Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
26/08/2024, 08:27
General
-
Target
c29fbde118ba243e7cfc750c77de61c0_JaffaCakes118.html
-
Size
704KB
-
MD5
c29fbde118ba243e7cfc750c77de61c0
-
SHA1
9a002542f1f5afe25da0e0f08b618a8f394f3f53
-
SHA256
30faef67a778fc1d6ad92daee9f9d66ddf24650cd1cf98b3cf3846d0e1da0375
-
SHA512
261a65d0059151654fb898d336a1c69d972701541e03e97cfba6e1466a83971c79e8a03f7ae31312b1756679de046b5090b3ae089185697b82b9d1e614480e3c
-
SSDEEP
12288:6D5d+X3vWPSmq5d+X3vWPSmte5d+X3vWPSmi5d+X3vWPSmq:6b+PWPE+PWPS+PWP0+PWPe
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 5 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: MapViewOfSection 50 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵
-
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c29fbde118ba243e7cfc750c77de61c0_JaffaCakes118.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:23⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:340994 /prefetch:23⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:209932 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD56f6e6185b3d57a4f75a4b76cbe8cc720
SHA12b99f66e59133ea7eac1863237b0626109faf0fe
SHA256b174e0a3d62f606b05f3c6464a3d16369922ba201d51a829511e2a0bdb0a4795
SHA5120c6c05fdc8fc33afa6bd744f06ac4f144aec63153de45728467b19a4b7bea7b0e72c0c7f74acc8d461676b52b33a50d237f49d3ac9a3135e53250856a4a423f4
-
Filesize
342B
MD5d40b3b69547de30b2be5c0d1c08a831b
SHA1a27f7627b54258cd88c61f25c44c6d779af77f27
SHA256d5d1a7930607e35e61c314c280b6918e3ed85076e36839b960bf9363031904cb
SHA5127bad94c992d03b2490d6fc1f3b68a8464948b6c001d4e4736a662af46cd5bb64651272f00cc2505c34627447e02605cdd0f30e571ff23f02714736dd8951d71c
-
Filesize
342B
MD5cc842f63334ad09d1e53931c0c4f2a28
SHA14bf643569f8504ff551abafd8f73e6bd161cc122
SHA2566b5f921ed2bd11d567e854fdbe0de2ef4871f240cf389373b790602c9398249c
SHA5124b2d3fb3fda0e098aee4b44f426d75c158fe0827a604b5c731183daea2ab127a89fc94f678f7859ad45843744cb0cdefd1ae127b9855f22bfd31aa0bc0aa95db
-
Filesize
342B
MD5be69f36a33148220a4d1e261b571a6d8
SHA18bbed86e831555bef96d9962bade41fcf6270904
SHA2564d710ebb51ea9c6a48dac743de125c7fe38bdbc0fe2a645ca4fcc86405832f25
SHA512e2ef68051dfeeea3601b4c63235cfb233653b376922033762c4863c02355edaa7b564b2a592049ad68cf946fb9c02b21db2d3067e359462863d29f37aa363729
-
Filesize
342B
MD596bcc0e829a8aeb250fb74ad99046bbb
SHA162454e531f97ad245af3d9075c0703202300e41d
SHA256dd25ff164f3609ce3979c070672f01193290bab83a98e3ca8381202409b664a8
SHA5121e19c9651f144181c257ba102cfe3550c02dfc3f11d867cadcf2b1ae36e5cac4be0618147216e16738a332dcf9d192f7c821371c56acb618c286599c809d7c04
-
Filesize
342B
MD5e0b6ad60dc777513662d7892a1b8b84b
SHA1ea5409feb169dbbae99c15d5dc9f10917f68d8cd
SHA256a7d337c300753fe4315f5d980853c6358bc93ae8ff5d04d6898fb8a3343df5c9
SHA512a68e8ded790b1ce23ea68fa506a4685eb1e07d9db3ef48bcb0e2e8dab26cb41de27c0d4577b22f17da21be400db72b0bd420819a17802079c4bb73001be4fbf0
-
Filesize
342B
MD5386fde70abdbe440cf57748e68ea8078
SHA1353d2c27d2bdf0dfaf61b6ba184945280b7165e1
SHA256afb52fd1950096cf0157f34d138440a17e39c6fb58741100bbb1d79550858a53
SHA512d9c8b4842c1ea8933dfb0e267efa6f39f12cb09056a5e4eb1b474442a0ce1d94444084ffa884fb8bb80d991da42f98d369e45709c88712e4af3eb5477b73df17
-
Filesize
342B
MD5fefdd29d66a2c236e704d4c4b4d96fdb
SHA1844aaa409403a9e3be4309bedf292eef609aa0ff
SHA256bc3547d75da459209adbd4a55a91f2760b5f9275c09beebd97c577b58c1426fa
SHA51245b583793985651b3b5413b25805bc7a52465c0d2345995e5608ab100d689069dd53b10c451404015fa298a6f2d421a55d5c0114c3dcc0038043f62f6c6e5213
-
Filesize
342B
MD5ae9d2b410053fd2e0847868c71572922
SHA17fcda10ab8f2d65ab191dc58c3d3253e8a7e23fd
SHA2568b185a32c0bbca4d1b7d60add48197c6131bb50f540b64adbe93433b2545bdb5
SHA51243aac6463ea71a1557b20f1341ddd6d8e2d7af046fb913b563a6f23f6519f9dfc33a948c99aeb2b988be2bcb6ab29db6f3f252f50db3bd713e5ec3d06450f722
-
Filesize
342B
MD56dee0b9afbfdb1b7e2068112bd9b169c
SHA1b73c9d348bd74c2f43cf1a6f3845bb90e7101ef6
SHA256bf3e08301983fda78773aad5866a38da9f14f22cb1d2785bd3f6432680ca48ec
SHA5121ca6bd80fa3a4889b10c0e2f2f421f17b9e4a542f2ecb6a22254a3dca4834ddee5df6ae53d5f7d4ac0cbbc0c7d84121b1202fe70df020bc6d8555aa9a4eb1680
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
84KB
MD5c91addcd44863e124c5ef9766e46751e
SHA1863f17b99ff36c5397dcc475d7c9a6373c7984a9
SHA2565093e83a3d46a465141f93f3034e3d45f0484b7d83a8bc32cdc1ab8011ddb2c7
SHA512577e068a8cbc1f4cbe13311fbcf31704953943f5f3ae875e4edba089ef01d69dafbd0801eb2bc059305e7acfe11f5e0510c3a98b68689463569a60dd83a13871
-
Filesize
4KB
-
Filesize
60KB
-
Filesize
212KB
-
Filesize
4KB
-
Filesize
212KB