Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...f0.dll

windows7-x64

10

JaffaCakes...f0.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23/03/2025, 14:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_8751ffb8cf222ab81161df6bfc08c2f0.dll

  • Size

    204KB

  • MD5

    8751ffb8cf222ab81161df6bfc08c2f0

  • SHA1

    84d324815968276c2e3c07fa90070c19fe8a0b34

  • SHA256

    a3d060addde81e53c12ead210925c53cfb78cb92958260bf4454727940adf0d8

  • SHA512

    a69eb180d51d440a5b2e8786c8b8ae9412769f58763e97eac172873af0adc77523405123d870f4e18202f1bcb8c20544b46b74e915ffb77a597298d044a5ecb3

  • SSDEEP

    3072:uOBOLWXivHYMzv2HvP5YeBTEEP2831Vr/rF8QOSta7We559tZ3hsJNhQeCUChSxy:uOp8HpzdQOStKVbxFM4qiu7OKoa32

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8751ffb8cf222ab81161df6bfc08c2f0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8751ffb8cf222ab81161df6bfc08c2f0.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2008
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2468
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1496
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1496 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2876
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2160
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    71KB

    MD5

    83142242e97b8953c386f988aa694e4a

    SHA1

    833ed12fc15b356136dcdd27c61a50f59c5c7d50

    SHA256

    d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

    SHA512

    bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fe8420cbb009e6cea873599c9b3dbd84

    SHA1

    7c92323922edd23aaa3a867c484aef1d13fe3797

    SHA256

    ea83666a9ba57787f83cc515c98374015c997954e805e698cea9b701034a0cdf

    SHA512

    9ffa4afdd62587af0b6fcca6f52cb14956744af13d9fb3fdd866e11b7318df6b95dd417a9fa6aeedadaaace5037560e3188cd3d0d4bf1b2dbf5e7c214e7e5379

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2738445400bd7b4c00adaca9c07c2c0c

    SHA1

    5ee8a114db68b68dfc26b3bd45169feeda6012ea

    SHA256

    138c93cd83e9cde4ea03fec72747e6cc32391baed731e9c2debaf1e395b39914

    SHA512

    91740fa0ce4f424140649fc2bc34c9983aee7b29ec982b2f76afa8364db83318d5c84986d7df6d76d22fd88041d97ad05b82989a5c26e5343b02bbaf72813bcc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b45f455acadb51b463eed19a040af210

    SHA1

    f045d945d36b8d6ca587b1ec76cdc0cdd42e41f6

    SHA256

    67a78c080e20d412e246ff11dfbbe228a03e76e29bb328792993eaa9bb1242ea

    SHA512

    d5b6a6dc3065154183747c7e0c9513fdf4ed5b085656f66a7e5b5daa8505648d12a324ee2c23568f8601b93563fb350737cc5c5c9c79cedd96fda21402e3f18e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ead64fb353e5c3553e4eed69178a27d9

    SHA1

    5f41428879f1b5fb47ce3cf0bca995ad5b3c1f8c

    SHA256

    9392a1804cac8a4b5c9d5ff3a89958ff9fb6d615bb70fd7a103548491936f499

    SHA512

    39245a55efdd0c3a570b54b021fb558dc310349e2bf3f6bf34bc620c499d6eb8717d17a245bb51a439b0f4357332e2d121b044df01882ec0c2441d8c8d163374

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ee691d8bcedb792c4e2b8f3e33df69af

    SHA1

    14e301453c3aace53fb0502f526c5fe7b06bde5c

    SHA256

    ccbb7829038ff0b70f72f910a955f0cedd35f2450e7ec640aa109579ff96a7ca

    SHA512

    703109c036b48a590821530dbc7ee38ed6ff0fabb0767b6afc7d5fc3adf9a227821fdb9cfb8e8f40c80ccf9c6f190b13c4c3626daefe8d03e694cf020f12b0ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c56655fdf69ccc8a331d17d33b115cbf

    SHA1

    061bf2c403951577af6340eb2f8224bb32e5557d

    SHA256

    eedd2574c00221805118fad33c59500f96023c8aeab6f1e14a4a26085db3b184

    SHA512

    ff424b56a837e2ec09de6d54982bc5fd048ca7d89d42e4616554ed4950e2eb3583f0258c9048d140b07a93404a4c278a20f9f97d06cb94be7daf1d77f80d3725

