Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...5c.exe

windows7-x64

10

JaffaCakes...5c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/01/2025, 21:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_82f3b719cff14c36717975a0f02bb25c.exe

  • Size

    95KB

  • MD5

    82f3b719cff14c36717975a0f02bb25c

  • SHA1

    e4ebf77eae12c09f3fdecb7f665ae293b60b64a2

  • SHA256

    196cfbe576c33b37214e4833dad773a1c861a778649bbd7ef280e640b2a436ed

  • SHA512

    a32e82b9d62ed0c7a848ce78a943f9bea098b7b70b81ac14f92ea9f42bd07c72325317e15897d9b16d96f743864ddf9de727c96bbf280ec08792ca449b235844

  • SSDEEP

    768:106R0UKzOgnKqGR7//GPc0LOBhvBrHks3IiyhDYQbGmxlNaM+WGa1wuxnzgOYw9Y:jR0vxn3Pc0LCH9MtbvabUDzJYWu3B

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 45 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_82f3b719cff14c36717975a0f02bb25c.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_82f3b719cff14c36717975a0f02bb25c.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3676
    • C:\Program Files (x86)\Microsoft\WaterMark.exe
      "C:\Program Files (x86)\Microsoft\WaterMark.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:2328
      • C:\Windows\SysWOW64\svchost.exe
        C:\Windows\system32\svchost.exe
        3⤵
          PID:4588
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 204
            4⤵
            • Program crash
            PID:4284
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2380
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2380 CREDAT:17410 /prefetch:2
            4⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2132
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:368
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:368 CREDAT:17410 /prefetch:2
            4⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2596
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4588 -ip 4588
      1⤵
        PID:2052

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Microsoft\WaterMark.exe
        Filesize

        95KB

        MD5

        82f3b719cff14c36717975a0f02bb25c

        SHA1

        e4ebf77eae12c09f3fdecb7f665ae293b60b64a2

        SHA256

        196cfbe576c33b37214e4833dad773a1c861a778649bbd7ef280e640b2a436ed

        SHA512

        a32e82b9d62ed0c7a848ce78a943f9bea098b7b70b81ac14f92ea9f42bd07c72325317e15897d9b16d96f743864ddf9de727c96bbf280ec08792ca449b235844

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        471B

        MD5

        eec6845b257a7c8f95b25485b3666ae4

        SHA1

        79e6f675b80bc885bda844e766088a62d84ded75

        SHA256

        70a3cfb8ce21db27ecfb8143c459eda8218c5f7a0db0945c3117cbf5c180eb6d

        SHA512

        b6ceaabb99fb2011f9dd6ae4b59e3435c397204fcd4b3168e65d6616a85d49d13f80cd11a191e223609538d4f144103757f730c61acd21f4053bb5ecb6fb4f1f

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        404B

        MD5

        e0085636b072953fe4f8793163833585

        SHA1

        c4cb2799bf02ce5272663cb09fff2e8cd32b6257

        SHA256

        4bfed94247a4c640e1b946c4f0f8c14c8074e738f8fccffa2097098f7da3b5ce

        SHA512

        90374fdc5055b3abf2383c50a8aafc12848b68a4e102e9ba6e78012767039604d9bae5fb7b6da377218dfa1f9a50556dae4c3059480fc16378a8aabbaf20abcf

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        404B

        MD5

        c505218562d98f51cd5a1c738cf472f8

        SHA1

        cf9986eb3b3ed0831f37fddd63867110f3cfc84e

        SHA256

        6939b19c83f5def96ae38d15ff27283cd403204820644e9bff00283218686fac

        SHA512

        26c629376daafc90529484f208393d5d08fe67bcb711791f373770953d87d9863e7b18620b0fe522e48a4dcc948b7d9620146472b1de59c4d1b9551ae8de487b

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{96E864CB-D454-11EF-AF2A-EE8B2F3CE00B}.dat
        Filesize

        3KB

        MD5

        496797ec52f4517cb0511e26fb54796c

        SHA1

        3dfe3abe3b04a103ac69bc35aa209e5035986812

        SHA256

        7fbd414f081037cec62ffed569eae006762beae1ae5cb27a1ffcad650afe88dc

        SHA512

        8851746c4c00c97a99494227d13675841d1cc884604c07c0d742d8f6f0e91f0ce5a00695b761c4c562f80c380e4285d6448d73e8bdb767faaa6b4f282b7ba26b

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{96EAC6DB-D454-11EF-AF2A-EE8B2F3CE00B}.dat
        Filesize

        5KB

        MD5

        f11d6e7541d7286883a68e05d85fe96e

        SHA1

        36b0f4a3f6c6032dc5cd4946aeff973faea300d9

        SHA256

        61ff2d5ae2e18725024fb9f13cfd31de78e30bba6386036c33b71103ba5a22f4

        SHA512

        a971498c09ca2b8c482e2306eeac21d41111606d3de11af79f3dd0f6fce0b1c2ca7942d423ae790a5523677d24762caaca16036c031e6581b9d3a6a4d825323a

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DQ67RYHS\suggestions[1].en-US
        Filesize

        17KB

        MD5

        5a34cb996293fde2cb7a4ac89587393a

        SHA1

        3c96c993500690d1a77873cd62bc639b3a10653f

        SHA256

        c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

        SHA512

        e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        Download Submit

      • memory/2328-22-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB

        Download

      • memory/2328-37-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/2328-28-0x0000000077062000-0x0000000077063000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2328-27-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/2328-25-0x0000000000430000-0x0000000000431000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2328-32-0x0000000000070000-0x0000000000071000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2328-34-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/2328-33-0x0000000077062000-0x0000000077063000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3676-3-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/3676-8-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/3676-6-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB

        Download

      • memory/3676-2-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/3676-0-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB

        Download

      • memory/3676-9-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/3676-10-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/3676-11-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/3676-7-0x00000000001F0000-0x00000000001F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3676-4-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/3676-1-0x0000000000401000-0x0000000000402000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4588-30-0x0000000001250000-0x0000000001251000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4588-31-0x0000000000FF0000-0x0000000000FF1000-memory.dmp

        Filesize

        4KB

        Download