Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

JaffaCakes...9f.exe

windows7-x64

10

JaffaCakes...9f.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22/03/2025, 02:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_859806feaf594a8854db32aa44b1ed9f.exe

  • Size

    124KB

  • MD5

    859806feaf594a8854db32aa44b1ed9f

  • SHA1

    4bc8bc5b77adc8ca1996c0ba4ecec20c1222db7d

  • SHA256

    1a9bf2272d3ef9f5736b0fc14216461ecfb90a43365de2bdc37806a914fa9b39

  • SHA512

    16b37a02977d92d5907b50abd4cebd49a5175b1f35ab5ae2846b43fe3459baad64b1760880a2df68dc8ac9c48b0e0b14f9e55db83dc3e2f0c47a7ccfbe91f1c2

  • SSDEEP

    3072:JwV4OgSzBmh04eZFkz3Rr0gwGj9Tf8mxedo2I+:JMzzILGFkzhr0pGj9omxedop+

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_859806feaf594a8854db32aa44b1ed9f.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_859806feaf594a8854db32aa44b1ed9f.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:292
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2008
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2312
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3056
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2196

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    71KB

    MD5

    83142242e97b8953c386f988aa694e4a

    SHA1

    833ed12fc15b356136dcdd27c61a50f59c5c7d50

    SHA256

    d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

    SHA512

    bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f5cd2a22e54302df0457aba5d508fe9c

    SHA1

    5477a46a1e18fabac4862147ad41e06e0dd3a743

    SHA256

    1fcc52df1a0e126d8fd9b5acc64a020c61bbd10b6b922616421f3da67db633f1

    SHA512

    4fc577ceb421ead77db9272250015146e8953b7de8fefb0034c10de55fb419f795cbfde6019f81471847c31aafffc360f1f433333cae11320bbb66e0722fb57c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    87478f1d93e7c1f4f7474c8791b1291c

    SHA1

    3750df53af942ca3bec5025c2b57d25fd26f03f7

    SHA256

    eeb1ad3ed0df4bb18568f3f3dd406d1490bbf9b042ee02d4240f1ee9af019ac1

    SHA512

    288d207f8a3cecd04e84ed1b80d9c6794b8f04a06137efd025019d87fba48d11315689aa5d4109c5e5c813f7b0772686e18c7672a6d0903fe364312afb05200d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    08f917b9a5151115ca378ca2540b927c

    SHA1

    a9d3747a2da3489d89625e0fe294282d4a4c94e8

    SHA256

    110fa58b3483bad3e2525df0a5bd12753d42c3b5fc975aadb72b3ebf99f265dd

    SHA512

    f4dafa6dc4657df3fdf0e75766021aa5d11a112c6be8001eed3d193ab75be24122246e5985d8e9e4228a5ef111ee4652818ed69040216fc629c354f022b84bc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aa0bccd8acfe91fdf3de15b19ea4f3bf

    SHA1

    346a9f2ff9880e95c3e0662e2153144ed6e84b4f

    SHA256

    8332fef2cc419544735b2da83895eb3c85a431f6fa51b65e321a7ade44047d28

    SHA512

    30ededa6c8c8be42abc194eeb7a0bdb5fb399c637a9e57dc7595fb1b088c12f67c520056473c70aba9d12c907181aae6fb0d469d38ef1ada5c584647cb492979

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e6674228b569a21b9e530f7f02fdc013

    SHA1

    81399502b87ace6b0e584bc144c36a54f416a335

    SHA256

    beda58c91459711df023579ef5e554d50e06448f82f1b15464e25304da422e16

    SHA512

    8227d08629a84a62fe8823bda103f37e96e59b1ec04f7d4efef018f718a01194c538dd4bec33862239569a447de4fc301a0892a49292749a4a36651d76d5bcef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f38cadc3e3725d5aa1340e75a5892671

