Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...67.exe

windows7-x64

10

JaffaCakes...67.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    97s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    23/12/2024, 18:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_89267a5e99da92c3241c300a79db06059f0910e0031fe98140d6be3086c00067.exe

  • Size

    859KB

  • MD5

    51b22f5b5b42e1dfa1e5a9f1609b2b87

  • SHA1

    8a3c99b065200eac460470fbd68b5950bac450cf

  • SHA256

    89267a5e99da92c3241c300a79db06059f0910e0031fe98140d6be3086c00067

  • SHA512

    7e7817d5953f3046566695126dad0cb6d82503341004103c10620834d9146af9e052af1f084a7db1ad1e8870098d80325fb168d92d7cf85b74968343203daefa

  • SSDEEP

    12288:IlYnvRUWLJ4rPZerZTvpxUm1EPfACfiR3+Er1+1uaXAcbRNT3cYHiS+/i:IcRTl9DpxUmqmvPaQcdNTsLS+/

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_89267a5e99da92c3241c300a79db06059f0910e0031fe98140d6be3086c00067.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_89267a5e99da92c3241c300a79db06059f0910e0031fe98140d6be3086c00067.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:568
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_89267a5e99da92c3241c300a79db06059f0910e0031fe98140d6be3086c00067Srv.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_89267a5e99da92c3241c300a79db06059f0910e0031fe98140d6be3086c00067Srv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1768
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2888
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2052
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2052 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ae415c7ebffb4720b562016bc9fa063

    SHA1

    a8bd6eb42bf428af20c071ab436304154b71fe44

    SHA256

    60eebbbb9a43b8662a1ea36debac4bfeff64379fe4d981f21a6c2cb00bc3f3bc

    SHA512

    cb36e799dadb77e3b40daea93f496ed2dd45004db0bb75e4e4247d4dbf779892ace6fef5f968f87cf4b4c302040710ab7db778c9949070c3c623e8dc813e50a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9dbea63f1a856ab90c8a231f9f6b91b

    SHA1

    3216d621e586d28c710afc7cfe7ee800140e2095

    SHA256

    0a12b43c6862155694fb093c4509683c7c134a0e5276df431aff240592b03ca1

    SHA512

    c174f1695fb3a27d9f473c99b11adaaddf385205bb32ae136f0c5cd58edb5f3ebf134a3a6599f430c6b2ebaefe3aca00037c2b31769cfc72075def519b1a1b95

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f573d18f679b3d45e2c17a91766ae452

    SHA1

    dc88916eb605267990afe16d96209a46b66465ff

    SHA256

    f298a5b3f1a474bdb8fbbe39d3fbf52dc739f5be1ebac463c2b64c08eeba70b9

    SHA512

    ded51b24b0df6d80acc203975f5ec66f01c852bba21edb32be205e27968798fb9fa4f21490d321d6a3c5feff10954e89f44dd3baa5af799ac88c8a74f8dedfaf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a0276bcbfc8a1f1d607a107103e99c73

    SHA1

    14a09cca2738daed9679904213593d4902c8f56d

    SHA256

    777166c6528866c5efcd97fa214d69675cb154ce7afed06df05fa97b1b012198

    SHA512

    3a2c1d4a1b6ea3ea026e152083f01c43e7e4021f32fead61aac1ad3ecd6cfbb81dc510616a6922ddc1cfed3cd4f3e7eb2aeeaae3162b975a3d5cb58353fb9941

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA096.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA0A9.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\JaffaCakes118_89267a5e99da92c3241c300a79db06059f0910e0031fe98140d6be3086c00067Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/568-23-0x0000000000220000-0x000000000024E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/568-24-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/568-25-0x0000000000400000-0x00000000004E3000-memory.dmp

    Filesize

    908KB

    Download

  • memory/568-157-0x0000000000400000-0x00000000004E3000-memory.dmp

    Filesize

    908KB

    Download

  • memory/568-5-0x0000000000220000-0x000000000024E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/568-7-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1768-9-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1768-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1768-6-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2888-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2888-18-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2888-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2888-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download