Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
12/06/2024, 17:29
General
-
Target
a182cfd0ea50c896bf780e4529957b47_JaffaCakes118.html
-
Size
194KB
-
MD5
a182cfd0ea50c896bf780e4529957b47
-
SHA1
fe93332692650faa26c6a34781ccbef1292fd11e
-
SHA256
ba76503d78d21a4dd5527fe58a64bb67f61f77a19c1e5ecae3af38e0020aa7b9
-
SHA512
851740a35cd6f1ec6458823afedb87358d8d020548355624a41b4aaed71e0245ab76ffa7a28f2f9f83d3f1956e227105b5845138fed1247b5668148d51fea5b0
-
SSDEEP
3072:STwKzOyfkMY+BES09JXAnyrZalI+Ye47uM9f7UL:SUUrsMYod+X3oI+Ye4pf7UL
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: MapViewOfSection 24 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵
-
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe -Embedding4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a182cfd0ea50c896bf780e4529957b47_JaffaCakes118.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275457 /prefetch:23⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD554b27215efbd79b424a1e7c7eb1f73cb
SHA1095eb8407a74f882dd73aa126ace2bc564902954
SHA256432f3f652685082c7ded8c476255fbfaace776c6042c003c583245ff243e534a
SHA5120cf1df70a8b81c832b39c90344b37bf584e1e2b8c0914d0ccc265af962d3eb2b5478b66369c50a6bd80885c655ced3fff68eec20cdd783f6700e32a6fb25e11e
-
Filesize
342B
MD5e830ff34ce9326af0a493d7f61dd0315
SHA19f49daa8547ca26e87cc7aa4299470eddce0fc2a
SHA256fa44f38f5980309ebbb1fe7ec5cb4fdb411aa0c7576a636f44d096c9dd8f8801
SHA5124e3f785a46c27539f7ed62c89a36cc46b2b13a7df2f750985d38f0e5c91ceaafb5ea6412fad0f833d759d7a8340fdec48dea9a1353bd49f7930b875f5cdba061
-
Filesize
342B
MD5ce93b84923b7b0a7781e1b8811debea1
SHA10b35fa2c705e4b42b7a7edb55dba97b922e99408
SHA25670c70db6edb2d09aaf40612a5634ead21fa7d2db70d461042ae2f383fcb43c7b
SHA512cc0c5ffe4d50325362f8a137ac9dcad9609374468539b04aa70d23a24b807ab79caac9cdb95be7e685e23e8ee2e7c010dcf2c6b008958f8733236e0a9d8aa161
-
Filesize
342B
MD5a955ba0a94e8045f5b983811b119a6aa
SHA129bcac5aaa4a7b1145cd649aa6bd68385b27d1e3
SHA2569fe2e07819fc617abccc8d3d3122eb1beef20bb2fab141823e625ee39ba988f8
SHA512100c4e07a65b1fd634e9782415e2346e631033978c6ec1d1806f9c3aff55491fa90fa4e6d2f0dae677064c40eef37a285a202c3b173881ee515d2c49861d0790
-
Filesize
342B
MD52c596614ecae44b6a7598f484b059a54
SHA1153871a4955aa5a734cdfd7754c8fd2354abf13e
SHA256013f5df81987625521d1405cecb78c0729b17ff289b14cb14b99c85178a87c17
SHA512d18dba085cdae497969d450cfe26651c94f451dafa1110a69ea7ac99a3b2977771b7e263b418aa84a4dab32233264afdb1ab514f3660f8540b4f6dc8edb97f5c
-
Filesize
342B
MD5ce3b6f50a780ae925dd5015f1f4020b2
SHA1ec9386d214e4820a232c83e1af8f5bfb6928f560
SHA256d249e8666343f648316424acd6d0684652c655f3b319affd8dd865df7aa08445
SHA5121bdece8cbf86a06683d8c089ffcfa4884fdddc05b47cae7ca2b9e85f4fada360e8e9b665de608631647fdf6da8fd246ff3574b54778f89a50a913bfe4c862dd4
-
Filesize
342B
MD51511d14a64e981ad2266ac6ac8d86f83
SHA1d4eba1127bd085e7d08aff95642fff4c01206012
SHA256bc5ae82e081e1120657725c290f98ee2b05f27495ce7f732cfba01ddd71f691e
SHA5122a7784b2deb48f05b23bba68f03ebacc9731af5fb334f82f2c160de2a6311baf146d8b4106783c284d0cbb24bf4e878a364f9aead22ae86c07c886f3674c1795
-
Filesize
342B
MD560548f22d982fe3809035d0b81ae9915
SHA1166b15bb115ad794cca286db9f4cdb2cde81e877
SHA256ca538c6167b694f0d955fd74e7e6fb5e1645be243a178dc13fb43fc281e5405b
SHA512159ada65cc405cb9dd4f609a34d28ef020df92cb8e453f1611d5f31c83b25f190c7405ef6acb9361e3513aa784d388e1ba246c19b86563987e877adef90be6e2
-
Filesize
342B
MD57e3bc2de25506d99eb76e0aed87f1c5e
SHA1436aadbd1bf50f3b2574ea37b9e98383cf854708
SHA2568104c3c237874a54c5c095d9b3955267ada01c58336a18ee8b4515dd2e96aebc
