Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...09.dll

windows7-x64

10

JaffaCakes...09.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    01/01/2025, 22:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_60f3dfcdc854e97447a325fe4beaa609.dll

  • Size

    724KB

  • MD5

    60f3dfcdc854e97447a325fe4beaa609

  • SHA1

    249ac6f89790573097046e5b0fee55bb0db7005e

  • SHA256

    2832da6320014e9d439375b17aebeb7188ce3c7f82960d50c13c38f33fdbd933

  • SHA512

    4069d05022be30812b26b2ece76639e3d823ca1b0de648236088869552b13ce04527e87465c33b95c1c07c11b23bd6bba3f50c0b44d19160a6f53232888b96a7

  • SSDEEP

    12288:SE7NiOLg18+1/hv5VEipyz7mTWWa8afR2ftuD1xbmiU7+diwR19kN9G:SE3+F5GipwuWWpj+BNkXG

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_60f3dfcdc854e97447a325fe4beaa609.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_60f3dfcdc854e97447a325fe4beaa609.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2216
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2208
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2936
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2936 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2756
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2068
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2068 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2232
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 220
        3⤵
        • Program crash
        PID:816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7e780387831420ed79db9d0211eb1753

    SHA1

    6acc0901d80eb7d0b38121d5c323585d0be54b0d

    SHA256

    d76bdc64f926746aa70bbd2144ea053eec2c099228ac6310b3e89cf80c6b069c

    SHA512

    6e44f4c6a7803af2389ba3709cbfe237b9baee76cb706a43cb866ac59568227647239a33f246c7a03da23549caa75382b24466dae16abf1ff8d21c2a1db20930

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    065bfed7d041fb226d5dd94b11f5f59a

    SHA1

    9d74e45f15d04aa3af0858770945ba46b545e7b0

    SHA256

    817baa72a65ca94e3f69c05851ba94570a4676fe610a97a14b292cd3324b3cea

    SHA512

    165cff30e95cc66672a5f3b6d89c7f8408b66c233f13eacff8818f5e9aa9c18497fa19d250f075d45542116bc93478e1d1d93d75f1966a6a8e4fbee47e23f0c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aad5c78ff320f354f76ae779ff8a799c

    SHA1

    bac7f76021226d6817e2c237778ece02dca7f0c2

    SHA256

    5492dea0aca9eed650b085043a08c85c44917c10375dd0a0b3cebb5cd3245351

    SHA512

    9b561c3f65a8016a10679f7b3e7c5b1e614a86abae2c17c04c031acf072e9d9054022b7fbe6f5b97a6dffb359ce01cfbc89ffdc4f2f02da75cb07f3595eecda8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    00ad2162c9edec050e0737355ccd9463

    SHA1

    d9a52431c896cf277be2375a15cbc762bfa9d0c0

    SHA256

    06703abf87cb521dd918a580e87f14830fd4812053050baef95fbae11196d9cc

    SHA512

    2605f88ab71cad19fb97895710128fae79e15be6da06a9e964ae27c9a88459f343cdb89802f1ccec5655bb378364f006e4ff3c66626cf7ed229ae53bf0e25ebd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ffdee62355960238b23bb978f103d3f9

    SHA1

    633247f19078a8186d272a85667f7ce805517052

    SHA256

    4d1563161d0513d8af00565dd766c4456459dcb491e9da10f8c7f3844be7b70c

    SHA512

    b3d221590d04d2bf2011174fdf58a45c5884fa50ef21a936f91dd129b0ee40e568799c69e627919c44817595602ec3d6d6d0b0c38e48b9281a29cea48deac2c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    51a233e0769679ace2e350d3fd98315b

    SHA1

    cb8ff1b3acd25b9ad53ecabcbad8953fa75999db

    SHA256

    24427bc0bb1be3340c271ee412ef92983b95626fd89d1b73bfc411ff88aff3ac

    SHA512

    95c4a3f082ea37fae77e25143681dc71b23af8c7badafc908dcf7c8b3d8cd58c72d0c357e7c2f53cbb54c3b13526602eacf60f5b061086417c47edf9d13208ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6b13ad61b635b2060fe267e4dbf2d28

    SHA1

    f8abcbf11f5f7f3e58061f709beda3adbf7dc67a

    SHA256

    ad806098fc1fd9e5ba06c0db8daca91d06f402e76f66d4474f126d3dd6e18c7f

    SHA512

    2b7a8eafd5b4f28eba41ca350623abe695d562a96ff86b18169064e383a08c30e7c06b87c988b68b1f39c62389d7f437e90f025f154cc142af3114d10377ce78

