Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...30.exe

windows7-x64

10

JaffaCakes...30.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01/01/2025, 07:35 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_4c728d1e2a132c19f27bde4f31e60930.exe

  • Size

    178KB

  • MD5

    4c728d1e2a132c19f27bde4f31e60930

  • SHA1

    fe5863b16ef9123d81c7ad25513e4822361803c0

  • SHA256

    752bea21b78cdbd0c1c03ee52780175e22fda411878c97cea468e3e5e3f97ea0

  • SHA512

    06abeab59a32fea2a37427fd5ca5972d55e13309b65ccca97d525fc7a0063252ec133ddb9a565bd09a68b15620496919d7adb3784269c8906ba4e731a6608015

  • SSDEEP

    3072:akAwOzhjdRmSZiAqFbrnp+KsYGngtnQnMgjy7jfY0fJLr/7AIvpwZj9u6js5u:+w8h/7PCkKsYGg5Pgjy9RLDcY+hu8z

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4c728d1e2a132c19f27bde4f31e60930.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4c728d1e2a132c19f27bde4f31e60930.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4c728d1e2a132c19f27bde4f31e60930mgr.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4c728d1e2a132c19f27bde4f31e60930mgr.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:2104
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2868
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1980
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2716
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2168

Network

  • flag-us
    DNS
    api.bing.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    api.bing.com
    IN A
    Response
    api.bing.com
    IN CNAME
    api-bing-com.e-0001.e-msedge.net
    api-bing-com.e-0001.e-msedge.net
    IN CNAME
    e-0001.e-msedge.net
    e-0001.e-msedge.net
    IN A
    13.107.5.80
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
     7.9kB
     10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.8kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    831 B
     7.9kB
     10
    13
  • 8.8.8.8:53
    api.bing.com
    dns
    iexplore.exe
    58 B
     134 B
     1
    1

    DNS Request

    api.bing.com

    DNS Response

    13.107.5.80

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    976dd8c40794441032f54f6b55503020

    SHA1

    d32ae7c2f7e2bd8011843177db84a4aa960dd53b

    SHA256

    e26a082bdeec0ec051daf467698542e5ca4bba37947cb015349fd5b15e61d9ce

    SHA512

    25da34935fe398e837b26394b522cf87373dd77fce7e7e64f030e762cae35fb7345447fe5afefe13320c01cd19552684a486c716c3e31423b11a7c27de6e6ab6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f827e1473c2e07eacbff921c46523051

    SHA1

    c10f8622ad09a84ca0b05eb32781ef51de817a68

    SHA256

    30d077294dfe19603d73ccad9b61e52d837b34eff11f92ecb32c3fe8934af4f5

    SHA512

    b336c7d9ad34649c28d465bc7f1d547364e50e30445f61cb707a5ac8b09caa9729af369cd73422ede7bf3d1995152eb85d9d9efa0943e29f279a768a75dfe056

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e638ff3ed05e71bda821e5b941844f30

    SHA1

    2040d4bf25358fc1fd19768392be0b90fc986231

    SHA256

    69fa477f3d1ad0706c72bba287fb71c8e4f52bb84d02eaf813c4912dbd08bd7a

    SHA512

    4f67e71f426af151be71ae131535a160fcd1a996ba461c624c1a821a060f314962ade4f2ab016d8764d5784d9a138a270ea8b6624268ca638ad1539e7947fb17

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db4e50cad1f9bd4f06a7a04a95eaacc3

    SHA1

    cb893af64e93a08839d4895e11950cd49574adab

    SHA256

    9f11b90a62b04666510f0a96a42fd34a5896b4bf0faa06823bf9b55f2c006e5c

    SHA512

    e13700442c874af9e1f1be198594a2e67b20c12574be3cefa062108d572c0a2c91f16f906050031643659f1d2379dc95b1f7c597ed0d8be3a259355b269682de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d5aa7057c9a7ae3730a1cfd331555c8b

    SHA1

    f22eb723245e691de31102ee474154375949a369

    SHA256

    e6e0186178185e1cdd478f437172dc373ca33abd170c670768c65fbc649429d6

    SHA512

    da935f8e0eb11ac591927176f070c0a86b8b1b4580c4f72e88c151c9adab34a06c9566e7a59c9eeef461177a541a0de006de265008cb544b69837327e41074a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e157a0efa76e9b809d5da0d5638c71cb

