Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...f0.dll

windows7-x64

10

JaffaCakes...f0.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01/01/2025, 02:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_43c9b064c53cca14a5fd69bb454883f0.dll

  • Size

    163KB

  • MD5

    43c9b064c53cca14a5fd69bb454883f0

  • SHA1

    1bbe4396f9c91f34422bca99ee539144f739227b

  • SHA256

    b5bde0d2915bee434e3b5f57c6a2198e0e83aee3aedfd0164ffe34df86e80725

  • SHA512

    7066f3e30b18a08c22433fb8e996ca443f2885a4aad6c12c4f8f51d65d9125421ff825f1b104f8063ff9cedfc0ac32da7f5a496ce761bc1af6ee7db8173056f5

  • SSDEEP

    3072:Au1+M9LMWrgturUN2z9hBN8rT8UxdcIK8zzAB46eocmfLSZ79ha125m5FMpED74T:fjEnmcGLSZ5k1XFUX

Score
10/10
ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops desktop.ini file(s) 1 IoCs
  • Drops file in System32 directory 5 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 45 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43c9b064c53cca14a5fd69bb454883f0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43c9b064c53cca14a5fd69bb454883f0.dll,#1
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2396
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1376
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1068
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Drops desktop.ini file(s)
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2288
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2288 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eab35cdb440861188475bedd958f2f9c

    SHA1

    321de361d8836176c2104445fcc2deeed8adcf75

    SHA256

    5430cb92e7d2b32e0f0013c95ad890a076b95edaf7ee8b37eb72fca9f48256db

    SHA512

    99b020a640506cbe54eb408050bd3e978b98a127eec369e2f30e17409408a7f692075141a35921b5da0bb67b553b20678cbfe936c7d9fe26c3fe6ce4c29f7eb0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    efac68e85596d22411bab555a3ff889f

    SHA1

    e8b2c22f95e259cf8eac2fb80eadc24fd68422da

    SHA256

    43625b2b2be543e83f8a8be6b61c009eef0194f0c4f0dd24aa74f55a587dd369

    SHA512

    b17cbdd8f8073ae230d46ba0293ab10a0e5dbfd5f4e3ff1483d37c16bc6179ea0a1f993fd505576d5d5bbe444fe768afdcda069cda1c38e36832bcb2454f0adb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9faa688a8884610db6afe62e9d283ca9

    SHA1

    05b92f8e4cc88e2ebcee63a4050e86da9916c3a5

    SHA256

    355674df135b437b8765fb88cd09030f254bdf9c4d593a77e7f966fc15eb95da

    SHA512

    b00a7ead253116e3859fd038ddb40613f5fbfbb7dad2c1b6ff22df71de6c190bbfd57d021977aff5144134e8008a464e94059eb67c35d36b12eb755fc3483e77

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc643e6f609178184d48436648baec5f

    SHA1

    a0de1549fdbd5c3f90241b950db0e013cf51938c

    SHA256

    2250f9aa1617b252f33a165ff2c2c796cb9065df093b9608a8cc2929fcf4578e

    SHA512

    5e465d4faef8736df128f848b35b25644e3688a93a74c2b9964d16024774fa3f4bfee0ee92e0281715df899d6e140a7c6a8f85f0ff36a6fbcb88ea6d97227a90

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    16c0260e66e7099f1c1f64a9d1ee309b

    SHA1

    0b74140c0a74e1056c3928fe66654a0d54f865fa

    SHA256

    40ee914628cbc948e562c23225a3983c3ec19bab7d652e09f40f1aa19f9f4bca

    SHA512

    edd38135f6e76fb90120e0d2f6a4fd3c6b56f80270584562a4082e42ab8e45f96e11c3671aecd315dca5e541c0742abf6ba37495739bb8c78e3b0b651bba4c8d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cad5e8110db657837196f61add0556a9

    SHA1

    00232f089d4b96f852d804ee5f74e099dd401a28

    SHA256

    245011d93d51147bc7aa04315200ba78d725f687977a3b3ac3f9c4776d4b21f6

    SHA512

    0253b1eff279937d7e82115a0bfc629245fc55b24a0ad7f9902a02c8c85eca18b2898795965fbf8e2db8ab46f261648afc982846d4010f0b5dd46d98b7fb3fb3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5ac914cc586c1b8e5a221e6628744d8

    SHA1

    352c828ee73234307ea7cf3623a97799ceace485

    SHA256

    a246a593954122ad8a52003aa303a0f2a097862ff292d4a279f04ac80bfe8695

    SHA512

    7f29c61f31c6f379fd1d31e485e12940407b54bb5a5416262c26e21938d73d42d4a6bbd8bd0fd95cfa14f459cc8ce057aa4e6bea59a8505ba186a3d629ad3d2d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    31d63e19ab60fab785c5ae6fc0d665e6

    SHA1

    3503dd5d43c2ccd879704c2c4b0741943bdba706

    SHA256

    4abace0c901efbb72626f60880a7f34324a4a9d53fb47ed4a02b1dc0db15f562

    SHA512

    4c4268e15b6660f954135ab58c16d93c487cdf93369e6af2950705aba4df76c3bbb6f00a9178bea2a015afef4b2f7c86ed2314a6771783cf0a82995ecf177d51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    20151eb3143b8f70d16ddfb85838ebea

    SHA1

    7a3488d8a950fbd71279640426496289d8844448

    SHA256

    7c2bdf5e7dd54009df0e609d4297fe13a0356a9b39e100a16d46b2b2a382e440

    SHA512

    65a3f9c0b52cd1300111ddd490c52da5613a75ee576a9cad174b4828d4da7dcbb1fb691a9d7392cfe416680ab32c283dc84af252e43c4f28e7a8edeee2a83ef8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d5d9b5cfb4e573bb8aaacf2ff0d75bf3