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c230b3d7d314ea12fa2affa6346472f

    SHA1

    4f882bbcfe0b4b0426093c391810a43e1b01f8f5

    SHA256

    ff18e88b5e00448a6644d766f3ce162cf7c4489a08d2e9b0df9295e28bbd2ad3

    SHA512

    7aceb4f549990dd2f049f562b0d46a8acdb2d81964fcc51c535344402cfc6d084b31e7e3ab6ccf6ac9b560d0b29429bba6c9c50510e0e48aeaf71fd5ac87cbdc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8777986fb3cf6d382393b7b5ff9ab7a1

    SHA1

    44b3dedc22ec9e0b3454312a4cf5f64489a79edd

    SHA256

    d12f131374d8791716c4ccc1b7ce53554ee264010b6e7767b3f8455999c5aa0c

    SHA512

    e325af2d8b3ba03c39d2c44337b3376298d5c03b5f6be7ef810271914e17b6f940eee7e5affe849de5e0c828b9ddf36595387262d116784cda4d447d9025f904

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5fbde871477fcbd081244234d0208b8b

    SHA1

    8e08ccca06f210ab6f58496279be7684af838e8e

    SHA256

    88acb89df8d8350169622c54f73f14626fde0dd3c15a2cd4cd40356f3c92ce2a

    SHA512

    c11dcb0988d90ea02af9b0f308298f26273ed0a10a4f11839059e0571222d799a359c47620801a4987f4be180081a67cd0b74933bcebb5b795dad331c2fc81a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0cfadcdca4d19d2861b9d83dc8de16fb

    SHA1

    1631e7edcf2b82ef7d84fe5f3ec05b02799aac1e

    SHA256

    eb1dc6706f86803530a241f1b88747930029a867a58f0c0e171f4e439ed882a3

    SHA512

    d860045a223151b0a1675de1202d7bd1fbefe21b7390899b0798a81c8c250776a5b13665b5ae1c6e1a11273cbeea99dfa93cfda068637a8394a1f89bc4bcbc78

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21ea84504beac0a589d85c3849ef89f3

    SHA1

    31fee2a4c24194568a419e475ae565184fc1bd53

    SHA256

    192761a1fcf32389cf033dafd3c81bbc59d6e3a4ac20721bf51576981bad66a2

    SHA512

    09fd2263fc92fbf008b980fde71d3a035fcf8845bb2f468ee86ae37dce87064c2dda5dd0965967a1616ae0352c71a1e1edc99f41964441d26df05a7932b5058f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8623c8d6ba2b54344108868e818a7b60

    SHA1

    0f19541e54534519f4115438f1d207de608e26df

    SHA256

    527de280548790d90d18fd485ecf5ca42ebcfbe491811a6f3e798715e706bd27

    SHA512

    6e9fc9de0d1fa8c196104dae37e91ec8cf77ecbf22fd9b2948fac1c5e0e7ca3ec90fce8c2a5fcfc985d816a5b895722d4135057fb1891b895edd1e86f5c57c6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    091ce3bcccce6271e06256d6f11f08ab

    SHA1

    a4bf923d642cd5bc5402a230c00b00afd529b582

    SHA256

    550fe6b27f6a38cdfabb3955fbbf4b9b26be41bc8c7bfa1df7c8643be5c210cb

    SHA512

    549391603c2259f034d2392f4cad11370836f5c02a9a274fea71639f4c17d85a7db4882cfaa626668d849230098a12cfb4209a40ba0fa879e79d59c7dc5c1bb4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af8a267ee3aa2367467689dc42233ed7

    SHA1

    5135b3b981baedf0220ae8cb64dd4fd875de1d46

    SHA256

    51b628a7552db4f5e609b68a42745adab4070cb914d655637c71b8b9d7935f2c

    SHA512

    8c9c71597efa68b65dbe75fc1ba266118ca19340542bb6e6596a6f2192a38057d0ad87f7a2d284293d05adedf898ef1259d2739d411910662fe684c6ab041f77

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ed2292661eb085ec219100aadae649e

    SHA1

    62d4a5cbc93f38e566da490665df2fc2e1b08d76

    SHA256

    ecea91fd247afb7b1d041273891f6799f83a16d0574cdb9cfe16e5b7bd2d3fd1

    SHA512

    107fbd4b00589bc82afd43844c56efc081215081eceee3d3ee527431ee7bc48de2d8be852abc3f4c7b8e22a377762e079bc885ca0eb9fe466850093292da505b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cbf19331c7cc461aab9f7a7bf71485be

