Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

08f9433309...8.html

windows7-x64

10

08f9433309...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    30/04/2024, 04:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08f943330923d108d9b94355e623942c_JaffaCakes118.html

  • Size

    185KB

  • MD5

    08f943330923d108d9b94355e623942c

  • SHA1

    56fb71dd861df5b9a3b287425df1b20c1a0128cc

  • SHA256

    5a3cf27c986f04c7286e26e9683a27f13c85464f77c0f868c4deb6dec9a1cd41

  • SHA512

    2fc96904f36c205abd9e6a57dc74f0e8e22320a402de1e485156a421a29a03cf753af52e0362d996bfe0ab346e5b59df9af10172fef64f476b355f3268143d9c

  • SSDEEP

    3072:SEyfkMY+BES09JXAnyrZalI+Y6XXI6EyA8:SJsMYod+X3oI+YS1tA8

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 23 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\wininit.exe
    wininit.exe
    1⤵
      PID:372
      • C:\Windows\system32\services.exe
        C:\Windows\system32\services.exe
        2⤵
          PID:468
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k DcomLaunch
            3⤵
              PID:604
              • C:\Windows\system32\DllHost.exe
                C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                4⤵
                  PID:1824
              • C:\Windows\system32\svchost.exe
                C:\Windows\system32\svchost.exe -k RPCSS
                3⤵
                  PID:680
                • C:\Windows\System32\svchost.exe
                  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                  3⤵
                    PID:756
                  • C:\Windows\System32\svchost.exe
                    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                    3⤵
                      PID:820
                      • C:\Windows\system32\Dwm.exe
                        "C:\Windows\system32\Dwm.exe"
                        4⤵
                          PID:1292
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k netsvcs
                        3⤵
                          PID:848
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalService
                          3⤵
                            PID:1008
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k NetworkService
                            3⤵
                              PID:344
                            • C:\Windows\System32\spoolsv.exe
                              C:\Windows\System32\spoolsv.exe
                              3⤵
                                PID:296
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                                3⤵
                                  PID:1044
                                • C:\Windows\system32\taskhost.exe
                                  "taskhost.exe"
                                  3⤵
                                    PID:1192
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                                    3⤵
                                      PID:2980
                                    • C:\Windows\system32\sppsvc.exe
                                      C:\Windows\system32\sppsvc.exe
                                      3⤵
                                        PID:3068
                                    • C:\Windows\system32\lsass.exe
                                      C:\Windows\system32\lsass.exe
                                      2⤵
                                        PID:484
                                      • C:\Windows\system32\lsm.exe
                                        C:\Windows\system32\lsm.exe
                                        2⤵
                                          PID:492
                                      • C:\Windows\system32\csrss.exe
                                        %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
                                        1⤵
                                          PID:388
                                        • C:\Windows\system32\winlogon.exe
                                          winlogon.exe
                                          1⤵
                                            PID:424
                                          • C:\Windows\Explorer.EXE
                                            C:\Windows\Explorer.EXE
                                            1⤵
                                              PID:1352
                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\08f943330923d108d9b94355e623942c_JaffaCakes118.html
                                                2⤵
                                                • Modifies Internet Explorer settings
                                                • Suspicious use of FindShellTrayWindow
                                                • Suspicious use of SetWindowsHookEx
                                                • Suspicious use of WriteProcessMemory
                                                PID:2888
                                                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2888 CREDAT:275457 /prefetch:2
                                                  3⤵
                                                  • Loads dropped DLL
                                                  • Modifies Internet Explorer settings
                                                  • Suspicious use of SetWindowsHookEx
                                                  • Suspicious use of WriteProcessMemory
                                                  PID:1744
                                                  • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • Drops file in Program Files directory
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious behavior: MapViewOfSection
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    • Suspicious use of WriteProcessMemory
                                                    PID:2612

