Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
19/07/2024, 00:08
General
-
Target
59ab7602f48048792530a030c5d4d275_JaffaCakes118.html
-
Size
188KB
-
MD5
59ab7602f48048792530a030c5d4d275
-
SHA1
b6fb2d5044d09d8289c8cdb9603608c4c03a67ff
-
SHA256
48917220172377e5c2871670f7ae69a0459671ddb7ec735e6b5a4c09a5550b47
-
SHA512
796d821373e67fe87871379cfa718b057dbe8f349dc82ea122ec5017c63f5dc4e0f56a8e16e69a5196c53629d1df17167dd23523384fdb8ab25b2fa2a385c3f4
-
SSDEEP
3072:2yfkMY+BES09JXAnyrZalI+Y6XXI6EyA8:zsMYod+X3oI+YS1tA8
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: MapViewOfSection 25 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵
-
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\59ab7602f48048792530a030c5d4d275_JaffaCakes118.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:23⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD514dca1f3045d604437da6f51f4688219
SHA1a34c2ea32011880df54c91f2e84492d4242eff57
SHA2561185a5849541a4102b51fa885d9015f1ec0fdcab77f1e12912fb21c9cb088307
SHA512e1ccf7607f7eef0a26c62e5055156939634da9a9b3cd86c925e74de0e2c0c47ea249000247a14b75e9c878f6a0a00b2b39b4724dd7360785c8e657d86d1ac7d1
-
Filesize
342B
MD525dba7f159ddc5ff5819ee8704cb5fba
SHA1685cf89c49388c021d17d55427dc1bdb8c8fe590
SHA256a82259df84158000211996514d86b4ba189f9ec89622da2d712e0d56f87f39c6
SHA51252b377c16d1832bbeeefface0775e56913cc3a6414960cb4b8e5bc4aec313eef5d4352423830292338d3696ead5ba0f15b49d7774bba87f932fa6d5c77be3b7a
-
Filesize
342B
MD531b5ded2b442a2a68b2757c29cc9ab11
SHA16bcceaab8d1ba9cf51e1d66a2c9bb09dec5e4eac
SHA25662c9c355c9c16f0a4b05a3f5b0c33d200db2150ceab279bf9c5898cafdb331e6
SHA5129555110c4ec69009346ca6ffd9204e76e3ed1abc8c8327752af993f855418dbb3713cfce8180118f1bd176c6b5d2f94ef7bfc248828e6e860f5c32f78a624f5b
-
Filesize
342B
MD51bb86a59b228d6fa7f5445f38701d031
SHA18b1f7944fe39b92d399730cf19e0f62ba2cf2cf7
SHA2564b5ca9e30b93de8795d52c277a4762805bebd5ddfd1b7b92a5317b7455377e0d
SHA5126018e9692fcbe17d62c11d83238a122b5ae2d14109833edca06d1ebe50cf330de2c676420ce69be0cd86a18ff22d198fafc899e3771cef632b006b9a386a95c8
-
Filesize
342B
MD5e8f02632eb5f82ed4820a263103158e7
SHA1afe81916da77e1d3e1846d09e119820a202da1c5
SHA2567e365e7f35ae677e9c9b0aa1fec59b4e3b6b47408f2b678a4a61f5b52fa61424
SHA512ec261151717d7374b7662b6ae2bae7e5c276f7bde4a4ea34fd3bfa56d2b3376954d82158300368c6234c4d40c7666015e47ba4f73f81b81eb61a0fefbfa52d71
-
Filesize
342B
MD5c7639f92c44bc3e10c31ea3108818d07
SHA14b2c314d26a2affd77ee2521e3c3f2c20237c962
SHA2560a5643f6dde217a6d3376b19bed64d7ce52206a6b18a7412e3d7810aad1522c7
SHA51240b554d904d21400d724c0fd8c78d711392c2bc31325b4a20afc741392ac95170d435f8090118d9b2b41582c28a8e418010b4a73c5c6a34cd62ac2a1706e70c9
-
Filesize
342B
MD560ba117b3087149722f42743f16284cf
SHA1909b66d4118a375c28705cf4a8d58c40533f3238
SHA256f9ed4c072467bab5a92c5f1c0e41eb1cf5fd89e001079d9813623f99d5ad2ff3
SHA512144bea74032aeeacf308dc02567f5c685fcc376bc468d02ac427290e4e0a3e49a2bbad495d5e64bca658f347231c588c12d6d0a38d6fe342a6b8e0509ba78e79
-
Filesize
342B
MD5ce2323e833a7854c1d84bc3eb62e6b27
SHA17df1da11b69fb1938c110c54344d6007b09dd961
SHA256f72bcba42519428d2e81b3779b3b1c479569b87d908462acbff953361b13a046
SHA512b9141bac3b183878f7cc73a11003c63e9ad87c5d1eb87ca6b15e9e17d4ae81b7d0b15291f77d4ed5f0bf9709d7b2d55fd157de27095f55d5b61c3598535afa4b
-
Filesize
342B
MD58d0fb495852bfdbea8040ed53b44f3d0
SHA16534b06d04f1853797eec9aebd55126be87650d4