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    244632a01e2f1f61f6fd58816eb1bb92

    SHA1

    7538e18be2680b0a9b96226f501cf382cefa1daa

    SHA256

    87865d888a923057c5f3522a787cde5927f0b4044efc1be8281f002557179f95

    SHA512

    e9a13466c0fd33f4aff861a51e333e3025dba76686a171f45dc1be2164c2b3c1ea8cd4b87f348a5067e3ba0a02bc461ec6e8a4b56b3e3bc16d37152276d34899

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d953466c46563b0254d1c15ca6d91fea

    SHA1

    7f3359a8b800dbdba5137b0c0a876b948b175b56

    SHA256

    1f6835c2f088f8cca9c41831fd945c7bd849b20d89e34d875ebe1af9529f485d

    SHA512

    d90946dfaa6d6af3014c0c3819fdaa64f90d030295f2b1bb003f15b4753025669dba6be6882ab62631bbfcab71eef71f5f8f6abbf4455a9a4ecdb71c28bb07a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c57aab6bd7e21656145da4aae76e0db1

    SHA1

    a7d10cf38736decd91a1d978e8580a89adb41b98

    SHA256

    c536747dddf3621af1fdc48f34179804c6a83da9bdd2ee981a9f7f70a9633b84

    SHA512

    2ea94eb8683d4dd17706fc2904deb98136e78b8d26227f7507bee6385654501802878e88273af40ccca733c7c6098863155b1abb89bc70c88358d54fadb01f0e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0a699ddc4206bf508f635c85460bd008

    SHA1

    9d086926e69151ad430b3ab2e3dde9b00696bf9b

    SHA256

    a9a247c77f53b9900a2b2ff8501e57d914ca2cea2650bc633c989ba147721b08

    SHA512

    9b64f5e2f3b43c7628778455311081e23484155dd00807896c6a3cc876c4ab114d619297ca682efd690997cbda7fb2032358b18e4f9a564461e30894d7aeedbb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    884c75218388970b7e38af2024dde916

    SHA1

    6d81f575c604157c0698e689c67e7b4828f94d8e

    SHA256

    cef72f92ac71f15bbbc37cc87c05b1a2fd4cf06eda7106715dd2a8a54cbdb90f

    SHA512

    aa01b11fd727c867368161b7d53a6e1e6f8490a62df1c5acd006d07a9d122f45c2dd6e451d43392318cc4bfa9dd957ec9093d0179e883332eace447d2646f4ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b888838044accb21de1277f8e57679a8

    SHA1

    2f9b5913e57abdd7a0678f24b3586b09573e9e86

    SHA256

    8bfa8038d903c76aee9d54a73864a8a543587003f05f957aff0232b6ab63f0b2

    SHA512

    f65cbf5eb2f580e738826f7a2b428a1ee3dab81d382937ee365695828d87b91c594ee00b33577720fd4ec46897f895f621e90f074bb8d689e9ab67ee402e5ca0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    886a5f81e550901fe435eb5ebd3d7d2f

    SHA1

    4bc1d724140a1e268fb35e9eb5b30a0a674a5516

    SHA256

    52903f2feb670aca28233836b0b0b9b7616ae35e8c52a2577cf50e7abc1c0ecd

    SHA512

    0412d18348288b181b9f6c5aacb6c62b5653da637985f470fdf701ff46d2897d1c9d8212912090bea04786334925b19963fa6759eb4f3b0e963f557fd996dd15

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8835dbd112290385652608cde123ffe2

    SHA1

    e4d50a43b77d42dcc44d2f4f124a697b98588c6b

    SHA256

    05ec792141c3c7f22eaefd23be8736de649cc92a7c420441bf0c3fd2791e753d

    SHA512

    08c1842507f35a3a923adc1aa0528aff733ab2f148b0a2b4fb78213aeb2fd1b75d5a1ab1bfac3d0d1cdce0ce20313ae2621e109c4535a910b8f7813006af6666

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bed5e842d7351367e5c5b9e8a28ca140