SHA51257153172c9fe279246fbb6b95e313914d5c3a0a702993d014e96ed015ce736fec66a7c25d02f2a272aac3c78ca24be45358396ee3c978f8c6c4032e323aa14eb
-
Filesize
342B
MD5c2d21d256388bf3775f6e9133ca78474
SHA1b2399c2e9e42d0446016e57a57b7a0e2567b76a5
SHA2568067763f4dbc05a33c30e162df799953978dcc54b304099b1c981f6e68ca483c
SHA512a0002cfcb04816bd1bfbcf531734245aa26be542cdb62c44c400c5b7d785d9cbf6b4484df1ae226b66b7e0b1c15e76828da218227f068d8810fb683da4b39154
-
Filesize
342B
MD53fd3fb517c7c468bf7503f60b744ec17
SHA1141d472d71bdbb3054895c5eb8d73949a692700b
SHA2560f8a2fa3a8daec2baed5407f5afc37d2956fbe811103ffc1d5cc77d7bdabaae8
SHA51243b10c8b2dc1a64cfaf662d135df8430a61d5da9002bac143464360d5c5f33b8da513e2ea8bcfbd2811882f55681fe87b08236b38748b983e052718b1576a3b9
-
Filesize
342B
MD5a11ab8136bc362b37df74cede559b96b
SHA1e1840654af949e772d12c21cad00b64d6b314125
SHA256950acf9cdc007613e8d0e9d39e3976e71030b8ad76e815b7de6604be347cdc19
SHA51218dd521d6897488b1e48767344831f6298cd8b7e44cea5a6a0b7b36bd14522809c71c62102aa948407ed7b0dbdb6cb5a6171177becfe887bfcbf969dc1716863
-
Filesize
342B
MD5cdd3f1651ca282fe0eb1685ed49e4332
SHA17f473195ec0590b4a1f99fb08bc5256d8e4ed5db
SHA256218f3077feafa9f2647f71ef0b7e7f1b023d450d19897b2305be60a22c0ca6cd
SHA5122f7c280d91704689d132f45e9d50d61ad15ff89f5aaf34d660da9965b4282a3521ace08c24adfa00c2478f82b6e838d5635885e1a6eb4fc4263bae861d95bd8d
-
Filesize
342B
MD5745f98eff5774bc1008b38a31d3ca263
SHA18c8cd6db9b98485abaff28f4dbcac30513e0afec
SHA256b5a4e234076d4079e482372de3c128ab2efada25bfe768cde5cda932a95e27ab
SHA51286122881562fd41936f6ff2998fbe4a0e72f3ece73991ed577186f1ff977ba3085a4205d3af9b3ab6f25725f5b3139b2b74a45dd393c717c4d578589d99cb9d4
-
Filesize
342B
MD5023097ea30ddfeefeeaf966acadd6287
SHA10c9707d33bc070ba1ff8a28dd9448363da65417d
SHA256a50ccd99540f0860039bc8987c82fc1c54f0a994be9dac9e401317213969e21e
SHA512a623256b481e0fa802fbcb94bb396ded5f4072cd2d6dd6f720ed18299f7b9401811a8c605fc85b271a10c41a23c272a7430a2551cf51be90db2f54df9a0b6fe9
-
Filesize
342B
MD5e69b6185f3228bc54fab33a62718b37f
SHA11642d2ce6718ead6eed038a786fba0524cb575e5
SHA2567a0f1e9b2c8323acef41186f5f86d79e17b7ff393a8c4b3b9d39cc60423d0663
SHA5129a5f79ccd59f83eff8c906d599feceb98e1a32142d6c21ed64dd6c75c3e4a82853e59a4edc2bd429512ae9b29443e87ba1fa93aa4dfe42cf75af8900c08a096f
-
Filesize
342B
MD5d67e6c005ff6418905cdfe13ec02684e
SHA1ba7d3e140811e48a00b8f4b5bf423958288165fd
SHA256a26041935b5371fd52dfb42869b0dbe16070aeaedbe80c611a5d1b5d836afaca
SHA5122094ddce4de34616b1e313ae8fbaf6a8b2eca8236ae5a8650bfdfbc73e8ead086c3d3eaa7bf92784c2bddbe5fa3692953c1159df69959525c61f02274ae2914f
-
Filesize
342B
MD5b0ea6d4b4b9772fa518a7aa091162cf7
SHA1097ccdbd86dd86ee82b9e5437eb8d1e5c60060c9
SHA256d288e9a0329a9a0e77ba1de7516b81067b1dae1a75f6217f3f57ae3a54529b0d
SHA51288a5a717c45d7674e9d7348fb72dd1e97a65224bae1bc57083904a0fba40d81dc70c10b89dbfcd7e0f090ac31b5b260680d5ff1c1eba6ef6499c5ed43a63d23e
-
Filesize
342B
MD5ecbeb4ab442307e26c1bd96b31a0c639
SHA12c1503f1117555f4f96799125630cc9f70c4be73
SHA2560df47773327de41fcc7cc45c726c39de47456b2e30e47c0f9f2fe2bb92b28482
SHA51262e86b5259f94b2495452b61c291194b264311b40d68b04bf516add9f825571a4d47273c29e6ffd085ee64734777f95d62170a8dca91fea3dbc896d94484900b
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
84KB
MD5cc9104bc71a23e14787188f3634a4d05
SHA10b537406933abc1738ef32b96069961d024f1b8e
SHA256aa797033a44b0ab42e6428552b5e85bc735c84082493f63b4b3ad0843859b28c
SHA512023b9655cef044082ceb44c6644d834e4ba9af088843674cc8e816cb4f4981bf0958b0c82002c1597c8818e57af0f80d4cf3ab771e68af5a33cff752363c7df3
-
Filesize
216KB
-
Filesize
216KB