SHA2569e5a6f22ee8ee8b610852b4d615e01a0ca6a2bf0cf91d6785234d1fd7ee98ee2
SHA512b7fb9e558bf2d89ff4335b3bb69eb983ffaa44204f5209bfea54aa5fc4c99334a5d6574e12d7280735c5be6bf5767cf3e615bc9d9b77e960ab1702c967aa7d9d
-
Filesize
342B
MD5c276c10a3ae9a17a27287da0ec89ba6a
SHA1445319e8fd2abe7a252a06f2755ff9143741e2df
SHA25619706b73705446849daa6380b8d432c7e25864155e1b6f888a30d8860c62c779
SHA512bc5590708859f2e85f6008492de92ba2d7d5aa4599cac49e7dc1c0d242824f2492c44c5ab00b697a01671f082d0579963809ec7b8ae768b49be7406ff941d6a8
-
Filesize
342B
MD5bbc420ad6e2067016587b7c64532f23c
SHA140b0d3ca4e0b45cbc7ec8719a876baeace319829
SHA256929e64ea9663874596e08d3ac80bb8aef7047146fcfa0a9b936bc49c97c4601d
SHA5128c12efbf2d2c6420dc679921a1b37fc0b06c612e0c0b26c3eb6de60f5644b9d1dae164c1e4e4c9b6d88484095987b32439482e0e85f89f0dfb552e8226f88ed8
-
Filesize
342B
MD535e1741fb53d233ea8e3c33db7f5b1cf
SHA119c48d0c47035feacdcc4f9f3ad748760d4178b2
SHA256070fbe3cdf5c9a58ec27a5652b867696cbfcf8d5c5f8538090c20f3d1946a196
SHA51290bb9c0bd98db97005ae5825dda0501f42835e22ef98397efcd490992805e4a450e611a8c77489a51b62ced104df6c557ecd916f9249217c85cd94742c2debab
-
Filesize
342B
MD5c36ec4331810b0cdeb5560164997c6a1
SHA1ec2750e0dda66a567bf822e52a972c4a2c4ba761
SHA256cf1b398017626a859c829a554c30e7428a683d7cc080757ee2a81c5dfaecbd49
SHA512ecc57d483ea5614d6f0637f653eecbb0e880c5542ab6b11ea36e3ab3f6d72dc81fa342681f5f090a29c8c366a9abc37fba5049c2465990b7397062fedc91bad8
-
Filesize
342B
MD536314038606681f3029a839b1f56c4f5
SHA17d20eedd8fb1d4ea7f45d21403db4a18126230ca
SHA256ba3e4993f7aae3444c76fd2f97377d9c38cd076ec800521aac41cc70a7253ded
SHA512b05bb5dd34f0d0dd0f5aa2cbad6f4b47eb38763949e51d959b7778788682f100ba9e19e7c9ced0b24b791dc195fbc0eacc4be38d29c6a91306d5255f9fa2377e
-
Filesize
342B
MD58f6f58508a7644d587b8405e303451df
SHA12ed5396838c13fa5fcfc9e9ebea45b6c7d4100a0
SHA256cab69da7853fdb85ba138ad18dd07a8b2c90fcd021089c20b755aeecf6a5d35c
SHA5123b9fb1ee0b5e57e2b631c8a11167ff61fde811406fbaa21fa4b2234aece7ee4093357411c1539665c401d1ea3dca376caa33217afdd54699d8cffaa2edcb1327
-
Filesize
342B
MD539eaddaf5072805d7d55d6c5eaaa5715
SHA116a72c5b6c369939071532d0ca9af3a70c1694d0
SHA2569b106740811cd189f7e39a411d0d21e104d70a58513468ad60c491a6e8593fc9
SHA512feaa50d256cc427a634d5bf63830dd224896e133aa95837753b690b3beae217166391f2a54cec03c3205637bd3924b58066c0a3514c39fffbcc1a90e9a606ac8
-
Filesize
342B
MD5d07929d74164e0619684bf5bb9d3f3f5
SHA13458ee6abc132df75614456fc3241be589547b77
SHA256b5fe8efaed096171411d1d3b8a80445cd41e55ebaa319c7cec908aad96e163f1
SHA5128c78f8a3854c471abea3ae38a97a56a51f7cbaa9a8aa56ab2b7f0206d4d6179480c3ed70a5808307c5adbb8aaadba30c424e41efad4afb019eb0a0b8efc71d57
-
Filesize
342B
MD54321c41d0523b40d8adcf251ef17472d
SHA1934e4fdd4be7a95e7806fee72c34e1260fb20aee
SHA256af81474b8066d9b7144d1d42944af3cd6c6719f5df7146532fb30292b62e8dd8
SHA512b76b92bca51ca9858e6577e00931f0066a1134295643dd6a7ab4c2151362a53c5563a19c44ebca0486c9169e6041ba7e55bde9db32a4a158611039aae9711a60
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
84KB
MD5df455f0fa8fb3fa4e6699ad57ef54db6
SHA151a06248c251d614d3a81ac9d842ba807204d17c
SHA25615068b86edc0473a4f96f109830318e0540af348197e2b65f2e90ff32cfb14a1
SHA512f69dea5b68e4fc8737fc0e6ef48476d3ed0a5ebd2f9dccc9d966df137f9ffdbb51e413a0852c22399afab53ea8a2755664afdcee6897a1cf387a9a620481b2a6
-
Filesize
216KB
-
Filesize
216KB
-
Filesize
60KB
-
Filesize
4KB
-
Filesize
4KB