Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
07/05/2024, 20:55
General
-
Target
21b13406e8e7ffa5e70a089f6c100851_JaffaCakes118.html
-
Size
196KB
-
MD5
21b13406e8e7ffa5e70a089f6c100851
-
SHA1
8e1458cdcb00d14179a19989a9d6944a73a21844
-
SHA256
31273ea0f9928d7457de9e1b8f79c99ae53a60e1c6c07c6a6ebecebca05e7ecd
-
SHA512
274c9b7ed1572a53d65c25cdc8991dfbb2c03565056aaaf2719013e0fa04daca0e14be3d55389bc8e496418bff8f34504a8f962049dda159784a3722d96385e3
-
SSDEEP
3072:S1ueYLAyfkMY+BES09JXAnyrZalI+Y6XXI6EyA8:S1asMYod+X3oI+YS1tA8
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 24 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵
-
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe -Embedding4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\21b13406e8e7ffa5e70a089f6c100851_JaffaCakes118.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1664 CREDAT:275457 /prefetch:23⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344B
MD5a23eb83f1056f9356a73abff49f18756
SHA14e7aaaaeb30181d055e2e5b285bc28382ad721d1
SHA256be02e9b2d7438e4c8ac023f51d51f268938aca859a44d8e917e06033af257185
SHA512866b854903afc82dbec3d68b4a49f8ed2c7fbfaf9117bbbd3df5e2750d8abf10781e19c3b4e8d2a20f238743b414a6112180e5879134e33da64d82cd098001c1
-
Filesize
344B
MD5af6c4afcb4c8ecd31fd4724f373b2ec9
SHA16c2216c8bddebb7e668b2a0d2a72e9d2e098a808
SHA256d6a4b046f101b4b9a4a444b360aa183b34751ea0df03257403c20e19d22a51ab
SHA5128964da6cea007e460c6a3fc7cd68c82f974b9a9627d6d713962ced321bce7618d522eb337ea7be300a80ea817f80dfccffc355c740b434b5aff6cb46367b2e63
-
Filesize
344B
MD5e65206432b2dd7c5c4abd61ade4e190c
SHA1a77c9967f044b5ebab7ab5e1271f83080d4e9290
SHA2562521889e8cc6daad4332de4abe24220797fd706637db7eacd9b2098ae66dea51
SHA5120ad16ceec2b8c611d3b74d7fa4da43ec6b3a36f2eaf15ce5135033555271394c88106eca967193cd4bd16bb80a7f7b5ea7ab327bf887d6aece7f054841369ba3
-
Filesize
344B
MD5bad412e8a155977696cac5f70d5dd4c2
SHA1b0b8abbdcf9b4cb651f46fd774a4bb99638bc5f3
SHA256345a2c996a33c825e98f16a4b726fd339b08fae2dcf8771ef571d401f43d2551
SHA512940ca50e325a303bfa4c792e7c42400c6e1bc17f3334f2a698b4b58d979342d6692e3d809ad2f8bd4078932dc8589a72fbb881080730b090affbed7f6019594c
-
Filesize
344B
MD536597440c9fcf065e478d840f690aff0
SHA11713570d696fd7f29701184ded7bcaa7ec84a5ca
SHA256d5bd58892959bdc7196921bf083d3475887b81c2c869f409aae3cb46899dbccb
SHA512b9ff9736acf2be9798ef41156195e597c99a217b5643ecbcea3129cdc6740ef16efafb3dca50cce1f382e7d0afbfc037e7754f0b4972e8586b8f16c5725be40a
-
Filesize
344B
MD5cf38b5ad9a6be6c8fce5eb9d13dd4e4d
SHA1532eee6996c525082c068cda5e1d558938e2c113
SHA2564c331a58556c08f441c250a292673df72f19643162a995185793c7abc088078a
SHA5121a994aabfc38e8f893a1c7516f5cc5c09a9a70a69ab766f2f3109e7464f43e5da4825dc30290d78cfd818fdbaca362c58acde244e1f1cfea6aff4d0240e36b48
-
Filesize
344B
MD54ebdb55049849a948a7146a4eb2f2c69
SHA166d89af7b7587136028442ec57997c3146258576
SHA256428951250d9619c4d8db66f5c01be9044c81a4a94cf674a3837a0777bebf4156
SHA512c7b186e32a0735af147af789754b571f181009b41dd4357634d7a7b173c8e5056ce1966c7798e6db5ed549090c4b449d6763c9166c349f7350af1b491ff73236
-
Filesize
344B
MD558fb48a0ba5bd3417b37949982256745
SHA179db846447bd90f377b62ade691092f303c00477
SHA2568eed567b6fe8654a3e84f1940ef77154a4489dc040fff95c49c23dd7aa075acb
SHA51200576cc12702d5e5b65c4e12e774ab5a77295138b83b203bd4320356115b0bfc759b421debdaaaddc37ac89c8cd53d0db95a78ca1a54f82d9bed0c2adf82b326
-
Filesize
344B
MD51cea6dbc806b4f8d3c7e7e0d101631e9
SHA1f72ddcc0e745000f3b066b8ec428ee4fc9797ba8
SHA256d1f6d381c9ed8da1b3cdca1fa01ec3cc42b28f5d2ceaea1d53af4a368497adcf