    SHA1

    4f70c51c67918d1a6b8301ee0e2b2bc4a18b0164

    SHA256

    208516e91591c2c546b8bf9ba46a8f415ecd1cbe15117e6d41c4ea37c57eac6c

    SHA512

    2eb6af8bafd48cca7ace91e2328bb5620644ab48502b319d470442a0c755dc2978eec8f0c74a3dde86dad9c32dc3226856cf60b6912a7f973a9cb65419c672a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82ae9332f5b0cab821e47ef3ee7e5c6a

    SHA1

    64b84f5a13b7ef835b0c27d27e9b4b3d7d0fac3a

    SHA256

    14681c653d78d9130d55b188300cc87e2b3ccc1a164b96c105cd12928f7eb64e

    SHA512

    b7cbbf7c091b448e15aee72b85fc190233011f5ee5b8b5efd7233ba3146570686d4bbf1010cd34bb1564784494613c3221441e6d82b34a75ba546ee2fcd1cd69

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56125e8056233786229e31e8d01e1e42

    SHA1

    a5629a713b4d902251a8952b7a493ddf02b03a0f

    SHA256

    c883230debcb6721d8eb04848d58ecbdff1acb511ea1ab53d42937e98df8faf6

    SHA512

    95b31e2d42d51c7a3bf58553c4e271a874ec648b8a9e75d7d43a602840b76eca69b129dc3f8a2053fb7259338e2f80ea1f62b9bade439b61b03037a312424f5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    588ddff89b9f1f569a8983046114960a

    SHA1

    29ba2fe07eaeee06c6aa751539084e2276dba3c4

    SHA256

    e1af684f5df22e829e9b4e37f8aa818eef9b1f48cacfecde9aadb4acf7f5e3e2

    SHA512

    b32ac7f16664b40e32e3d49d8e8404f7c259e2c760728c4740b8d5252b0c5ab93e6d937fda80252c76fbc68c210fe082e6f2c8995e0a90b73b39f67e8cc83377

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bea1bc77187e00acbbffc5b1be0f7c25

    SHA1

    dfa5a6f6c082de918c3b086b15bbd8ee2baa029c

    SHA256

    8b317fca684b7c52180f7d9ae6933958bfa6448ff3ba377fd6f9d37037d8e270

    SHA512

    3a20aab52f61f4a5c8c4db8d779a667814050545d0f717b9753062645dd735603191678e372d4b148908dffaebd1c62a2e6043e120c76daf4ea73163ca84353a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    abfce1a134270f6ad9ccd6fc8c5c5bbe

    SHA1

    56eab7879ae0f0aea79f403c3fed935b26e177bc

    SHA256

    bf042fc83afc6ef862c573a872e62e126ea57da2b1463d81b8991ef9d21f9990

    SHA512

    d4582d74c18b15a26d7ca0e91b0937d667431e7595fdbce94a4f5c2038f4efc2ae42da9e88727906e1e461f313936b60af754ce6894b9a966ee72ebcbdb39875

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    454994688e49532d40550f90455fcdc0

    SHA1

    76062e852328356f3796644f69f4a6e2ebfdf65d

    SHA256

    38c7f470f11a9b576051c268658b113c76d1109e285dd87c631642045cc098f1

    SHA512

    9589e3f3710d9091281a90fa18862ca8f80db6d7de1fa9e1739f153d7bbabee0548533939e3462422324846806b76e8ab74bc0a2fb5c05a5f370be2a57c0f2cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f9002b69b251c356f1f91845e6d1715

    SHA1

    b5d73ec45d7ec8d8184994a666a69290e4878038

    SHA256

    fc04d40140f864baba7e49b71cd7f60c563bad662ffe735505d214e58be260e3

    SHA512

    bbaf8c5221803adde807c100f47e6f1f072032577e8dc4ec640d23a99f2506cb3194a6d5156cf254641d51a42cff78cf0a227864a7a116193812e061ff8dfb6f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    587ab4add54431dd8346b3a80e56c8be

    SHA1

    1a778d84f00f1176ea975798a859b83f29fff5d5

    SHA256

    59510ad229600a6fbca5485b781791b0235ec89ec442181651baee1b6e69b469

    SHA512

    d07209e65aa16b8a9d3598227c206e9a25ecd371312d2c36bdd7ca39d6c5803e90c8ad1257785d05f8a11e4c7fe024a753e047bbf55d595808524a934d954613

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    266497a30e59ce146ec0e9e65b872f0c

