Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...00.dll

windows7-x64

10

JaffaCakes...00.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01/01/2025, 01:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_42de7faacee0b560792dbc0876bc9c00.dll

  • Size

    180KB

  • MD5

    42de7faacee0b560792dbc0876bc9c00

  • SHA1

    c30c033840aeb2bfd49edcfe5fd653d2d21dd015

  • SHA256

    741d0060909bc57c736f0e568cd53af960d11086e8072c80678dab9d72523e72

  • SHA512

    9783aa7e44ea39bd21d20c4e9686cb8b99d93708984e0106143edf88c2852e39fae00c4e8913890933f07c65750e4edf69d47987eba9a78b105d5664bdadea85

  • SSDEEP

    3072:HRCQ47Gvlbd4uaHfJFozSfKfXIkifKV1vWZgNQk0:sH2quWfiifKjWCNi

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_42de7faacee0b560792dbc0876bc9c00.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2200
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_42de7faacee0b560792dbc0876bc9c00.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2916
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1944
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1996
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2532
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2532 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dad22b8f6a0535ef833fe9dbe7f41ca4

    SHA1

    36678e76dc5f96194c4184e4afba3dbc47835548

    SHA256

    dd0abb0ed192ed02a86f9a867679a0e5c249cbf2b71d03aa91c51c903b005bcf

    SHA512

    c734a47ed1735a3f888dddd60ddf36fa7f0f9724b1732a0bfb09d8e6695f722f6d12d2c5ef716465deaa4d4a60389c06c98d5e22d2adbb50eabb7b64fa735868

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e7b28c1c3846bfcd0905234675610170

    SHA1

    0834c03ab5d3db6a3775e47d5813106c92f7da96

    SHA256

    e18cf2bb80a05a75e25fbdad8eb0ac0d7dffe6c16eb29e1c64f514e2c0c8a485

    SHA512

    b621333a6bfb2961eafe1188b68021b0ed9a8106e2b41940538f1d2d2ad311784cd2cefac58056905d6557fd59588b431c234b45b377c0751b86c85b9639e5a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da32022093d1b8c1a6a1315e675b2109

    SHA1

    ffa5f7aa6fe7e6961c88e66faf3284ec3e12fa19

    SHA256

    037a55d1c8192e1bb731118cb3758a990650c883258b9b3a43b2131dfe7e128d

    SHA512

    ac0289d8963043a70ab8478fc910f7bc6420e3888d7cfd20dd91096f6d7dcdeaabe73c2d0ee1e0004522679e6ca345555af43f074d3c21213d12db4abfc87688

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8beb3e3ec17c453ebd7941bf31f81665

    SHA1

    5728f5be69a53df64adfefeb444022f00fcf54f8

    SHA256

    6c9efe92d2e5181dd3724384318b2acc24981f13222f3d3c9983aebda108460d

    SHA512

    2bc853e19259a1f9f64bcf20399d4e552a1c073b37e663ea4487ebe0ee4aa82079531709c24a8c9217463df5c63ee930965ba296645756a61611510c9208a904

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    836a88a59a59936a2f349a6591e6ec03

    SHA1

    a6c370315c53fbc4964792f3057c96b53df14044

    SHA256

    8eac2e1ca07ed3ed91dfe10650473f990d93998ac7b76a5cc2a9ce11d40e3941

    SHA512

    622f2183eb6b2e641acd1400738e3aff387b82354e5aa0d31778f1be13b8fa5900a17994054917908c23f71542cdae7028e9133e08807e911cc53b62cfdc6667

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    335bdbb31add9c2c3aa9978880d03aee

    SHA1

    ecb2ea52df076149b8dbeca0d1907e2e9636cd9c

    SHA256

    1765644f1c5b59f30619b738702b1556abbff967a296953a0a0503b30d8ba7ae

    SHA512

    949dd6e7fb02ee53f7c179a335bfe344f88ce8c4a98be1a042898dbc62504cfa42e56236db81964420ba9db46bf61ff9d8b309bcdbb3f0398b8785a63be016bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b4606617a2ee6f127648d21257939fd1

    SHA1

    68a202f5da4db3e8ff7eee5dd7955d4091a2e52d

    SHA256

    c01b5eee683fe5e36947bf069e1bf3257ed0de296ffda058f649cec99a035ba4

    SHA512

    42500e67e30746e4c8ca670fcc76e35e337f8659b6f14cf1d5bd1a2d41b9b035fb638e60132c8932e9a787c5124af4f6a1b5850ba823a0cb9c66f2a008e9fdb6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f44fdd2e9cc4a44c5922d8727304eeb6

    SHA1

    794629ec186a7c27245f69d80b7fe5647627e8a8

    SHA256

    4d77b2bb4f6a4ee844fe4726103f6f5839d86d0ce4136882fcafc183bc985bc1

    SHA512

    ed21809d84f4cb9e314730f8cebf56f5c7604994c4228b97575ecfed4121a33c01ac8bc144426a60edd88908820f6f9552b6677437a271b4748c6180d1c264e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f15858b0894a671d15274da2f3e8ed42

    SHA1

    2cba58d96949151265c154962aca2e6d0c43359b

    SHA256

    d36855b2617faf9311844ab1ec6b7939c1035d1000e29af057b8d7987fa96995

    SHA512

    ef5816f75eca5b38a565444f46be2bdab8761858e600b327d0d4e01c224d6fe8265fc4616f58a357af924864d4c53b2e2215dd1739313041ddcbd7655eb0dacd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c81b7e42efba73dc1423994c9da653fa

