Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...ec.dll

windows7-x64

10

JaffaCakes...ec.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23/03/2025, 16:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_877bddde6e34d4e366264b411cd8d1ec.dll

  • Size

    196KB

  • MD5

    877bddde6e34d4e366264b411cd8d1ec

  • SHA1

    1ce8bc691f406ef7c12acb3f8fa04c8210793d70

  • SHA256

    3a19b0e1ab0bd343a0c724a9fcc959a866a54218faacce27a408f7ccaf70e47d

  • SHA512

    2881a2274360c70d81463480ca6c617ecac75938d7c225b479e5767721c5805f7037bed0c1f264cfc8049619ccec397b24d8a08b875eda88f59f998247c3dcda

  • SSDEEP

    3072:DvXmimD0k0QRW1PhI1sItKOgGdX3DU68iBljiMz/mPTUS1mThIOwZk85:D+fD/0QSzItKOgGFYSrKbUlD25

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_877bddde6e34d4e366264b411cd8d1ec.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_877bddde6e34d4e366264b411cd8d1ec.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1920
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1560
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2980
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2776
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2908
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    71KB

    MD5

    83142242e97b8953c386f988aa694e4a

    SHA1

    833ed12fc15b356136dcdd27c61a50f59c5c7d50

    SHA256

    d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

    SHA512

    bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0ab05385bb0843f96a6ec5d8bc313ad5

    SHA1

    c9b9f4f8d0bde44bafc0446102041abfd8d52f82

    SHA256

    6ac72a1fb500737b9dd793f7ef52e62833129ff2e5c69757b041392df64d4191

    SHA512

    218ca1c857084df3f95e4c5055983a7b80d9ca92a69aa0fd65164ea5bfcd47536ea90a697820bc5cc5708777b5b269638380777f6a1291fb0c951b92bb56f61c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7778213040ec10743ff958bc01d9e9dc

    SHA1

    5cb81941ae76fd6926b346ecddc6cd79ea222074

    SHA256

    46e82d75a40c04dd75c31126a7f406f07fed4354b681b1d628404bf9666d253e

    SHA512

    b9fd9f0015ff624169c480ee480b1e11613df1174bbe9399f102f07c727023e670bf9e9b56858a6c12f929c1611b0bca19f51025075eec4f3918ae9bbcc80357

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e2ff90ee697141c8d050974619e3919a

    SHA1

    ae65a3f513f04ca9b2978c7aa63cf10cc4a15648

    SHA256

    4e9450034e968ccd1c4c4f4ae56a046a59b0e60ccb61e2ef4b7d23df4c888c4c

    SHA512

    1d96f4ff03e84fb5a82cf8475c4e0e0417bf2a4175acd118cb839f40669386cfa2b416242ee8bd158e10d5a4f9c6ae2ed3f896882998eb60c2934b333599a86e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f3c29a6be6e395b687bd4bfbd5f4bbfd

    SHA1

    c844dceebef49d2f0326a9f4ca0968deb0c1221c

    SHA256

    04f65d61e53044e79ed0badb8f66945e7187d7a9b966a8adb43d348243ef05f9

    SHA512

    6b401d574bee2190e96da9929351e76cafc54ad3d1deec331d389223ff0eb5b222dde5ca992b261e1c4bd15b7db1791f1629750b5076f905f3c1f7027efb23eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8727a4e88e019910d08fda443bcd4431

    SHA1

    f707e9006710bc7849ab5a200476074c635502b4

    SHA256

    2facc3f5262d89732861956864390ddb1c2b336a44d0bef65ef0778ec47cd002

    SHA512

    dc55f7c22bfacaf11750d53987762517d93e3ab69bb45d88e0863e0cf334b003eda45d2a11e1de3409c334004c33974a5717c2acb93d969964a8fd7fb8b344a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d95861e2f4adb2ea18ea59c842f73666

