Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...65.exe

windows7-x64

10

JaffaCakes...65.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    95s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/01/2025, 18:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165.exe

  • Size

    220KB

  • MD5

    6014279f4cfb2846e5bae34d7ee34165

  • SHA1

    56a1e5abb064f163e0e37c9581bcbdf43bf9c2b1

  • SHA256

    cb6c79a3a5312a9b58cac59af0d467ce2ac555d5fcacd8daddb16e78bbdf1baf

  • SHA512

    dca204af045f5a7db6316f8c1552734d4991be926816e7990f03e955f6b5dfe32f0764268ca49c880ae0a73948b87b1184e7984886048ac58b306a7a289de138

  • SSDEEP

    6144:Zfmb8F966RVumMSOzzGJdoYKhv1PPGjr0/:RZumQfGqhv1XGjr0

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5088
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165Srv.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165Srv.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3644
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:4936
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2668
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:17410 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:4976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    30f59b20e935520badc298242cb4cff1

    SHA1

    00622b2054eb148a8459c2ccd0b22606c2d5c7f6

    SHA256

    4a981d199e551f2b8c8fa22f0e3fbc264e876e5ed243d83331b2a6083a753e3c

    SHA512

    f22ca09eb3266cee3f363e4f3f955745382679d136d61e7c27f81081cd77efa5f82f82220526928f73049e692b7c060f64032dfae0f967c579c6e6acfd2e8d21

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    0e8ed0f1393db96c0713674350b74863

    SHA1

    d435698a12860bbb8b6efd03ad65e07196f84bd9

    SHA256

    b17853366bc3f171e24b73fb869a08a5803342e5bc7da7aca08c03c0161f0730

    SHA512

    de13f4ba941aad1d167142de1cd6a541515158f64e15cea56e92ed8d2a448928f987c6a2a342d65fb45db94090e7fdc189728a503dcb8e0aec8dc06bbcd8eb98

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XH3Z2ZON\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165Srv.exe
    Filesize

    52KB

    MD5

    17efb7e40d4cadaf3a4369435a8772ec

    SHA1

    eb9302063ac2ab599ae93aaa1e45b88bbeacbca2

    SHA256

    f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386

    SHA512

    522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450

    Download Submit

  • memory/3644-4-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3644-6-0x0000000000590000-0x0000000000592000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3644-7-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3644-9-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4936-16-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4936-20-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4936-21-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4936-19-0x00000000004B0000-0x00000000004B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4936-17-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/5088-8-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/5088-0-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download