    SHA1

    55ed3bf04733dc11fb310836a8b7c06f939fdaae

    SHA256

    12ce615a664ea65bab1c6e28e15a2db5620c043fab8c603da93274ba9876434c

    SHA512

    9a42946e8c0206ad4b325b98156c73effe681116328bfc29e4484a9555113843cd7f71975299d39bc49a9b056ba52972cbe614e5624918907397a6d1d29e496d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a85e1dad6f891d37406081c3e0746518

    SHA1

    1c4253132291b2a151d4210273deec6f6e30302e

    SHA256

    1e2025149887b7e3cf31cc94611f2bed8efe241365137eee1226197fbbee56e7

    SHA512

    27471e34bc505704c3e2401e5456e19d28d825472ca61a06e144b3c81e619e5d19c9e70aaec77b8a76c4b86e813e951b43ccc54c5935d66ced49cf6a664540b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72a91b0ec79e8c51f82bb7498bff7ea2

    SHA1

    14e29589a13b7fb21c54566053b5bdd33bd9ef6b

    SHA256

    d951d8b0a185597561fc065042f951fd3adca893c568627062d1fa8f2a0769b5

    SHA512

    bffe61df58211698fa07cab17fda8167e1c2587d9f80cf27a9a1b98bac7372f5fc0ee229f1c2cd5bc21449dc08e662e68f6ee6b30d37fafcf014f167c7153571

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e55f0db7b63861e365a17b0ef2f26669

    SHA1

    9c44aac31ae4b3ddbe64140ce2e28294dda46241

    SHA256

    be55e8735457bc463a83350140b4e12015dbbe5c0f57a7f8a35b1044a1d9b8ce

    SHA512

    91475c94b4ce32fa795f26c6dded8a9a19f26aa2104f90dabcc972a957b419fd8f6ea3b8b92f5d6a8512249d4a59f16534954508c4972b9d5583b7143c6f8996

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    056a07c42206ad79c2093bf5549bb5cb

    SHA1

    1ed746077215387ada2704d5c1fbfe6628ab1957

    SHA256

    3b5e625d6fb09eaed4ee1795636dc46daac5808a3dc39d03280515e0b62c1e09

    SHA512

    06139ed6c6b7e1b2cba8e46374ab8ac5a87da50cb450b6be68aff829f2ba51a5a5e21cd3c12c6af7534b6117a02ac8b9d84b942c571d8543c1372cc14a55b014

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    85dd0ccd3db52efdc2ce68d25401c693

    SHA1

    c5f22a67abf3737366090d9ee0fae8959c922492

    SHA256

    77c04345a0222ab45c715c62ce8ee34dc8a1b6f2557cc907c506ffe6c2ba3873

    SHA512

    526a2b0808606246e8e592e597a017fac61f215802ed1496cc0154d582a34833e337d15f0c81cc053eaedd35d0d3b512b1429b82554b1eb02944590cf1818287

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b5505498c77ed7997c90d7396492fedf

    SHA1

    2d88f436802071e42bc51f2992655bfb1d323e35

    SHA256

    4cdde623e7d20f68c2dd861fb0db576968b0e8b3a0f684668aa169d5b754011f

    SHA512

    6630b27ac7fa87f55cc8afaf9176cb5d680ba74dae0fc2e9f04f52e46c230789603018f70c5d263b9e1f65b48d924d0066fb9cd04c40413a76b8f86a3bea52cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    985c89f6d3252393004f1586169196a2

    SHA1

    09413960a5baf13126b78d30832eaf5187f932c3

    SHA256

    321688e3bd0b3b68ee431327bc937cd7a9267b24f896bc74eb3771b75d447dfb

    SHA512

    92c544395a375c6cdfa10b2ca2771b0716d77e5302768adc33f8d45835f0b94e1f1098f27e492383d66b9f62046d949404954ce1cf755ba7089bb94d7cb446d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e285efe92070707cb88f16c87cf9fca6

    SHA1

    fe5c47b9040816aa023cf9cd097451c40f9d426e

    SHA256

    c899087cad15a966ae1d15cf65472a0958f9ae05c64c1e3a381fd6dab2a5f5bf

    SHA512

    99edd3f80d7b0448f2c60c5b656c87ed8ef802a48c8d50fda14102cc45bb25ddffc39c7be488606e35c17f425aa5b8586b5e3c159f983fd13419bb65f70cde9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    02ae67d195dfa348d6cba4b9022d01fd

    SHA1

    6981b8b6f79b562dffe405017e3ebc50077fd3c2

    SHA256

    b60c7e2be35159738950e513a98c93180c4f2f9feb3bfa0fddebef7918b63e96

    SHA512

    68c3c26738ca9a4351c04317b97e86f819bac7617a152890d8a4fd50a5303da2d99583b5620e74572d60010db51833eb204bf8425c27825f2cfd3d857842923a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD28E.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD2EF.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1068-23-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1068-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1068-20-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1068-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1376-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2396-2-0x00000000752D0000-0x00000000752FD000-memory.dmp

    Filesize

    180KB

    Download

  • memory/2396-3-0x00000000752A0000-0x00000000752CD000-memory.dmp

    Filesize

    180KB

    Download

  • memory/2396-1-0x00000000752A0000-0x00000000752CD000-memory.dmp

    Filesize

    180KB

    Download

  • memory/2396-0-0x00000000752D0000-0x00000000752FD000-memory.dmp

    Filesize

    180KB

    Download

  • memory/2396-11-0x00000000001B0000-0x00000000001DE000-memory.dmp

    Filesize

    184KB

    Download