    SHA1

    c1d7da8b47126d597ff42e5cd187532afb16a188

    SHA256

    4db7c384159a4f2bcb05ddd7f3de7a2a7dd150e9f85f9fc20510628ecc0ca6b1

    SHA512

    79ab74d6ede0ae20ff0252d73a989aa59e24cbea3533d5ba57e380d13834be4594ec0b28b4a3fa8bb975e452b8aabfbbb0308de6e4d616922896267f1356e305

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6e1b65e335c4deac0c7dc5c2114860f8

    SHA1

    f38a61671a95d274a8ff1b8d404efcc35da01659

    SHA256

    6f5f8ade7ed04e4ad67c100c66c2eb2aed5525dc0138867375b0960c7dcb4eba

    SHA512

    4cc94b33274e8cd1ca0cbddb97822e12d11bf239022d92d9e7fde20c27a3b316cc1c9afdfe6a89843bba0a01646d2f1e768189feed5a1a8ca8be336d5a0e6be0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eb30291f5ca83714f8867d3fc27ff8fa

    SHA1

    fffde8168f1cf43a99fa1560633b290bc0ab2c52

    SHA256

    c735dba369daa7c60c75fa150e8e2dc7ab3c8e0ea060731f214781d7c3829264

    SHA512

    da30381d079c5f9d6a3a2dd9de486e892cc8badb9eb1dee15c4825f6f587cc2d58aeeb89290a5fe68d6185b952e7c1e887d1c74a2dd3643b911b72e9d697dbcd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    70c408d50d282473bfbfe82f7d81adea

    SHA1

    83fe1b154df747b9f60362794bae12c0da3a98e9

    SHA256

    b1f3efe71756db3804d4bdb4b06d085b6a65fae14834a622777d1024607c1ffe

    SHA512

    5d383702fb5f6e324ca5a60436037ea431231c73d6438d4717ec278b961fbea64c14a50f63fda715dc9ec48349bb01c5178017b4fe950b4e5c7897296433c483

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    429afcea4fa64619addc0f8b47e2c56e

    SHA1

    d5cc02f360e6174ed3fae088684adeb0283da2d4

    SHA256

    965283c28b593bac7477982d2f813638e7c9686bc45da2b0944ab42c05514a85

    SHA512

    59963c007e0becdbfde618a038928c6015d437a533a2f767987e0a99dee802d48add3c2cd250616ce70e4cc4d48d5a7a554e3775778a5f38024520d4437832c6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{43952F31-0800-11F0-948A-7A9F8CACAEA3}.dat
    Filesize

    5KB

    MD5

    2948617e14255da0b19fbcf4cecbd282

    SHA1

    21fd7cb23efb104466deae202e841060dd839bae

    SHA256

    6c15390295775aca93a35015fdd71deb7615c8f9b146f02521cb2c01a03d2135

    SHA512

    a2747602f07d7b088c4a287a91f3d6a9075e82c83336beed1810d0cd57df774fa626add6c96dc860991b93e9b7843e30ee48455c62882cedb972caad7378a4e1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA44D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB62F.tmp
    Filesize

    183KB

    MD5

    109cab5505f5e065b63d01361467a83b

    SHA1

    4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

    SHA256

    ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

    SHA512

    753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    105KB

    MD5

    1713dcea0892955ae4ad238bf4b9a34d

    SHA1

    172c10720153e717402654f97ad56516f43705bf

    SHA256

    e4cbc03a8bea10728e756b7187435b3675af2d45ace12e6b6641e44b25d54b23

    SHA512

    e0a0a1ec9e9380bcc1692016dcadb6b794ef13e3a49b9709799c8b281401cd0faa0b63b0aa0fa750820cdec674f7c6e02e259e66cf843975fcbd49e9c1be021c

    Download Submit

  • memory/1560-15-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1560-12-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1560-13-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1560-14-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1560-18-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1560-17-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1560-16-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1560-20-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1920-9-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1920-10-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1920-0-0x0000000010000000-0x0000000010031000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1920-1-0x0000000010000000-0x0000000010031000-memory.dmp

    Filesize

    196KB

    Download