    SHA1

    8e372e171d5a5b10fae5bb42f71a6956ecffb112

    SHA256

    43ef8c751a820fa7d196d259be9ed3279eb3a8c9cce7bb043e276b608e655428

    SHA512

    1ecfa517a70d2159a96141a87a622349616ae035334e2f3e9346a0e5561e065022e34e94ea9d0617c246a4e9a2496a4502bad883e1cd77dc706119c3a1d151bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bfdd75e82d9a622ea87736ed0dc2bf36

    SHA1

    3ee199e1108b5f7bb5b5c8abbf1aba0352420ea0

    SHA256

    8ffcb8e5a50a5649af515a63007bec02fdd20becc7715d44c3a83ace40ea29d9

    SHA512

    ffbf34aa2d8e5a2f3acaeafddd33ab4821cf592fa75e26a230309427f0f64bb45f0768b378520ccda5ea1ce1976ac63dfd98bba67be49d6848c9ba0de073ee1f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2c18ebaf402faa886514a79301aa9cd6

    SHA1

    77e7cf67fea701b36bbb1b61dddd1775db306983

    SHA256

    3cc60e1683dc4dd027a870521865a41818fe1232c9eb4310518123ef47006f30

    SHA512

    d97bc201b75bb1b859ee30f6b79e5bbb2590af84c3b92c6873e47fd914bc533876daaddfbb49af44b74c169b9b87ae8e66fb0bbc4a57818afe218443b100fc93

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ff0a9b367adce3d0d6badcd1ce054902

    SHA1

    009e40a4bf36052a5dd7f417610b792894fd2d13

    SHA256

    442cbf606543694ad643027a53f22e415e70d6fac2316884fbc41e4babf63b89

    SHA512

    8bd49448a5c2ffae4ca262c7846733515f026511257812659798692dea1dc3da81f6277ce570103c33684ec9ab8ca8e835d5af5cc309ab56a18d91cfa31e13e0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BF26F261-07F5-11F0-AD4F-5A85C185DB3E}.dat
    Filesize

    5KB

    MD5

    ddeda80706f63fc62dc1141f876b78fb

    SHA1

    ff8734375aa7fb3aa78e17b2887664b7369d582d

    SHA256

    484f47ce8b1cf1c48ff052bce45842893ad12fbbe709be4a64dbae6e66db501b

    SHA512

    f615d4025daef15744704c9d08bac0a3a5ad3be35314ea70ccbec7df4e18056a063aec0226980550f05608fa142b006b4aed62988dbffc7bfae6a32557c77cd7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BF2953C1-07F5-11F0-AD4F-5A85C185DB3E}.dat
    Filesize

    4KB

    MD5

    3d455e7e10713d335d6248a921056399

    SHA1

    f6d87493afb0d88ce44d8e3782c764bd94d27b92

    SHA256

    1408c48c63904eb01901a20da83db5e1c3f1dc35b50802c7aa69ed11bd618121

    SHA512

    b1dcc84f3c2484539ac9c5f99ce77f18f9237b7e3715595c942cc50d33fb9ffa0f81285e9a7ae5cd741da7a95d896fd4b9fd94981c150241b2380eb375531167

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC719.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC80A.tmp
    Filesize

    183KB

    MD5

    109cab5505f5e065b63d01361467a83b

    SHA1

    4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

    SHA256

    ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

    SHA512

    753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    105KB

    MD5

    4ac46f9b1cf2510e27caaf559aba2d87

    SHA1

    0aecafb73e3554ece3d8315197ba3db63cb54c17

    SHA256

    461ded20219270124b6d2f636f7b07b2847c35355517657f01a19e472e270b63

    SHA512

    6b8bd6b72f9a78e900e852466dcf60df4ac7e43a041fc138538fa2368ab4763bf04e45a2aff81d3a718919c18bcd2ef46c7bdb7992fdb366ca569791f4174a0a

    Download Submit

  • memory/2008-1-0x0000000007000000-0x0000000007035000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2008-10-0x00000000001E0000-0x000000000023D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2008-0-0x0000000007000000-0x0000000007035000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2468-15-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-13-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-12-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-11-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2468-16-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2468-14-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2468-19-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download