Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...60.dll

windows7-x64

10

JaffaCakes...60.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01/01/2025, 15:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_5a515ccdbfb76acf91839684585abf60.dll

  • Size

    137KB

  • MD5

    5a515ccdbfb76acf91839684585abf60

  • SHA1

    16a18160a614bdc5a7796c99853b127cb362bc2d

  • SHA256

    db1420a2ff6a29f63ed3da12087155231cce82b4550e20cd31fb287e44832514

  • SHA512

    e83e06ed0d6c1fcf0590d8e595f41d754e2cc44133401efea07683f8f8195121296a896ec68aa30372087f9e2196fc30eca9dd51970f9cbcb5e5ff6e00b1d82b

  • SSDEEP

    3072:/NqgwmI488TRAfVhBQ7P+0Us4Q+LQI1H2UJ2mro/Y:svmlAfVhy75ZlIx2Svo/Y

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5a515ccdbfb76acf91839684585abf60.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1060
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5a515ccdbfb76acf91839684585abf60.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1780
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2088
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2692
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2884
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2116
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2620
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 244
        3⤵
        • Program crash
        PID:2060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47cdb9325bed290268a03c160631f2d7

    SHA1

    c7186f1e96f6fea92156019663adbc925590330b

    SHA256

    3b6b67fa2be020e191448b681d5a718be1d39177fd3bfdb23aa861111bb4ba7f

    SHA512

    74e4ea69c2df1f580d242b3b57058e851ba1536bab702dfec385614a28f5d7583d248ae7c948bee83b540b0f6047750914f3a0453e1378fa66dfbce8cb6541df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    64b3e3b3109b1370ce9db5b4167d855f

    SHA1

    6465a68b80bf2dfcab40d94c61b4f3dcebd67229

    SHA256

    d2d402ca20c2302b3a79bd4394b79dedcabc0cd609a9d7acebbc2ccfecff77ea

    SHA512

    cbdd4e11d39644f504a4bf31c952bd97132631c86fe66522a90c879ce38553bfb6fc6736f80b7eedad04af692bcb932287de3f0cbd90aeef1fcde018f1eb4cd5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    16f8993a8c77c2498b47c77572a39271

    SHA1

    ae6ebb5c6beaf8b574ccbfd989c4de61ec194218

    SHA256

    c87ed4c74f0237e801232bdbb498f3d4ea7305104dfaec7a0e918fbbcf431f19

    SHA512

    d5944ad3b459bbd6859bfbd42700e9ccc283d0eca630d082f5233ca95ebe974b024110e933dd234de1f520d70acfbd11feddbb5a1eb1bc7970d78fa8666f9fef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b9739718439b22cfde9983c9be496422

    SHA1

    19cd3bb968b7ecb72b6b22b49b8855c0e5b05f54

    SHA256

    deb36cf966223fcef4bcaf98523e2473ba8463f7481a0bbca58e1f8e48f245cc

    SHA512

    49de9c7f63c24706c907df41ae7d079a73605d3dce939e43175007bc0595058f25011bc9abbf608233e3c28f4eea8e5c1ec6b7641f967e782466f65ad6539922

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9a382ca48668a755421e79ffb72ec5f

    SHA1

    78f95963f4d17a4498b0f83223dd8c252b011088

    SHA256

    47659b710e83f6415284b01ae3ed0055267c27c7690a6aeb54ed0d555f0f490e

    SHA512

    e1022db0643486f0ff8aa10f78f12e8ff9027ef493efcd20e258d400163737530ab239d74da6fcfa0cdf9487a11cde78ec90fb5509155fe84c7df1cfad5c09f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    608d57df316349be5c484b15342888b2

    SHA1

    c344af3fab7042454591de410dafcc631027b9d1

    SHA256

    11e0b400568e435589bb84a34f92e2dca8efece252d7df73e07b8e28c79ba803

    SHA512

    945a822257b61b7e4850300c6546e9149b8365ee90dea72f3b7672a976b790e855186f88560d3b97f8973fb6faeb36cc686c6ccc59f5bd29e25f81f0a7b93ef9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    98fd706619f295d0982b03baa9f2002a

    SHA1

    5e6dfef498526e8f592f7b415b8fd914b480b7bb

    SHA256

    cb609acdb781354715428aea873803a7ac0735c3dc7807493f833a628657344c

    SHA512

    cc07e71affc9cf007fc8d188f325094c18f47aab0971d4f040b24a1f55b08827f4c9c4baff7ef85934e3b21e9bb41fc9e88720f080a85db3c6bfc0776b6bd90c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    29d4bd9d510ca2cb4ff90ad944c88055

    SHA1

    4f01b50d229430bef03ea2329753f6965045e305

    SHA256

    aef7ef01e5d459b2cbae92b8579e4027b5cc14b2ff67cfb445399db8d9ea3146

    SHA512

    f68318b0ee9c0667314516b54e72cdb9ba6dfb3a122a0eded8f48c94e53c21011641d30d818ce05b254637edb60ba6f7bf30b6751a670b56b6b585fb1874b5f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ae90becdcf5620fde823a2dd1132192b

    SHA1

    d1f351f3f0c2d8ad66c8c4fd06b6c5612ecaecfc

    SHA256

    f58f863becd89d586cce253099482bc34c0cf1a115f06c62e7ba819b39a74fca

    SHA512

    507cfee14fa74195cef3c522ead64d19c6e8564097ad941821f30346fb9264f6db535f1d85a0a7cae5ae7bc4eedef3784852e910c1b46cdd7aa5068aef72dbc1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C24AA2B1-C854-11EF-8AE4-465533733A50}.dat
    Filesize

    5KB

    MD5

    98f3078ddae435f1f7e9e84fd112b32e

    SHA1

    9fd5f47f932d23271751e6efb92651a28a6465aa

    SHA256

    144a3474ff675becf00f33aa82a53d70a60cea02046a4c1893b18bd1714d7410

    SHA512

    370028af7db866dcbef0523bdfd22d5fee4147404010c05b468d80b97905898a3bfbe086df4cace9ba200a59198a0f2318c95fc7e93ce33e437e8bd76d5c5ea9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC2F4.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC7C8.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    106KB

    MD5

    db92102c142a97620d0f02b3321d235b

    SHA1

    84adf0da0cfa131b61a23cf26719b5d0c75702a9

    SHA256

    12dc8f962b54cbf925146db55709c9ad8465e392aede3a5095f74e7ca6ade2a5

    SHA512

    04bbb8ca5e5e63e85da4c4a9de8f46352cb9437005c0cae014da1d61c58916584a284fb7fba21b06f963de440362e150b6f2ef5d69143fd6a187c0712bf28d65

    Download Submit

  • memory/1780-1-0x0000000040FC0000-0x0000000040FE7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1780-18-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1780-10-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1780-20-0x0000000040FC0000-0x0000000040FE7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1780-5-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2088-14-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2088-19-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2088-15-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2088-16-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2088-13-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2088-12-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2088-11-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download