Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...80.exe

windows7-x64

10

JaffaCakes...80.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    132s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    01/01/2025, 05:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_481d4ad02cdf2df6eee1c457e2926680.exe

  • Size

    472KB

  • MD5

    481d4ad02cdf2df6eee1c457e2926680

  • SHA1

    fc85e85fc427cbd2467d2e5de27364b8b1af131b

  • SHA256

    bf7727316de30be25f8345444c04c9946651bfaf9fd9469c2f43eebe2139b2db

  • SHA512

    3fb65cac587fa05e2e305f0bbc4101eed6cee7aa18c414cb73b3307564f824479572fe3206aa8ad71ddbd2f1b8884f2b43daedc0e2e6639330539c824cbb385d

  • SSDEEP

    6144:1OUspvqn/wU0mhJJqKOrmDt4jIBpLBnBWPzoYQ3jjwmVO:1OUspYt6jEOi/wmVO

Score
10/10
ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_481d4ad02cdf2df6eee1c457e2926680.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_481d4ad02cdf2df6eee1c457e2926680.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2264
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_481d4ad02cdf2df6eee1c457e2926680Srv.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_481d4ad02cdf2df6eee1c457e2926680Srv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2232
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2772
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2740
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cde84863bb58a93a27821631b34af992

    SHA1

    601fcfbeeb0c66cae1a1bea4aaac623418398ec8

    SHA256

    9a5abee1a4beba6de66256f0db772dcdcec76bb5d9031192f6304a317df52fd3

    SHA512

    fd93fbda0b06f8a0ccfaa5a2177bebd315ca6310cd34694f843806ee44d65a474b84f42a288d2eabc71f36cbc26379756de734e72deb6d710787e56522e77fe4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d27bb83346e92d8bbf42e9b6d16caa00

    SHA1

    1c5187523fa9990bd9a978f93d52a5fde76d2962

    SHA256

    ec71b0e859d1d4fbe496b053b9f1f78d919eb05f8e2feba5dff22c48b92ef3c6

    SHA512

    5254b82f6eddc7eaf0dfb197496da2439f8bd45c1446c3988fa43efb175bba14b751afa049929889a9d3ef8ad1d62016f7f564fc52d9f88b09250cbefc579df3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f244bb14d9f3804b17479a3dc581adba

    SHA1

    9ea52f2079515240e467830152b569800a8bb191

    SHA256

    e5a7a7b46cdf99002940dec410af8218c55066a31f7a10d2ce2808d413093702

    SHA512

    18189d24731aac49ed5a52c1f48133f6879fd73029a41a8ebf07459a739def4b666ca62125104ac47915b493ade9fb39d1ca33b7fa144e7c582df4499ff88a05

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b69c25778245bba8f50068701e75b94f

    SHA1

    4d52c5b44a9efd62440fb253d58bd6412bbaa057

    SHA256

    9d60d0f6e6f0f8533329ca42eff1365ea8b8e3d07357e9dcf429902d90b0dc28

    SHA512

    18bf71d7f0ff58511881b1f8e974fd2c7fb0c71b357e4c319b51a51cb7c7e784d072a9ed9df28ee472d292ee9a92cae1ff059c62798779b254cc379539869704

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9bac9aace249dedca2f91550ecf3444b

    SHA1

    0e5245b48c39dee15995c6c0d4131fec23ba5346

    SHA256

    93f6002c4b9fb7ae0ae826b2df710b04abefe2e04b05daaef6cc898d12e2c03b

    SHA512

    2c084d1dc4e01f33ebb1d8c9ae4123ec926b12afd0dadc971b26653472099164c97a52f8301d2351d7779b0bcf6c58e7700391cde729f42753d3aa437ed3f536

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b14bdd90b5bec19ac37776e039718d63

    SHA1

    9811940e1111e5954a5e4ab6e4921c3856e4e90b

    SHA256

    0830389d0c4c570a25550698ec0d2fa46184b55e7d109899abcc2b8fd21c98d7

    SHA512

    d745f652073da2929bebc7909ea586e39c700b0345276fc523e1af29407890def465a7f5c767a060655add359666fbf6bcd5d0449e3a84c0fc87be9484e0e2c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    320e87124780ab0c3e5674a057381854

    SHA1

    59562863b4003e166b12e99b5e2962eea97ffc6d

    SHA256

    aede594e7017b5ef20faf822b82aa2efef8b0d85e5a4099dc8db2de2a11e9118

    SHA512

    cd9eb2a480a2579888330e324fd8fa8920e41b52940b737ae6af0ae6286f33af6b3d41956560c5228212a2176bb5e81b08fd19a1f459aac4181f13b3e341d796

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b494497ab53e0b3b43e838c74117d275

    SHA1

    18b210e2d386d41f53dee2e8df8bd037c404e3b9

    SHA256

    de1b355a777b25c5956578e6b0947e74742556946d2da40726c909316568f8f2

    SHA512

    27e831ea073c39f59f689e78b4d00536331b837fa8a553d07520499af6d86586fcf35a0366bb12440b044915d11ac0a8a7b4ebae354c28a9af8a3304dc5cb8e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    84b0f5c5ed0e59c67ebefa0e0a8da999

    SHA1

    4eabfc786e313eb62912e3a82bcd845982fcdb94

    SHA256

    25b5632e189a32d84037687b0f9d48f91563e329e2c9db0ad36a8a55ccfd7b96

    SHA512

    f0d0710b0823ca40d696f59e799eb69ac82d419290f24518005f1a7e52f8c21803d5e8d41cf0059b02a29810d7d887d141c6ee8c9621514b7fa205fa7522a77c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b3ebb9913e10e25245976036a46d8b59