    SHA1

    11ceaf5b60d46cff8667ab5d638e7d6e647b67da

    SHA256

    9e3098384932e7f537c25cc05b3f8af52e8c29a2028a45f1327402e355d9bd90

    SHA512

    bce66790c67cd1adef3873ff55303002c3337261e641449dfdcc7161e06066be87638d55c04e020e7b360335aade859109303806581028d69fbac58ab232154f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b9590efa6e1cf96a3523c4b5f177253

    SHA1

    7b28998586ad5f9ffbd4c1023efaf9a03eb049ea

    SHA256

    faae16c30e68c70f0082afa2b86d00e5269a7853b607b601e121c83044c631f0

    SHA512

    6400b6366f33dffb8daf7a0844fba9c907475658079ec6ea14338898c9bb517ca0e69d7b0aede6488d15689631f68b1acb7479f71e2b4ce926fd3776ec2e5606

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48763abb396a34b124bd00bf600ca680

    SHA1

    bc5b235b3916e7c4194126fdac2f9ffc0c291be2

    SHA256

    ac1eb6f2cce90e357f8f5ed224649cddcfea3038eefacd3748811015032ca528

    SHA512

    b4fb2cc5b0aaeee735db00dcbd9a512c24447fe53576d3b5b98186b5f7965d35dbd6bbdf7297e6d86d5c90acb33c4339a7b4fe0d8e50eea41ed498a5e8234c19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b4aeaf9289b7f959a9c6a9defd5e82d

    SHA1

    e6d6521592198df62af64d8afa494c48468e8c50

    SHA256

    1cb96f9446b5f694ea17ae76a20a158c6a0d481ef7e974151a75de166268813f

    SHA512

    249edb3a2eb73079f96d3cb63049067d01d7fccca2683c2b567e44e35563f9c8ea1e97b7a7406d1fe1c2d325db6869a47efe9ba0e3bdddf958c4af61af505d1c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bb90014db1d51a34f6bc2d260e90dfcb

    SHA1

    4f536977f43d8a9bba16ac1fa09aade921348c51

    SHA256

    de53c4dc2926ced9242eb1cd77239727d69d324923723a28210f0fec52d96bdc

    SHA512

    f586bf3e6fda673190aa279c7e37956c84060a786518fa78819b10dc6d20dc570272a1bfbaee0f292fbfb67f0e890381e0758002d5233425b6659db32b74dd14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fcc5c92623484b1e5e6db0b5c1361d07

    SHA1

    89b2e6eddff901687889f691d269efebb12730a1

    SHA256

    d5c15484c5ab33729f1adf37379f06646310b0b465dbbc9e15daf31de5e2e86e

    SHA512

    0b06a79ec6a7652e456f4eac82d1b22c9e1c461b29a990407c830061e864e8a236032bba89ae3856b0c0d38245084d617bfc6a0a26021b917cfced761eb069c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d8c861eba3e1eb9dc2eab1ec6d05785

    SHA1

    3d3f658f424ca59785c52c35f9136644d498bec1

    SHA256

    f8738c48598e8950920fc6480bf3ce8b302da9674b2a65846ca32175fd68b2db

    SHA512

    f7c0bad25a6a419a60f831df2f73809c10bc413ab9f443ea4a75e3343e4d0113d5977035c35ca6484f1aaead4bf842fa992afca8ba30dfa8e0813bd5dab662b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    24c6b749a8090a01b8eadf4fbc220895

    SHA1

    fd09ff7aa31e7da1f94afac55b01ce1bdc704d79

    SHA256

    e645f0fc983dabc1dcb62ce06820f4190df1a38c71a838631912d38dd10c8b82

    SHA512

    910e2794c41224ee3deec35601f70adc97565b49f94d3ea47f0f7837ee1baa0e70dd4fac87df5f21b858a81229048be87e97b5249d99dc087ebd5eb7cd46fe5f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7488698c93e70319e67bc6f7dc4459e9

    SHA1

    648c74f9fde8b4c026c3ead8423abc274338ed94

    SHA256

    2b1bcb1075f9d95b1a88da98b156808b7cc2ef78caa9a8fd846c9bec80bbcd3a

    SHA512

    878b49d97a475b2593bd44db33f74a7332f58008ae34be3fc484b2e87eb267f1458b0f06214c09ca8df76aebc8cb2f3fbe8973d80d6ebf5ded8c244a045e7478

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a947aa2272cf75c217677dbdb5c7328e

    SHA1

    a46177e16bfa70748db1c4a5d053715e0ef5ac5b

    SHA256

    245ff3f21dab101619f4717e342c761b9647973a03aca0bc4c00857ca36f9f45

    SHA512

    a812871ecc9b7e96e46a9320dac5275611ac4f500183d53319bd00c929b6d5f35c55e8af2c28b7751d51cbb587273472880952630c2972b86bd8b5b73d20a294

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC526.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC603.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1944-8-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1996-15-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1996-17-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1996-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1996-18-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1996-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2916-4-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2916-2-0x0000000010000000-0x000000001002F000-memory.dmp

    Filesize

    188KB

    Download