Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
11/05/2024, 19:56
General
-
Target
3647ccfb6a62d3d3843bbd7933751634_JaffaCakes118.html
-
Size
873KB
-
MD5
3647ccfb6a62d3d3843bbd7933751634
-
SHA1
db9936d5b18b0cadadb4e1e69e4156eadb7538f5
-
SHA256
c996b75ce2dd91c1891c0189f69386dea7d9d81b9f7f5e12fda0c5a662fcdba8
-
SHA512
ce53ff7ce1678b35ada80eea6af04214cd72980b6ec275e000041fbb7f29fcd5128daa7b40e897444347a09687e76d8dca2c9ee242937ed4b23e62b1cae1b35f
-
SSDEEP
12288:BD5d+X3vWPSmL5d+X3vWPSmIc5d+X3vWPSmy5d+X3vWPSmZ5d+X3vWPSmq:Bb+PWP/+PWPF+PWPs+PWPZ+PWPe
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 5 IoCs
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: MapViewOfSection 46 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3647ccfb6a62d3d3843bbd7933751634_JaffaCakes118.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:23⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:340994 /prefetch:23⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:209930 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
344B
MD53355eeae34099f82df3e6a95b7ebee17
SHA15066bf9bf052ff361885c04f1f03e8271888b91b
SHA2566412f9f229d993627e21d1c4321892a2c04a0b2c50bab5317e5d96e02c27991f
SHA512509970d4ca4101c7176d5d7732bc0bf0a72e244df068d6d270e65012c886431c09f4fff628522528ab1fc9b5e40939eb1bc8878e79b91d8bd0496f6ed744cefe
-
Filesize
344B
MD5c004c7c36adba27e7ac4a1bd9b6a8b6e
SHA19886e2dcbfa5d84c66ff01e2ba0ec9fba0b10b24
SHA256a45054db8c8bf055f3dcdc46585a0ef48b30e4facf7a488e23d6af20223f9a27
SHA512d26df7006673514fb14d3cc38347032cc6624ff8fe8be64a20b74fdf546a888685f102b05358aa0c2244c1b1dc6b598e51738cf7bb06bc9ad0f69aa0b8b79094
-
Filesize
344B
MD57b9e01997357349c85fbf0793d6fb31b
SHA122b423b74b539d481538330c311015bfe1589656
SHA256b1e6ff3edb941454b439b322aed1c0861e301f0f58c9f7f57bfc3de5126393da
SHA512aadd0f44bf96a26284869b7d77eb1403a00c0c6923069679fe2866a48763e46f05baf1b3f3ab180517563a0967dcafcf2e025aa3d8c5a975e15075d90fd0dc45
-
Filesize
344B
MD5fe18c0b73f24c25b498f59ca78ab5c82
SHA19c83365734a703192733e028f079bc562b91fad2
SHA256be7d0f36173933140887d22e398ebedee4a2e77375e128e9c05b81a4809578c8
SHA5127a952b134a3d3cf2f1f0a6e4e5bae2d8de3f39c7bb95c5358688e9eeb37bce90e4f2d7fbf825edba82d01fca0026c34ac8cb42f65a2d94e94c484f3d0746400e
-
Filesize
344B
MD5ffb6b43bfb9d577f9c192c4f721ce1c6
SHA19102fba1476de3395bbb60fb899d7ffc2d67267a
SHA2563583408eadb3fc905b1e2d27074c567d958398c32ad1fdaa76d7da77d449d495
SHA5124990ec214d7c9da95838b31be6c7c0c10e4fb5c94decc8b5cef3c779d63e71f104855ab7ab89e0ca788f9c44271af30186066c3da947d69105188f525d21193c
-
Filesize
344B
MD53be8ef077d685ce57b9709de86846cc3
SHA18a520ce8f12c5e9154af806bf75cc499b700ea66
SHA256949e1d880c83516363b4843265bb6ea381b532ca5a0286d82f885cb3663688e6
SHA512c239d39ec66662fd537313cef748c7ec5e9d0e290f52e1afda553e4d1b3978e0d4ea309f55aecbccad44f7b6cfc878ff1449947721af759f83320b47c0209dbc
-
Filesize
344B
MD5678ed1d3911056b94e57f79770ef8d21
SHA13e13cdc52d304f49504e5bacd1aaa7deb02b2f95
SHA256b80cee413f0c14487d92da783c5d0c7ce667fe7d66f44d3bce7edc5e84467f45
SHA512858c4ba8be87239c826b1756e2c4f7fde092c33cca07168f1db9d3a63526d9901ac68ee1b22eb377d31311fc7a367706580e23a413bcfca00e21c7faafe5f8bb
-
Filesize
344B
MD5169cfde415bcd80e71e2779c70d238f5
SHA159f3073e0b05a22725adff83bd081a2d343c5d71
SHA256989d3c8089a8c6e870f2bf3ee5292f2bfaf3588a087b4566dfea5a4c8cf3cb36
SHA512cd25a2a6010e0e6533a75f9045bf97ca38d7bad14330e3dad260232853eb5306117d75866e92ec487fc803b0191e885dba9da3c17e7a09c9bc5866884212b280
-
Filesize
