Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
136s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
15/05/2024, 04:43
General
-
Target
44939d60dea19e5fac6e7e0187cebb37_JaffaCakes118.html
-
Size
199KB
-
MD5
44939d60dea19e5fac6e7e0187cebb37
-
SHA1
25845d49eae3a2bf20e0f74e2c6da885c5588634
-
SHA256
7837a4c270e2dc83729dfa525673ccc32fef02d9a52f3269b5b671e529afe785
-
SHA512
2939aaf92e06deb50a35acc0b896efe3a19e44c19f5140afa19032059eabb758a3fd0ce7f715a18c87e1fed5dee5913c3d0469c2563eb77ec3cd8f1165d62ca3
-
SSDEEP
3072:SCOyfkMY+BES09JXAnyrZalI+Y6XXI6EyA8:SCrsMYod+X3oI+YS1tA8
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 24 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵
-
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe -Embedding4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\44939d60dea19e5fac6e7e0187cebb37_JaffaCakes118.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1900 CREDAT:275457 /prefetch:23⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344B
MD58a567ca2a640c91727c241c65040fe99
SHA1631c884859af68e37b373df6451f597d7c438005
SHA256a5b8f5b0d638e64c5dae70b83f984464547af449554777e5dd24fe6121f5d41b
SHA512a1895747637865499456fdd5bcb81c48dae66f32f209cdabf6d0eedf6f2d8e332a1b20c9d575aa07ffb21ae9b430b004ecae73bd0f3416ee5eb22c5769ed2d98
-
Filesize
344B
MD5573e0b62b8434ce400055e507d2493c1
SHA16836471f3c002f30a4eed3cbff3f1adad78a0798
SHA256f371931b3b0c648576e22ecbf96c77da1edc68200938eda25b043e4360ca60ed
SHA5120c446382c9faed6e07e61c1d2f85c0982009b0e0a94175e6e00bb86fe53803ab5bb719bdbb01c573c95fbcfd3a430cec0d52c92bbf7f2d64429cb691efe375ab
-
Filesize
344B
MD5b7d1952c2c7fb8ada7a3dd9789fd8d4e
SHA1070c3e99a932bb0808eb4a97d3b0c609e35e340f
SHA25683de6149a64e9236b42280a44d574735b6bd2bd53a0a79698a1ba43580aba815
SHA512a815dd75c29451d459db7c656405a7b2e3e65bd2bbfa2e8b6de10cf6032e4dcc8c530c365c71f5040feb1cb33a8626e9fdc5d4d89631b81c19893391ff7f01d3
-
Filesize
344B
MD5644bcc673d0119336f3afd2f382979b6
SHA145375ecb19c13bdc6703a129f98f40c69ef9572b
SHA2560bd8cdfcc1a0e2a4cc5b6807cbf1858601a31d228b27cab44ed4ddee803522c4
SHA5126f5141faa2b29c9f8ba3ed1c9f8c8e57228fdfaf7688fcf0991fcc5d7be9e002c34ac60d525469ff1080966cf279b9c8b1daf6d4ae1975b0c98e666743e6e58c
-
Filesize
344B
MD567214f0902a9790ea8ef31ad9c5a6b3e
SHA1dba721cce8193357a613e246e33813e3dc666788
SHA25650382829af634524b1b7f8e287e98c666a203465a84ad819d863e3a0a368339b
SHA512e37b66d07d8d61de10057a20d62f584cc63c8e18927a1a4b96d3625401604c9588eee91fbe0c55aa0ab24dc71f8619942ba34631c2250555049027b8d34faf22
-
Filesize
344B
MD5e1e4fb3693df92832cf5086cfff7d2d3
SHA1317f79c431a47312d77a56f39544bbdd43e7eecf
SHA256a2ff0afa316dc414d11d8ffa8af5893d1f6a35fe5a5286e84d15f62ed4ac66e7
SHA5120aafdac440f4db3b79f71cc22fe069d806b7a0a2dcb4c59da4167fa6a9bd38306436dadd8d6cfa65b41f012729efb2eef1e92f9de97a3beadb221032d34633ac
-
Filesize
344B
MD50a01e3445eee6f9a8fdbb3efd44ec8de
SHA1865b42a8e3de8704f08a73876a60377180dd3d89
SHA2562870f2d516f79bcb29036810c143c9b03eb084880c0d5acbddd8c31a28991800
SHA5127eefd29d6ecb6cb10685d67ca367cfab11284477d13910633fb5cf744b8f98af59f352b39a2a48a2b549a16212f10c1f5b03423f7afa7031edbb2ea654e5373b
-
Filesize
344B
MD5c14385f9583c8bc8ac9f80a1bf9aba88
SHA1ec8b211a8d4095e88a38ddcd47b8a62e9d4db922
SHA2568a6656319668a02e560234ca33712a13d6b428abe936a565b4c72ed73ebf80ff
SHA512120bf4e3b8beb70554c7077d9cfad5b7ca6629c4e229383218b912ac1ca9031601f11928ca14ddb60d0ac4e4e36dd5f6b96393ad791a1be978fcaa81a3d1c2fb
-
Filesize
344B
MD5a7c2d68426dca30ce18a72cb25b97b3e
SHA1dff397d11200822b5ce92025c2864abc2617944a
SHA256c615cd49c94283c4b6765a4ce7aa3662ee56d987a4a6df19d26aebdef5a8e11e