    SHA1

    a8556347b843f9e59448c58b83deeed4ec2d0866

    SHA256

    64344a99297b007404e31974ab040b733100e8764488b4c6efe3860e8da6d629

    SHA512

    03baed527461fc7dd7cd4a76263343d24190fc00240424db77dbb414a88f811201139d237943f8e37557209034d742a66f66ca585126b1278d329d56b69ecbf1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f4710ed6685f7d44f03ee9ba08585b6b

    SHA1

    a50e72d4588cbf0e2a8b6ee09efb1adb090b5097

    SHA256

    202e8009b7f143040113486e7e830fea56c332814264cf80d5cc98e5e335c06d

    SHA512

    cdcf4904d601195786c7783a3f784732fc7b91a4b5c3565af52e9e03f4753df17ff0cf1bd30d8c559c09087ae00810352575700ec9b5173f236d4381e21cfa81

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    878733a8e2ef9b9134b26aa8a8d63f28

    SHA1

    a2d89d77fb828567fcdaefde452cf1148e733453

    SHA256

    51d89541610218aeb3bc056dd96926cd8f56808303cbcc8130201f70c1d8b2b9

    SHA512

    bfc6c48a68cb12e78a092e56fa25e64a224c4a78178b34f6255c23426542479db3e20ef126bdf47d58e4840278d862b5ddc63fbc8def102a20154c0b3815f072

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f55ac8e4991e9defd43ac57cffecb7e9

    SHA1

    72658928b7936d4e283c57415c5f30e1f53da0cf

    SHA256

    5e52a836444706753e86749b15ad49fc0547d7ec74aced8ca8669e4844825bad

    SHA512

    337153946b90b12988dc1e8c6c340522e3923428578f41e5ab3b381c466b73a5ac4cceb9a80c81575f667a52ba77821ffbef87764c434d2eff82b747959ed268

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DD0BBA61-C88D-11EF-AC2A-E6BAD4272658}.dat
    Filesize

    3KB

    MD5

    c3144b13039f3fad9a3b5f47807e00db

    SHA1

    0ffd563addbdfcbabe64ce87886adf5c4719c695

    SHA256

    191500172ff494ddf74800061a844f347eeb245fe24ca51a11cf3d1e9ece84ce

    SHA512

    b2409e981756035d819ae13922207573ae1f5c4632f373dd28556acf327565f58e9a60866bb9791e4a75f59f9dff2ea017e2a18cebaa87770f81bccaee6223fe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB010.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB0DE.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    137KB

    MD5

    b82a555fd9de0d736a97cd10a7e100e1

    SHA1

    48e4c1531efdc1ad03d00305c374c79bfebe2c23

    SHA256

    e9a820755860e1c036b769a45dd9302984bcd759de69bcdbdd25515ddad867e8

    SHA512

    5cf8df4c6bfc2008cdc3a53887945ac23fd3fba348b6dc1ca44f421cfcdf1fafa83d0519a4c6fa37280f2eb3680fe982c2e918ae0abaec434f498d9656e28a63

    Download Submit

  • memory/2208-17-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-18-0x0000000000400000-0x000000000048F000-memory.dmp

    Filesize

    572KB

    Download

  • memory/2208-14-0x0000000000400000-0x000000000048F000-memory.dmp

    Filesize

    572KB

    Download

  • memory/2208-16-0x0000000000400000-0x000000000048F000-memory.dmp

    Filesize

    572KB

    Download

  • memory/2208-19-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-20-0x0000000000400000-0x000000000048F000-memory.dmp

    Filesize

    572KB

    Download

  • memory/2208-22-0x0000000000400000-0x000000000048F000-memory.dmp

    Filesize

    572KB

    Download

  • memory/2208-15-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2216-7-0x0000000000300000-0x000000000038F000-memory.dmp

    Filesize

    572KB

    Download

  • memory/2216-13-0x0000000000300000-0x000000000038F000-memory.dmp

    Filesize

    572KB

    Download

  • memory/2216-23-0x00000000749F0000-0x0000000074AAB000-memory.dmp

    Filesize

    748KB

    Download

  • memory/2216-0-0x0000000074AB0000-0x0000000074B6B000-memory.dmp

    Filesize

    748KB

    Download

  • memory/2216-4-0x00000000749F0000-0x0000000074AAB000-memory.dmp

    Filesize

    748KB

    Download

  • memory/2216-1-0x00000000749F0000-0x0000000074AAB000-memory.dmp

    Filesize

    748KB

    Download

  • memory/2216-3-0x0000000074AB0000-0x0000000074B6B000-memory.dmp

    Filesize

    748KB

    Download