                                            Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              68KB

                                              MD5

                                              29f65ba8e88c063813cc50a4ea544e93

                                              SHA1

                                              05a7040d5c127e68c25d81cc51271ffb8bef3568

                                              SHA256

                                              1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

                                              SHA512

                                              e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

                                              Download Submit

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              344B

                                              MD5

                                              ff6201ac6ee5c38604fb6a1b5b6347b9

                                              SHA1

                                              6ecd48abcb71cb10c31321429b62952627010d21

                                              SHA256

                                              2803e3e058f18f0a273dbbbfd1ef1445d6e0583910c37daa570609667b9942ca

                                              SHA512

                                              3789fcb454206ab4637928429c28b1a02a5abb24dbc2587366f960800288c59b1d33dc450695b43fcbc13e00d533e0480915eb20f3b5b401dd47b83822441609

                                              Download Submit

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              344B

                                              MD5

                                              76549bdca1994e75935c43032ba2265a

                                              SHA1

                                              3c4e26788a9c8d331ad4d06aab483daa38ef6cc4

                                              SHA256

                                              d2313e38e96f0c70da845b60e7118362fa1982b248e61f0cb3ce25b57a93b8b2

                                              SHA512

                                              f02717d9df18e207c5682f28bceeb0096e9d2f61a9c4e85e58e810556dcd8eb0b0cec51cd7b3ea4a4835f326c999f8493337dec3b368dbab4a6f9b835a1c8803

                                              Download Submit

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              344B

                                              MD5

                                              0a815121cd0e993547c52ca90c85d4ab

                                              SHA1

                                              9ad166ec600114f21b53a6d0c5b449228fa0e258

                                              SHA256

                                              0de36115411819578d3f404da9c4e94a2c4feff73db199347d9c7d8487ee9e77

                                              SHA512

                                              73f858e0e003f94302dd494a5a9460259dd643b8ff5498cb114287a9b475463a5f3a58ead634251e961d8e6a4086c965c0fedc52d8b1fec6b70198c0cadaf391

                                              Download Submit

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              344B

                                              MD5

                                              90e7dc173958e6e1de6698b690b0e221

                                              SHA1

                                              d088632e86d8936c0fe357360b1e43b86f947962

                                              SHA256

                                              143fc985b0d4a66ef62f0a7c155c0daad7bec15b3e8f3e7b259e9d799740c0ab

                                              SHA512

                                              ab8a8101e9176d6a8b22accf4e6640f028510853ed45b852350cbb5c6bf7243ba23ab2ce2c8e4e21e71ddf3724523f6894d9004b1d2b2e3e6944edc8c7f618b7

                                              Download Submit

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              344B

                                              MD5

                                              a7d8e91c8e3f856f8c3df9621f8831e5

                                              SHA1

                                              2578248def24c91f700c067c69099a8d3865a475

                                              SHA256

                                              3c6c78bfbeaec7143753f7a8684f0dfaf589eec4ed72d62ebde956c4843d970f

                                              SHA512

                                              d7338ec8dddd0e3c283c11f101135371147bccfb17d3cacdb95a696b0f8ad7dfe648b35c062b9c67774418a7f9d6a322a5bcfb089978f3184d835ab7e9e288c6

                                              Download Submit

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              344B

                                              MD5

                                              a151250aeb4ce0c1fb4add84907ab587

                                              SHA1

                                              e10b4dc4140c929e56aaa8a4d3a6c8999486c52a

                                              SHA256

                                              c5d499267dd063b514394a92147c6424de5e32cd6abbba37563a08e697baedad

                                              SHA512

                                              000936bbaa759de0e3f5c7f47584983af3998ebd7a04570885e0f448be5ef71b4a509f65bfe493239f765b9bcc6fe65b19da850108a9fb830339974ad61e8053

                                              Download Submit

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              344B

                                              MD5

                                              2a40e8e78e5d4b335069a1e397d6e855

                                              SHA1

                                              d7e57a7c2f0f7ed19fbda390c8962a72d0e09a3b

                                              SHA256

                                              7d1b59ca5a3ca3f5b3c2ea3acaae303f7d42b8e71073b1185ec312a5e5aeb431

                                              SHA512

                                              948c1cdc9bcecb8c39e0ac111c814a3b2458b1e75be29bd176c8a113f1c86049826c811f61c84dcb891284d6eca774e1e70ed24e3d7ff3f7c30440fdc3cabff9