SHA512bc076ed60a1d1b24b308cbe84f227eff817f25ef05f5e894972672caaa18d8c9a2236bb49cc3a7baa2eef95ac8eeed9d752c345d4952ad89b7f8bd0609457945
-
Filesize
344B
MD5203245a2dc93d3950065103d0158208c
SHA1321d68c54bda8b22242639e1258a04a15c244e70
SHA256a94d93dd3afe3f9664532b1d17e0670fbf92a2ee1d3ee22512a22507a6838f81
SHA512648cbec1b70a19e33eaa5921e0bd738b160c8504d32817ed0865a5782d12e588364ef70232af36fd568b04c2352078c2fcfe8ef3e6bb880f81e9356c3115cdba
-
Filesize
344B
MD556947dc79d78b77448bcdbd9b9a285af
SHA1ecbf3d4cfbe0701fb220b8c2c0cb2bf4f68cb359
SHA256c5ce09f8d0040ac75b041f358953c7d0a49f10424d3fadeb6b3cdb721cacd311
SHA51257262a8ce6eff6f4c943b3d15d40ee7e2df434dec4edd74d6f0fc5354a8034c0c14d3302e68e948aa098c9d8449291be9182201569cd302be674841443a00ec7
-
Filesize
344B
MD50cbfff08dcbfe58585805da06a9615a5
SHA1f7379984ad9e4a93b67b98103d0fad53ebd42026
SHA2566f88fd2f7df30651eaf00731e511e6b8422c4d13038aa5561250b062837a996b
SHA5123af2fd4287772166a5fb47678efe2844ee88f91b4078edd29425c67a2024686d6db3990da20d19682f575fc3b9b531a77d75bb33e0e5a102132e8c190fdaed36
-
Filesize
344B
MD5832fb0d1c82c8e2b76fb0117826503c5
SHA11fe1eb39b3f9b99a1f057b8603fd24188e0198f4
SHA256163e720fa13f35c4c90c4ad2695ef262306d14b79536fe05efa139781b63eff5
SHA512b2c4c97c8f951539d39ea657876978889eea31f803c29275119a556985fa7b99399e4e199009dc97f5e9d392fc43fd078bc8070fa22e57ff13cdc182a89bef98
-
Filesize
344B
MD5ae8e34dfa01d75feda6480efed5bb22d
SHA130678bc7b05e9c17b63fde33dd9842a58f60cdd3
SHA256f690469418e274823056876c3427a76bd681889de050c584119ac74d22033dc6
SHA51292b3f8cfc61d6c142548e7802c67f86fb38379d97095e79a21524111f1655ee3953cc535bc18b418ecd6e342585b34769445b8458cef8869979163f8e9bd76a0
-
Filesize
344B
MD5693de093acdb9102057b5a744a302bb5
SHA1853b33e0f1ac4b3fb004ee039e0ee275975accfc
SHA25652aadcc6aa0f711a48c28dc8fff3d6a33bbb85e1cfe35ca2543c59777936f21d
SHA512f8103e9ca99d7dff19c623fd44f5dbbe912ad03e9d1df932907cf1b4251081b20e272fc0c07550106a9a0056a83c4ce32b53e16615d54359bc28b4b0f959bbf1
-
Filesize
344B
MD5d6aa2e1ccf43b8899d1efef8716a8a1d
SHA11da6795abd341800b3698a67fe5cdf62662b68d8
SHA256d751e13375fbcd12cfb48e4694a3b208805257855849e30238b6a1b143d61c74
SHA5120d827506003f1b100b29051b8029282cd08ffdacca17663f28e680c6e7a71fa53c82ce91747a1c0696647ab026122afe9bda5405f13601c35e636cc829170da6
-
Filesize
344B
MD5592fcfcbce3dd0f6d5336aaf62f95055
SHA1aaebeb33371287c1306c08f633fd9700c67537b6
SHA25623e68cffe5c0f60d06c3e36ea575208519bdb7997d023a9ee3cc7ae2d732818e
SHA5129b69854409d2c07c8344732023d1e2724df8f6eae3c5719596bdabecd36d474e7bcd6990d624f0b797bc436a04d542886dd317105a3e52be8902814262c6e70b
-
Filesize
344B
MD5ac9476045e09d5d9ed1b23af8c115929
SHA14af3574ff4731236a30a33974a9125d7f5b25717
SHA256717bacbcf6d0c37b305db4492775b1b65b98dadfc2c38b0d9ba55f38e826feca
SHA51229fb5461e5bba925a668056c2bbce621467a7a6e43ed7cf55d066018bf47dc60e47e013ac161579326cc91ba76ccfdd17434b04143d30bd6f3bf00d6f61b858f
-
Filesize
344B
MD5d7a0ae2a13156c6e352bf7e61e2a5775
SHA1b15b50d00ded0759bbb21290395a2ed2004d1533
SHA2561062f14984e543f05ab613e6c9b6db5d7152ced41f8de1fbbfd6c324e443203a
SHA5128fef1a5548449ac8ead8563898d61936f69df9f17cd5d25c6f3883200b50e3f00fd509c8128157666d235b6e4d6c66a192ad088574bdfde5ffd777355858dae8
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
84KB
MD5df455f0fa8fb3fa4e6699ad57ef54db6
SHA151a06248c251d614d3a81ac9d842ba807204d17c
SHA25615068b86edc0473a4f96f109830318e0540af348197e2b65f2e90ff32cfb14a1
SHA512f69dea5b68e4fc8737fc0e6ef48476d3ed0a5ebd2f9dccc9d966df137f9ffdbb51e413a0852c22399afab53ea8a2755664afdcee6897a1cf387a9a620481b2a6
-
Filesize
216KB
-
Filesize
216KB