SHA512f8771a11b16e2671aec77b12c448e5489706c1e27dede21faa935763ddebf7d04a5689641b155af414e03eaec891f8143a129b7091f556c2407777c42175bd81
-
Filesize
344B
MD58f487a85ea2fd4b16597ed84450dc659
SHA1c3ff5d297fcce1f77f6eb3218b8fce3f9990065a
SHA2567a099819757a897a2457793ed3c3fcfbd40d5b3efe4a90571b2465f29feeca06
SHA512a93ad692750d05888003b27d2a2986d58424e450523bb24bab39b42cdf28455baf064247b531f13f09bdb7903cacec8a6bf4d4f1025a873e4d94cc09b5e1f41c
-
Filesize
344B
MD5728993cd60a965682acb0be132d284b4
SHA1efff82585402411c9b815495394d9ae1c892b4ed
SHA256bf26ee983d23ea60091fb24e7d3e378a769d0950bae28a858b151b2b5ba0b896
SHA512267e9c4978f7b9cc1b6c235ad12cd469f08954238187d72611391f2c1c735650eeff79ad40fadfabc4be08562343ca7e912240f86ef20b038f29f2efdf51c45f
-
Filesize
344B
MD534d8d71d259895dce1a5ab4b6d03aa14
SHA1d0eac0a49b803e35c682e97fefee54dbf605a255
SHA256ef3328b4ee28fb06f613dd2afaf160c482fc04205b89cf802deeeee1a253aaab
SHA512d28990b0bd73dee13733ddac8efba4083f488e0bb9bd723121d6eccee8712575b9b3aacfdcca81b07f12473ca47fe4a8e64cf90c16f919d7bf70d4d1a413e892
-
Filesize
344B
MD589a005e8e7ac776b30df10f8943f111c
SHA1ebbb598f2cba91865548a512c3b2f0917337a1f5
SHA256eb62408e47837918e975bd2ca5f48cf80b9d6aa9794c4c1a920227962be78adc
SHA512b7ac662b4fa2fba2989f70da70da33df671d4c1532be58b357bd6862432ac581dd61fae3e2fde60f8c4ab8a32b37ad11c5896cdff051fac90534993cd1f01531
-
Filesize
344B
MD5e2142573d9339784e2ad433e2869c2d0
SHA129aba854116da69b7f8d03441bcea658ccbb5b9e
SHA25641d4a4081b167a81a12e0e32062e8143cb910d5a3c9e2866c0ea716918bf0ff5
SHA512edef34286d7f7a14c21028f7170b0163520883104391484faa922f262f6a6488d8d0cb77d85ada1590f256215117f9b02f7a1c6e56d40aab1d93762d3fad4482
-
Filesize
344B
MD5472306c3755c7083950bceeea1ffaf0e
SHA1751fc5e3ed9e4205de2b16e65e850cc8d2d06551
SHA2560f0ffd6c51c4a867c9f3cacd75ba2569d5e0ef70b64aa872cbab4a6172931135
SHA512d859068a1a80434ef4ddf678a76f6adbdf6eebcbe0c603d1088b0497373e30885568ce1e3c737f738a979e66f63c5bb2332b739fd7fe10583d420f9002d28d7c
-
Filesize
344B
MD51662a73657e64351ef12a75bd5a18433
SHA1994ae4f1c1fafa2b4ef20036852dafa7f0623f09
SHA2561be28617e3bdf0e7979a288964517d322d27945c6c10e6d3bfc4295cae8361df
SHA5127d90f1e806a12b1a66f511d82f44a02c2551eaf8543d12244182a335f2e00d94915a8ae9d0dc35846eefead94ef8b04941a2f06ce521388bc70a3d4d4479319b
-
Filesize
344B
MD5795d236ffbf64719899aa872ec14fe02
SHA150963e26987e3a4ecf355d9eaa075838d4d09f1b
SHA256aee9bcebd5628f46d41da50dc588a682035256492890cf06c6b75fb35c07d9aa
SHA51252459651ff9e55c8080aaa3bec0819488c86a0dba7e481b7391fa195b2cfe24e565be6d0aad62ca3e286aec1855ef8080e4141942b0ed730a1d8f2c835f77828
-
Filesize
344B
MD532cd5fc72c9962c07190cc377e49eb58
SHA15863739bacc6261575f6d1a18450681c7a3d8d09
SHA256de496efac8d15e27c817f4f8dce34671ad8516f5e600c1fbdf3b19c0cd7956cc
SHA51258e32139f39c82b5a149f249454258254b52fcd80182a6ba893eb5454c82dbc817e4b7c9353f02dba60875c17c7f49bc5529ba993147f1a2d27dfdcb8612ffb6
-
Filesize
344B
MD5e9901a028d1e0775fd6a6fe729c0b24b
SHA1b1051492a0d4218a8e06b05a67ccbf54a53cef14
SHA2569662106fd333418a73c1aa52eb6336f7e88e6b4ab75a032e0baa9e6955f87ee2
SHA5126ed137a2fdfe9abf430acc6a3d737fdb29ca34838c63b7d325ada4f3ebfaf14ecd68ac6c94bf3be65cec3987605baf47b8c6a402cfda026028de7bc84ecc4b9c
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
84KB
MD5df455f0fa8fb3fa4e6699ad57ef54db6
SHA151a06248c251d614d3a81ac9d842ba807204d17c
SHA25615068b86edc0473a4f96f109830318e0540af348197e2b65f2e90ff32cfb14a1
SHA512f69dea5b68e4fc8737fc0e6ef48476d3ed0a5ebd2f9dccc9d966df137f9ffdbb51e413a0852c22399afab53ea8a2755664afdcee6897a1cf387a9a620481b2a6
-
Filesize
216KB
-
Filesize
216KB