                                              Download Submit

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              344B

                                              MD5

                                              6eaf9158e7bf8e0528b1fd8652d4919f

                                              SHA1

                                              ee5e9997158af6bef9793c3b41b1ee9bba133da1

                                              SHA256

                                              d0f45205dc58c55f097a9633b585109681c331411f3e9910f24bcbca614ec8bb

                                              SHA512

                                              03ff0355b263a847d75b20b2dfba2d41c7c8e96951036eda503c9332c471c7e8d9127be573e9ed623b187dfb8d4f1ef964aef385be7c38ee6f7a8b48adfccd5d

                                              Download Submit

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              344B

                                              MD5

                                              3c66f1c6504c4bb0a96e1a88ae58c42b

                                              SHA1

                                              4dbe2daf736e7717c5f6d324d48535ee28f1a011

                                              SHA256

                                              0b9f9dcc0afea07809e133ddae8d62feaf436eec733f7e6f9da23f4a8e2118de

                                              SHA512

                                              96ea458e7c3f0b9de34a9ae925c99abc0e7807869eced345b1cbdf47f88cf9c79d72a76cc0a49a78aa0ae831c507ed53f7dbc5121fc264431488995755e41800

                                              Download Submit

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              344B

                                              MD5

                                              3d37ddbbc4dd376fa2e83620d2c2d043

                                              SHA1

                                              e1e5f678516d71cfcc4b06ea3aff77ef6a31313a

                                              SHA256

                                              528aca6fc2806596d75146edd962197777a505204091f08ba6e616d8bf518311

                                              SHA512

                                              77804b707a9e90e8f7372d87df3840c357850c01e28faef2c49e169358532bab370fe28946ff0bc7c8617f9983b70a2dc668e5d24c5d1b45cca27e49f7c80b15

                                              Download Submit

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              344B

                                              MD5

                                              c8c9967c0280ab0dfd24770de1937607

                                              SHA1

                                              859f073f8524422387fab520991207819649ac87

                                              SHA256

                                              56f29d687fc650c31e4d6c11a8bb21938e7c8e7609d2dc9994442a1ebe21afa5

                                              SHA512

                                              cd4856a4b0ca54da23fade2be7ae8df592129fe37d6fe648cd9f45dff77a6fd3ee54bc5fd3c1608f847422e936e9a38e3882a37131f56662ceba231355b84585

                                              Download Submit

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              344B

                                              MD5

                                              284eba0c87b333548d503d9065301cbe

                                              SHA1

                                              23d5a43b43727bcffb76293ce8add121e163903a

                                              SHA256

                                              25d9295b9af64550f22a05d496c84a0858e5441579f4863423d47035ad4dc221

                                              SHA512

                                              53b85493fa43c11233beab91ff2e5da2af80f4b154306e1bfb96f09c659b0b2e649fa58fd162741d16c026367a33a331505c9611156a8e4a65a7ee27420d7d8a

                                              Download Submit

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              344B

                                              MD5

                                              b430e68407d94851aabc9229f10196f9

                                              SHA1

                                              ff8e7fd2e1bc960c980f967e6136531545161d33

                                              SHA256

                                              2ce5365002d8f282b2fe78cb295342c7640c248f2e0d0d6203b2b70904239617

                                              SHA512

                                              6c7454fdb2dfb216c3ced6fdfd8be9e2dbfc4ba577978bcd7db017bbbcfe735a6da75748763570256af6f3cc151ffa4bfaa778e3ccc65e64e454951c7fd53464

