Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

f55920966b...18.dll

windows7-x64

10

f55920966b...18.dll

windows10-2004-x64

10

Resubmissions

09/01/2025, 21:32 UTC

250109-1dpr9a1rc1 10

04/12/2024, 03:12 UTC

241204-dqgwvaypcy 10

03/12/2024, 21:44 UTC

241203-1lvy8swjgv 10

25/09/2024, 06:02 UTC

240925-grgh9asblg 10

Analysis

  • max time kernel
    295s
  • max time network
    297s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/01/2025, 21:32 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f55920966b4970588ce643af0fcc03a7_JaffaCakes118.dll

  • Size

    422KB

  • MD5

    f55920966b4970588ce643af0fcc03a7

  • SHA1

    97c44c58f24358442cb1811a7694e5b395e82d61

  • SHA256

    0d533321292f6854d7f9705a738d58ee5941c93b52674681083ec5c21a987ab1

  • SHA512

    b5e6f91e65eacd6c1ad5f563f0d9184fd21fb88848008c7ea568d7c40c63fcbf217eeee2830a521313a3152e538821a469630fe951e760405972afae8516023e

  • SSDEEP

    12288:yClc4hq+Ytl63+YzGKBTpJHtvgqYe7S9S:Tlc4kBl6OabpFtGgS0

Score
10/10
zloaderbotnetdiscoverypersistencetrojan

Malware Config

Extracted

Family

zloader

Attributes
  • build_id

    49

Signatures

  • Zloader family
    zloader
  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f55920966b4970588ce643af0fcc03a7_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4960
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\f55920966b4970588ce643af0fcc03a7_JaffaCakes118.dll,#1
      2⤵
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1840
      • C:\Windows\SysWOW64\msiexec.exe
        msiexec.exe
        3⤵
        • Adds Run key to start application
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:4032

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    axelerode.club
    msiexec.exe
    Remote address:
    8.8.8.8:53
    Request
    axelerode.club
    IN A
    Response
  • flag-us
    DNS
    axelerode.club
    msiexec.exe
    Remote address:
    8.8.8.8:53
    Request
    axelerode.club
    IN A
    Response
  • flag-us
    DNS
    axelerode.club
    msiexec.exe
    Remote address:
    8.8.8.8:53
    Request
    axelerode.club
    IN A
    Response
  • flag-us
    DNS
    axelerode.host
    msiexec.exe
    Remote address:
    8.8.8.8:53
    Request
    axelerode.host
    IN A
    Response
  • flag-us
    DNS
    axelerode.host
    msiexec.exe
    Remote address:
    8.8.8.8:53
    Request
    axelerode.host
    IN A
    Response
  • flag-us
    DNS
    axelerode.host
    msiexec.exe
    Remote address:
    8.8.8.8:53
    Request
    axelerode.host
    IN A
    Response
  • flag-us
    DNS
    axelerode.club
    msiexec.exe
    Remote address:
    8.8.8.8:53
    Request
    axelerode.club
    IN A
    Response
  • flag-us
    DNS
    axelerode.club
    msiexec.exe
    Remote address:
    8.8.8.8:53
    Request
    axelerode.club
    IN A
    Response
  • flag-us
    DNS
    axelerode.club
    msiexec.exe
    Remote address:
    8.8.8.8:53
    Request
    axelerode.club
    IN A
    Response
  • flag-us
    DNS
    axelerode.host
    msiexec.exe
    Remote address:
    8.8.8.8:53
    Request
    axelerode.host
    IN A
    Response
  • flag-us
    DNS
    axelerode.host
    msiexec.exe
    Remote address:
    8.8.8.8:53
    Request
    axelerode.host
    IN A
    Response
  • flag-us
    DNS
    axelerode.host
    msiexec.exe
    Remote address:
    8.8.8.8:53
    Request
    axelerode.host
    IN A
    Response
No results found
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     66 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    axelerode.club
    dns
    msiexec.exe
    60 B
     60 B
     1
    1

    DNS Request

    axelerode.club

  • 8.8.8.8:53
    axelerode.club
    dns
    msiexec.exe
    60 B
     60 B
     1
    1

    DNS Request

    axelerode.club

  • 8.8.8.8:53
    axelerode.club
    dns
    msiexec.exe
    60 B
     60 B
     1
    1

    DNS Request

    axelerode.club

  • 8.8.8.8:53
    axelerode.host
    dns
    msiexec.exe
    60 B
     60 B
     1
    1

    DNS Request

    axelerode.host

  • 8.8.8.8:53
    axelerode.host
    dns
    msiexec.exe
    60 B
     60 B
     1
    1

    DNS Request

    axelerode.host

  • 8.8.8.8:53
    axelerode.host
    dns
    msiexec.exe
    60 B
     60 B
     1
    1

    DNS Request

    axelerode.host

  • 8.8.8.8:53
    axelerode.club
    dns
    msiexec.exe
    60 B
     60 B
     1
    1

    DNS Request

    axelerode.club

  • 8.8.8.8:53
    axelerode.club
    dns
    msiexec.exe
    60 B
     60 B
     1
    1

    DNS Request

    axelerode.club

  • 8.8.8.8:53
    axelerode.club
    dns
    msiexec.exe
    60 B
     60 B
     1
    1

    DNS Request

    axelerode.club

  • 8.8.8.8:53
    axelerode.host
    dns
    msiexec.exe
    60 B
     60 B
     1
    1

    DNS Request

    axelerode.host

  • 8.8.8.8:53
    axelerode.host
    dns
    msiexec.exe
    60 B
     60 B
     1
    1

    DNS Request

    axelerode.host

  • 8.8.8.8:53
    axelerode.host
    dns
    msiexec.exe
    60 B
     60 B
     1
    1

    DNS Request

    axelerode.host

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1840-7-0x0000000002C40000-0x00000000035B0000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/1840-12-0x0000000002C40000-0x00000000035B0000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/1840-2-0x0000000002CA4000-0x0000000002CA7000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1840-4-0x0000000002C40000-0x00000000035B0000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/1840-5-0x0000000002CA4000-0x0000000002CA7000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1840-6-0x0000000002C40000-0x00000000035B0000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/1840-8-0x0000000002C40000-0x00000000035B0000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/1840-1-0x0000000002C40000-0x00000000035B0000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/1840-3-0x0000000002C40000-0x00000000035B0000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/4032-15-0x0000000000D60000-0x0000000000D8C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4032-11-0x0000000000D60000-0x0000000000D8C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4032-14-0x0000000000D60000-0x0000000000D8C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4032-9-0x0000000000D60000-0x0000000000D8C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4032-16-0x0000000000D60000-0x0000000000D8C000-memory.dmp

    Filesize

    176KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.