Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
04/05/2024, 11:00
General
-
Target
126f1a017059b158d03c532c77851cc7_JaffaCakes118.html
-
Size
530KB
-
MD5
126f1a017059b158d03c532c77851cc7
-
SHA1
42ce22b0e93438479c797e3c3602bcd386545396
-
SHA256
5860eaa980a1f24b5ae5b0fdee2336ca254475b0b158c37c32077eff37e26303
-
SHA512
6ba878b6f23218bd070ccafcbf79098baa754d720baa37d04c20e3d1b4e0c48aa274471f1a0cea860d858f0a173171c164c8e8aa2d51a427eb9ea78ab688c705
-
SSDEEP
6144:S5sMYod+X3oI+Y7meFekQesMYod+X3oI+Y7meFeklsMYod+X3oI+Y7meFekw:g5d+X30eZ5d+X30el5d+X30eE
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 3 IoCs
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 7 IoCs
-
Modifies Internet Explorer settings 1 TTPs 30 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious behavior: MapViewOfSection 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 18 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵
-
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe -Embedding4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\126f1a017059b158d03c532c77851cc7_JaffaCakes118.html2⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:23⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:340994 /prefetch:23⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:209934 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:406543 /prefetch:23⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275467 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
344B
MD552cad78669024304b1e33eb5720ccfdf
SHA1c4a739061d46e82602bac18545fa9f2fb3e682ef
SHA25655ef8c36f440eb77275d5fddd6ed8c809923cf4a76cbe25e928571d9a71fb5d9
SHA5120614114739ee131ee4a01cdd644443f657399b48064c5cf7ea005747039e7f2388eef0f4171af01214573722f3584774621308706ebf1cdc441b52259f551838
-
Filesize
344B
MD544c83088731071e629327a9f64023de7
SHA122d771fce46f78ff62c942d2076d14040bfea43a
SHA2568342617f07e256d958904d94a3ff0f5081259f6d5c5ae90eadb660335d6389d3
SHA512324833f1b5df969e1a14ca1e6620dde54c8646decf4e73007f35ae0be3b7f8374d121dc160bebdf44b49babb70ae91f6ff7f22f274609bafe36d84f4bd2550b8
-
Filesize
344B
MD5e9f9cf20d0295dcbe33588e7d47b72de
SHA11c99f28a504175f5f0e815a4ad18dcee87031cc6
SHA256df0b0e88838abc85cef98b16ac5e4b987d4bc3ef3baefbae1f4abfa4912f7679
SHA5124206d4a7de8017f78e72151e2eea06e3b1001ef995c7fc0d8f05bcef32505741cddf82493d45cf749f9b9eb872fee76213d0c2e570508b50f1ec76151ccbb22c
-
Filesize
344B
MD575269df49e4b4a53d81195739573fc8c
SHA1413d4a82b0dc1a4fc6a64a6be74c53f1a177b79c
SHA25670d1f83c1894e080841a67ba924ceda1490edea90a8cb1764ee5bd45c64372e3
SHA512a066823327e0a76d8aa4f945e095408dc4ffc0985efb979150f2b913f576a258d1fbd8c493cfcb49a2595ce87e1733b2eceb37ec91bb92aa97d7bb23f7b2e7d5
-
Filesize
344B
MD5c136f99ac2f91288737860852000dc93
SHA14c440c0c4e723e9c993461d383069177f9185801
SHA256581666e36eb73e52160e1decee85e8d87727edca405f4ec2a1fa7cd362c4f301
SHA5127d987186c348ad53eb13d268286625f4112280bebcd0eb3fe3d264f35ef005e5e686a65a1fc83e6a15c3329ad121492c51ca7e63d7f3ff3e20cfe93382870094
-
Filesize
344B
MD5ec383abfac5a638484c6e8714a97590a
SHA1131590f4f76372ee0038dc754b05b8d5e87e2cf2
SHA2565e4698629f46a9cb9b669ad07ac2d57f0a429d9bb9eedd0925d5756dcba5d7d0
SHA5129859f06e7cbbbfcc82bc660bebf50bfe04c2cc8b8a2eb5448c881bba26d9323c7340907cc7956fa5342fb09b6d6ff401c5ecc862f30861e6024a750a79ef9992
-
Filesize
344B
MD505a329a0ad2fc36b5812c0ac49c36f23
SHA1a002dadda1c34f515841077836f5cbfa5afc3eda
SHA25606f02b5089fdf9b44ee30415e1ca189d9d690dc7a4bfebecc50bf4d3126e7536
SHA512109e77bff992ecd8b9a54e485f5ba00e270fcbeb4890f8c218e0547cdadb97b9968af08545c47dff6fc10957a7babc04c4755953d3faafac76255112e4f54ac5
-
Filesize
344B
MD51bf162c9366ed4358010e9737828075c
SHA1ed6b4fdf6d2c14eb9dfdb55e16f5ac0ad3266f9a
SHA2568f0e14cfcdecd397089b3c5b07a34e12b78c0a1db7599fabd2768d95cb9640d4
SHA5126f58cdd63a4e074b3928818e0635194a75d7b884f03ac9eddbe74d8321c9f3890f19abe5865ee96ab6de50fe54451407c4f284b29465565fc47c24748217f902
-
Filesize
344B
MD5c85afbc30f5332b10de7438d4d60fe72
SHA15db02ae4b82c4d79d2c02d74aaf02658f131e9ad
SHA256554db82333816e1622db0dfce1c96fd84e119a934757302e69ad4827f84fe38d
SHA512629507eed2e0d4ba53756655637fabef5800e38c768373d2b815d38254f78d900bf53d677fb0a24f2567b816f552d837f4036140653b97149c2df64fdc674235
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
16KB
MD55a388866bd33b8d5ebb16a9bb5d2adb8
SHA19389afd57d753abdd8eb4a72863cf5b93fe89854
SHA25651d6f8555ef35ad3e8dd5384680c77135f0c43d1c22592c7052a0f7d8fb8f856
SHA512b1151c2b1e188bec0e3cdfc3ae65b49f61b30d78e2890c6066e04361792844e9473cb6fcdd15a5545509f6e2611d5cf6a981900409f0a0ed944a364d9e6d4565
-
Filesize
84KB
MD5bee6f1f011766a1f40f0318adc585640
SHA1f9452d74dad86e1dd38108965e40585ff8ef7951
SHA256c8f1baab39b7c77de4504ce7f758ef46c0659e01f6af6922d1a4518687aa6ec9
SHA51213714e5ab6d7da1ab4faa85b4c9801866ffa89f5b39aa053a03aeb13d4adbad4d9bc518f5586a18bb0bc7723f0e6168940ed70d7d6cf71d82120135fe0d51bd3
-
Filesize
216KB
-
Filesize
216KB
-
Filesize
216KB
-
Filesize
216KB