    SHA1

    7a4e7f2c35f6d9f59e4f24fd665bda9c7b5c553a

    SHA256

    2682574de0ad440b86c7e1f5cb2b03cce3cb69a158df67549f4bfd31acd7de02

    SHA512

    264b9b15a88ca72343a9807a0ad54eb3b39b89f2367e0e93186459300ce9454db4cbf7845fa29bae59479f9b29498d7cb515268e4f5aa487fecfdd631f6aa5f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0b8f6167a70e6a72aba1b87feac9eac2

    SHA1

    d0b30b6daf233c3fd0be5c62dfbf65b1ec48ccb5

    SHA256

    c04c87a6d7e09248fa5d2fe7663240eaeaa53518326f3155e49ddeb74e1c50b9

    SHA512

    0b1ed72283a88c6bd164d2049ed142fa9bb7d68b509a4f7ce4827c3aea48029e12ef7b3f9078d96ebc602f713cc33df1b90b028b85eaf6b57fa5f9c721927f2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    adea42525c46f0d034a3994652c0c00a

    SHA1

    3fb72a267f961044f2b28c15af9ee74debb6b950

    SHA256

    f50de5babeef3f830baed14a88806e69a5a2ac9b7958fcbedbc603a2ba53b219

    SHA512

    6907935191756b7e2edd9bfc9600341f351e20b6cd40d7cd0bfc0ba27d1c6afd820d20349ff7a8cc033e11ca1515c1b2c34961832d70890a633334d0ce487562

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    497b859a09f966cedc9c4c748391e4d3

    SHA1

    5c0877aa572ef4b3f5f50110e8382ac6051f9ad1

    SHA256

    fefa5be3e684ed7513332ae646075524baa9b75ac7c7e3b062dce0f7845f91d2

    SHA512

    7e6acdc913b35772dd0e99339cce38f883794c54614a2461830d2728aa44c9e8cf896e182de955261810c21a771858acb4ccf1aabb533718f17109901b76466f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d260662a7a301f72f581031c0ec2fe3e

    SHA1

    fcd78dffdeebf1601a33fee33ca7b7c0bd61ca9b

    SHA256

    c93df6fc566ac5b2fcc01ccebbd5cf20ffe87f2b56f3439124dedf9ba3d0111c

    SHA512

    1617d43af7f47d45f54b293fc57e28ff0275e5abc15acd8f8a14eab24fae89fd77fda6b1831de490e7732cf6923296578a8b839fdfcd3e05953d09ef768d4695

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FE016BA1-06C4-11F0-8AE4-465533733A50}.dat
    Filesize

    5KB

    MD5

    d1cc95b30edf6e76ae9dc29365e41c03

    SHA1

    54c624f07995559c5c91e45874b7fc1ad8e50097

    SHA256

    f1e4662c1ade78c2b455dc3cfaad17a97abdc43fddf4ce924bf959e4f1c07db1

    SHA512

    f30b16c6ce2eb53c4a20a3d30e4e85f5e5d32ef4d8ad8965e0a9de152068c007f817110b174630695d79ffa2c35b342e8b1392bd8e38878f60c3a74ae91c8ec7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FE0192B1-06C4-11F0-8AE4-465533733A50}.dat
    Filesize

    4KB

    MD5

    b384989f10ee89a19d4fa8b64214ab59

    SHA1

    162907805c735b79474bfe34b84bd7abc9631a05

    SHA256

    46c81f13b6fc8460c0ccf2d010a8f4053d8880fcaef18f7a9d8bf014c545308f

    SHA512

    c11ca29718c41d77ca24415b0a8ba9ae88a383840876f25211d89a8c281245c6aced400f3cec36ab018763507847eadaa85aa361663d5c398d7a44d38498093e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC22A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC414.tmp
    Filesize

    183KB

    MD5

    109cab5505f5e065b63d01361467a83b

    SHA1

    4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

    SHA256

    ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

    SHA512

    753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

    Download Submit

  • memory/292-2-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/292-9-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/292-5-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/292-6-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/292-0-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/292-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/292-4-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/292-3-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download