                                              Download Submit

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              344B

                                              MD5

                                              1e358208a80fd48a8bf845a9f1785271

                                              SHA1

                                              ff2a55fba46a9c6219a7c961a6ed9edcd27d58e7

                                              SHA256

                                              b50b1292a5b078e86958ff93adaed16ba28b6267c12747d100b7af9a2ad05bb5

                                              SHA512

                                              21a1b644befbce2252e404efc163289e325cd760ee669f0bc5ea655e6b56b112a044c0e801bfea26771892fa14828384506048d2a57278fbe8965a69a4b7b64c

                                              Download Submit

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              344B

                                              MD5

                                              7279ddae299811d91041c83a0745d247

                                              SHA1

                                              aa8a151482769ce41b89614e9dc2c18c86ca4fc6

                                              SHA256

                                              471d34c52ee6928b91660d8f25101fa02bbec481228cf72ff82194187a85c5ed

                                              SHA512

                                              8044cd4920c677f93aa0cf041b53d4f2b21764e693a0f08dfe120f444e9e77610b8ccc5d74fff17a42da332afdb35e41661575341412e053dfc0516ff9740b93

                                              Download Submit

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              344B

                                              MD5

                                              c3c88d42976886c0d2af99ee79fbbaa8

                                              SHA1

                                              e3e1a06aa84a8920d7084879a506b9825ac2b0fc

                                              SHA256

                                              d48f3e8eff065c59fd4eccd2912c5f1ad5cca413c235c59c750c02ca406d23a2

                                              SHA512

                                              b5d8f9ed24ff1eaf3d9db66bf92985aaeaa61de8ce764bf160e9574042eee6eb99b78eac9fc8cb1bc21d9daab3ae563a15c71c6260eeaef889f6ea514cfc0b52

                                              Download Submit

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              344B

                                              MD5

                                              0fea0d59ce7969781d35269b2f4e8ebf

                                              SHA1

                                              1bf2482b03903921b07a8b56968878d2e09c2f93

                                              SHA256

                                              5526a8eca8d3305f4fb94c687a5b2a20127208dc78ac6b2a43ea87a20b9143f1

                                              SHA512

                                              b4acc84c10f0b68807ed75bb144922be64a213be39adb338193474e50494140fc7f5c873504a529d241f01b12f1dfe054d833ffc7fe3e1a97b28dad7691a9aa9

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\CabAD90.tmp
                                              Filesize

                                              65KB

                                              MD5

                                              ac05d27423a85adc1622c714f2cb6184

                                              SHA1

                                              b0fe2b1abddb97837ea0195be70ab2ff14d43198

                                              SHA256

                                              c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

                                              SHA512

                                              6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\TarAE82.tmp
                                              Filesize

                                              177KB

                                              MD5

                                              435a9ac180383f9fa094131b173a2f7b

                                              SHA1

                                              76944ea657a9db94f9a4bef38f88c46ed4166983

                                              SHA256

                                              67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

                                              SHA512

                                              1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                              Filesize

                                              84KB

                                              MD5

                                              df455f0fa8fb3fa4e6699ad57ef54db6

                                              SHA1

                                              51a06248c251d614d3a81ac9d842ba807204d17c

                                              SHA256

                                              15068b86edc0473a4f96f109830318e0540af348197e2b65f2e90ff32cfb14a1

                                              SHA512

                                              f69dea5b68e4fc8737fc0e6ef48476d3ed0a5ebd2f9dccc9d966df137f9ffdbb51e413a0852c22399afab53ea8a2755664afdcee6897a1cf387a9a620481b2a6

                                              Download Submit

                                            • memory/2612-8-0x000000007733F000-0x0000000077340000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/2612-6-0x0000000000400000-0x0000000000436000-memory.dmp

                                              Filesize

                                              216KB

                                              Download

                                            • memory/2612-10-0x0000000000240000-0x000000000024F000-memory.dmp

                                              Filesize

                                              60KB

                                              Download

                                            • memory/2612-12-0x0000000000400000-0x0000000000436000-memory.dmp

                                              Filesize

                                              216KB

                                              Download

                                            • memory/2612-9-0x0000000077340000-0x0000000077341000-memory.dmp

                                              Filesize

                                              4KB

                                              Download