    SHA1

    172b82bfada1d1edc1539bcff495df5d642ff8e8

    SHA256

    aaed7c4d24a6fcfb253460b78efeadce435f7ef9a708104759458e94233a9981

    SHA512

    f3d55236653ce3b9ca0ee44dce392ae1fd4acc5b487d4185d3ce7f9ff204a84d30ed66f278e12d9f6cd8b54c685efa7845bd2e3175467aa5fc646a1b0cf62be1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a0690e730b4db2b47d5de2eec2f0bb7

    SHA1

    6f3d48fdcd561ae33bde06fcc866a14b518f6aef

    SHA256

    e480cdc69a8631456b8e4a7d76618c810f03983389d5fe1d96533a0e8e35a11f

    SHA512

    e72681b721537c0cf2d6ed5bfa26cf03250a83e7e9f349e84fd5157799e633fbb63061a65d0475e11da0bf7df7e6de384d3d9c27a61c888dfbf510811893ccb5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bad89e591c72ee2f3242a3a2cf384368

    SHA1

    c457b52036445c51d1be43758f9fb1baa561b599

    SHA256

    66b901838c81e27b7ebdb0d9d5ee242de6df7c76f1bc3c9f444f7d8e49647801

    SHA512

    0f3cfd012a2117936ab423f5ad46ed842fbb604eb01aacef4fa64da1509ac23e1d2a674a3c24facce3485271c99c99ff008a9d701ab07f03282fa6a89029689e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f5e97e75e407b28c1959e38b9dcf713

    SHA1

    0f01bd602695fb0af62a523957ffc07da22be07f

    SHA256

    7e2f860085768e5abc900f8ffe8a9c92190ffcac0b5e0ce8f465523b7b7c25b1

    SHA512

    f2787cfa1a0619955ee3409404c544bc1ad078390507d238bacba2e23e30d0fb5c8b69831804a227f3a55b14decaa511b8ef8b50f3549f5dfe51e78badd6ea59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d6014af2b2845d533ad1afc4dd87d07

    SHA1

    77ac436a84509a75cdb9d4b8d18a3fdeecc6d076

    SHA256

    6a3043f8f91a2bbd6e271d89f5000c25fc460f22207fc3e623dacbb149e02276

    SHA512

    1d101003bb4fb0dc81efe5646f7bf9fcd4bc3a5d8a1c768a424c1c69aa6dd4f44becdf2e411879995faf9c40b9e642043bfcb7552da72b6720fd40b8c039973a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8bdfef0a62b1b3e1d1b99e0ee48d58a5

    SHA1

    dce2db7e1fb9d758864be59884553604b5b2fe96

    SHA256

    6bcc3a9ba1a2ff97f92d98c078002787379bbd00479b7a1d70e460b1cda6527a

    SHA512

    679f50db3311a34a70bc24ca62ac6019a53e1308412158b13dd016599ca41486df82e0a3b7ff31dd5fd0708c6ab28aa35addee8bd22bf784f4a1fc59b35a6e5c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    16396ebc4e4fd12646c595c65305cfef

    SHA1

    48bcf2c0dadc22968e89ca50cdb1fb6adf2614b0

    SHA256

    11970c74518b4278314f6b615fc9a50ca1ad19392ee52d92adca86d6a4f8c3f5

    SHA512

    10f09b580e941802367f66d9adfd9834598b4782fa37ad2e2a5c547578e04929211baefffe2387c504ebe3bb2d9d1cd176c9f46dd7fcc9dce21cfc22325ca241

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ab6c9db7d22688b6167d8569b8300f89

    SHA1

    c046218ab85efe75d667ae9afc727387f2375ee4

    SHA256

    a2f6ecb0d79f904facecf27078dbe8e6bf15ce6109bf7b7d7a79cb6ed8a35669

    SHA512

    f80383d2f3865996c8da060f2fc9aa440741efaf7ca15eed59bcfd5bcdd1e44d0cbe265cb41ec629970bf80706e62522935e38104e2b503af546721e285455f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46545f751f711e67ac36ad48e1ff1d50

    SHA1

    5a3c166bed98d84d6917661009410f7f8a4df9d0

    SHA256

    75b546b028f79ca61cbcb8f0fb157322eab7430ddb53792a665c04dff912703a

    SHA512

    f49fcd604a58a73d345d0fb2dba9959bb39461650a1371975b7210524c290ae9a2febeca2111864a9198b692c436836b3c5a07addf68a873d1d39c011f1fa5f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    41e3ad5852b8f6c883f5de1e5ab08430

    SHA1

    a2e4c9cab6ad398236dd7529e59e6a6e5b91f000

    SHA256

    a221c1ad7eff1d3717d80cc98af888d7b19d000f7258db581b7031551a857589

    SHA512

    2ec6a83f26688eed50cccd2c6d575073a207ae9c965821831e9c3233f3e90bb575b854c80ed97b06b4974fc4277d7019975928867eb5684d9726673b4c03697b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eb8e7236a8ccabbec79e87a39edd219f

    SHA1

    cfb4fa57a1b5d8f7344166756cc3154e32fcd5c7

    SHA256

    3326c2fcee5288ef41173549fbe9ada55868a320d24ac8001eef56b124677350

    SHA512

    33930bf2459c7ab1e3509b5caa7990a75b38cf2e9bd5615d8f186e62de1cd1120d6e58e50b8e79918b61a9c4732e040e0d5e04f4c62e5968ebce8349357df86c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab30E3.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_481d4ad02cdf2df6eee1c457e2926680Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar31A1.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2232-15-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2232-8-0x00000000001D0000-0x00000000001DF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2232-7-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2264-0-0x0000000000C50000-0x0000000000CC8000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2264-5-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2264-24-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2264-23-0x0000000000C50000-0x0000000000CC8000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2772-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2772-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2772-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2772-19-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download