb7701d72e349055a89acd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab19AB.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1A0C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1780-16-0x0000000000520000-0x0000000000579000-memory.dmp

    Filesize

    356KB

    Download

  • memory/1780-13-0x0000000000520000-0x0000000000579000-memory.dmp

    Filesize

    356KB

    Download

  • memory/1780-12-0x0000000000520000-0x0000000000579000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2172-2-0x00000000001C0000-0x0000000000219000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2172-14-0x00000000001C0000-0x0000000000219000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2172-3-0x0000000000220000-0x0000000000234000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2172-1-0x00000000001C0000-0x0000000000219000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2172-0-0x00000000001C0000-0x0000000000219000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2172-4-0x00000000001C0000-0x0000000000219000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2672-6-0x0000000003B10000-0x0000000003B20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2740-15-0x0000000000540000-0x0000000000599000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2740-7-0x0000000000190000-0x0000000000191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2740-8-0x0000000000540000-0x0000000000599000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2740-9-0x0000000000540000-0x0000000000599000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2740-10-0x0000000000220000-0x0000000000222000-memory.dmp

    Filesize

    8KB

    Download