344B
MD5f5a28ec6adc689a4beb06cdc4f124ed0
SHA1e4667858716b062ac100a30055b61443b2a2125a
SHA25679f27159f2d6953ba01fd1404c23c86e898ab4e3a05c8a182fa0e401f82c9708
SHA512a21aeba35788c17bc801cc22257d3d53739615785d8b85bbefb02727bf33e97c2aeaf528ad6045e7c0421baefd7be192209cd10c5feeca176cc0ec1ded83747a
-
Filesize
344B
MD580bb472eb0dbf5691f6769b105cad801
SHA19d5f0092f6486424ea019ee96d6024752c142d32
SHA2566ba6518ec2594cb4e86e3293b64cc3bf310a74e070afdcbf63eb6e545a5bab18
SHA512461b40f7ae5b8253e1a504bcd058b5104d704dbc5730f9d37de2b5e6e3d15f29de21dd6c2eb30f7ee12b18b8eccb48481c3fe64e5c63091e4956d64021bf596c
-
Filesize
344B
MD5d66fcf302c6ab0daef2f1e091b08fd6f
SHA11d730923e08db4a4d3771c2d787f21796e821ae3
SHA25606e71c5f2fa3ceaafe387a7c9048ad0f3e384a83aa7d8170708d927eb7d657f5
SHA512875c5d0606340f3b433f42c1f08696818fcddf5cca10a9d57a9c6dcc31fd1ee3bc6f292a8ce40f33effc2645e69d74f23872dcd745d01f88ef2a19fb4688e63b
-
Filesize
344B
MD5207c2efb28292208d74727448f79fad4
SHA1fa988adf6f07103d48ba23459fe3ab10d1274893
SHA25644eb33dd8d718ee141d9032c4f2ec12a1038b810f2dddee84df19c823e62865a
SHA512e400d2f4eb61d2de70af7ae756af109601bf9affff8750736222eee57b4402b349a4d9caf67a229957b6fed73df7999e8074f1f7583d6e4a3e641266746f648b
-
Filesize
344B
MD590967c7dc4fa8fd2a2502a0290684718
SHA1931b92940c7992ce5efbabd6ea9ba3799e86514c
SHA256906e9eb6e83aa64d52a37e29397565e92e49875e588849b76356fc0c4cdc9ff4
SHA512e64cd2d207a46c2013a300893521339342ca9356dab1d2728bcea4d29c94dcfc49e3135efe0436b6abbf4058908b30e7b932e7b0207c8de81f8da1d6537662c5
-
Filesize
344B
MD59aae6d27a863a310eb813b190b67d710
SHA1ab86a61eabb62ed0e29e172ea4be996a07284b34
SHA2569f95a053d3e0c648ed14239fb22905c1709d458ebeb06f1f6fa8f42b4eb8d67f
SHA512a6b502f7cf341a1a604ec32750be033724f66a6b2a3a7cb77372e953f7657441eb39d12aa8b31973870b7556fe44f22315f83857325606036608bddb18f70e6d
-
Filesize
344B
MD5592577337b49546bd236810387b8e5e5
SHA1fde66e208986de51b33c77fa21bf488b04167d6e
SHA2561c410f879f73a52f512eb72ffa1a68e604dcb248c1f82619a7fb4931fe9fef39
SHA512d57fc8accce0afb1c81f29dd8ef590334815e3a5e6bdf6b0c0d9e5a755d081570d109a1f3bb28018c99e1501a2433d0aff361b3af431ff69b3f2e7354ae95e59
-
Filesize
344B
MD5203bf3a4cc0c1d2bb78c83cc36ad5032
SHA12c30522069d69a4e0e56600ea6b69fab8775c882
SHA2566f3d6e10fad03555dd8915035074984b279e6af1e68708442ad7fe38921b8ad8
SHA5127c8062dd6afc95d53b284b7283a42b28b0ecb1558383cef05d2c3977b33f9d87a52342ceef9d8b2dd709898f1fdd4a39bc75e93c2a675ad1573ea4234461dcbb
-
Filesize
344B
MD5dd48796b940858eb2f4b6bb22d5a7ba8
SHA1ad3f6e2fbe556c33f3e0bc86da602b477dc0e368
SHA25634d49ec90b68e19feb5801ebb416b707b04a12694c18f94808c8797afdbb8737
SHA51202d28044648c2e70e12a2d8057cc99dffa1ceca010b3ee8b4f56e4764a73b3e16afed5242ad720379d26a744695128ea4dbcf2104fed20d58fc8bab023bd1c16
-
Filesize
344B
MD58c8af70b399f74886e452dce34dee61b
SHA1a1719256fe3a8d972f05dce794ed327427e05b3f
SHA256f24772adb4ec6a4d2b21400a9b6c9d0cc50be67afe6ab47bd354f3d9497c9c05
SHA512c327d867246a3c28508959596bcb648b72aa1071b6aa5390d9976f89739203c5bbb508d325612b94ec3f4dc689b51a70511e52b6ba8b5c98b25dd194d0370ba2
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
84KB
MD5c91addcd44863e124c5ef9766e46751e
SHA1863f17b99ff36c5397dcc475d7c9a6373c7984a9
SHA2565093e83a3d46a465141f93f3034e3d45f0484b7d83a8bc32cdc1ab8011ddb2c7
SHA512577e068a8cbc1f4cbe13311fbcf31704953943f5f3ae875e4edba089ef01d69dafbd0801eb2bc059305e7acfe11f5e0510c3a98b68689463569a60dd83a13871
-
Filesize
212KB
-
Filesize
212KB
-
Filesize
4KB
-
Filesize
60KB
-
Filesize
4KB
-
Filesize
212KB