    SHA1

    ab341656d0982d87216dbf4a5088fd25d0f1a452

    SHA256

    4d810d6d3a8e208d8d339941f59ab5637450a58db822a9fa63a09028258c2bc1

    SHA512

    8f44a18b8f2514596f6e5d8b00fe138c2311a03e8a083d6bb2175affad0dab2a8142d94cc7a0f9aeebe3d2ee6ac3738a38643ebac6bfda2d1467dea5c18b787d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf7bb764e49fd8c4cbeae45066a4df4c

    SHA1

    299f3f7379c6f0db37228636e1b9d0e9047a59b8

    SHA256

    1e36ba4b1844d5107b6ff946ffaa25326ee3ec219ceb0647245832723ebe98eb

    SHA512

    bb6e2fd97ad56d81827766ea8a287bac23cd7c2c70b42a54b224a9593c397ae710d653c0dd4b2e280960388ce582ca23ae8467e49d0b3d0ac1998fbea4d589f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9af12195ac45033a4e7ccf52d642a4f7

    SHA1

    d3f25012ad5f86bed85cf5875ccd832e7e417df4

    SHA256

    d8fc4426606202470113f1c67f571bdd513286d8095c40ebc4d52d209a3ec5c1

    SHA512

    7e9924dd76ce7aabdac5c93385f19daceaa59b66b8fee79310fc756c72217ee319628538fb7b2bccb68462db652a499cd27ecdf6a21db04a918ab2e6b71c436d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9cad2048bfc3e4eeb8df78384f0e2546

    SHA1

    39b5f187f60a11cf26ac254c4c88d23b9020be65

    SHA256

    8818e1209df17361c272b4fd276cc0f4a2debdef819bcdb79e720ccf74b4867f

    SHA512

    63a9076187cbf9a440f62182e491a3f745e5dceedd46ec970a7ef5b6482bd882d00311ce163fb7a27ae182da6dbbde363cf9cd582b057da4cdc3424080248c2d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d4bbc7c05cde85f931022f05872105a

    SHA1

    2d1971d21858c464a71ea972b69c6afd836b951e

    SHA256

    fdc871c5f97642240cf2aa4fb09b23f2cb87bb04edd0622be2c24f900d37cfd4

    SHA512

    3489616aad362f3c6c6987e64db16a873ca405b36f37a8be2059de958a16ed2100b555cb8dc53b083d0e58274ad7627643fcc127bc451b1c2db8ff11375a3e40

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F7274841-C812-11EF-9A35-EAF933E40231}.dat
    Filesize

    3KB

    MD5

    257dc9b236e135fc13ca48f3782bf680

    SHA1

    cd1d1c162e458cf386e88d402a0fea1a714c6029

    SHA256

    1db4bb80148d2d48aace6846679cdcad9fbffbe439ec93979c1f48d71f596a20

    SHA512

    ff47ce99e4fa4921bf14eae5f360e4686db24027248ef75a86c1ff305075b9a7c3c657367bcc93cb105d726dcc824b4a4a2193a5d81c637c909e5055f391a4da

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F729A9A1-C812-11EF-9A35-EAF933E40231}.dat
    Filesize

    5KB

    MD5

    e3801b9b5fdbc56c6a719caf3d382324

    SHA1

    ec454e1a2db509e31aceecc92a5a1d3451d4946c

    SHA256

    267d31620da2145b8d7141dca483a9429527b796f63a8a4b237a2f494a326b0d

    SHA512

    e03b6904976e010d896903ab3dc308ef1266d2d3a4c4a4ca353182b218e224324a7e6034de162ade48329b9d3516c31e5cabcccf403224bfe816230fd5f6f5f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA0D4.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA135.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\JaffaCakes118_4c728d1e2a132c19f27bde4f31e60930mgr.exe
    Filesize

    88KB

    MD5

    a61ea5f2325332c52bff5bce3d161336

    SHA1

    3a883b8241f5f2efaa76367240db800d78a0209c

    SHA256

    e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

    SHA512

    fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

    Download Submit

  • memory/2104-14-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2104-31-0x0000000000190000-0x0000000000191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2116-18-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2116-13-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2116-16-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2116-17-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2116-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2116-11-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2116-27-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2116-28-0x0000000000410000-0x0000000000419000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2116-29-0x0000000000401000-0x0000000000410000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2116-8-0x0000000000320000-0x0000000000340000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2116-10-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2116-15-0x0000000000340000-0x0000000000341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2116-0-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.