Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
139s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
06/09/2024, 10:33
General
-
Target
cf5880653781ad3fb7545f31a3cdf2e4_JaffaCakes118.html
-
Size
199KB
-
MD5
cf5880653781ad3fb7545f31a3cdf2e4
-
SHA1
ab37f1e50c1feae8466bfa1ebeebc93e7e661c4c
-
SHA256
7a58b9da332f3080dd390db8c90bf886d25c6e7b2919f67b8eae25a7c19e60e4
-
SHA512
61b30bb6355261d6f75d6eb0cde0af53ecf37924ef65b503423da316bba55cb192905e36a587fe0a83a06c263e64ff05f428d3f295df8fd03f1bce1c1281395b
-
SSDEEP
3072:Sybe+wRzLdFpzmyfkMY+BES09JXAnyrZalI+Y6XXI6EyA8:Sy8RzLdF1sMYod+X3oI+YS1tA8
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 25 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵
-
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe -Embedding4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\cf5880653781ad3fb7545f31a3cdf2e4_JaffaCakes118.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:540 CREDAT:275457 /prefetch:23⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD54063c81e85e8ad86ce1fc19f9f8d70e9
SHA156aeedbb1d0773489ec1854652b99d81ed375fb8
SHA256eb5a6a0311a25b01a742ebab4fb91e2808c969bf80bf484dd82526f7780f5f0a
SHA51231271fa03578e6d30e070130be31bc7cdaeab74ffb604d9c74a812608027b56f84049c50d2bd25d542af2b28df7c91aaaa4a97ccbedd5d2099ece354e7b5378e
-
Filesize
342B
MD5df39c723d1655bca57886b3be809fa5f
SHA181ec3b9de65773e89c1a58a679044832fd1a8ab7
SHA256394d0b772f7dd1135a263f8d42571b55af3fdccb2b2acd717a4ee6620a6c814e
SHA5126f65d4b99477aaa77f29b809a0774b15a4607f02ddede7e7db25b935afcfaccaf3d85ad95b27b4be27aa31a4663b9ded6ad129c10db12ec3e0e0349079f0afff
-
Filesize
342B
MD5107d395c42ae5a06688ab501b0effaf3
SHA1dc77f1e0de7519deee24b2ad08a83897112a5998
SHA256b19e9cc00623722e88fc13d8f10e0e9eec1faaca6a4781725b708c0e77c20d4d
SHA51208a1256206b45d7fc7f128f3c5585052039940a7dc3d8f138d5a7207618c2e694e8ab6261f8477b4a80f9ca8094e8e2d0c5fd93656f1cb6c336162809d6e68c8
-
Filesize
342B
MD5ce352d969976900cc394adabde01e781
SHA124ca50094c3c492d2a4aaea28834b6a90cb83502
SHA256926325081622e2ff6ff7bc1591bbed26f4e343e38669e206e4eaa92ba93cbd11
SHA5125700ea74367db50096eb1662b6e5ba55a81fc502c9b1cedf9f0151c75dadcb980ba8af3abb03a2dc4d6fb1f28eab0d7bd73fd1c2897438c7a094ee2db3c98bdf
-
Filesize
342B
MD598ba16ea7bf1de4054ffdebc8243985c
SHA1e7fd3a52c56dbaaceedfddc9f6641735ed6fbf90
SHA2564196f5bfe82657ffe5305fe7c5f4433a5c48f2d2eee77ac6332f6dd46d59d9e2
SHA5125cbea681dafbb1ee1f889691857a82d10cd5506072bf0f506a42e4a89bd5810ad9b5c71c3c4fc1fbef9b23782f931707fa77bfe5d875e640f520d74a624b1bcd
-
Filesize
342B
MD569d0df6c0d76a5080192e6ac03e003eb
SHA1998046bcd0ebfba1c4d0cc05c6ae3b36fd5f73cd
SHA256d79b6c6e67e419ac0c19a5c5e3ff94d84dd5c1a286cfcecbb37eff94c8f20a6f
SHA512c580185fe0100fd2d361fdf891cf3c3ef876d03ab8e8d1973e1e16aa3784b9e2a91130d60131503b770894e76117465d64ef04e2dce5b687dc2f47ffea1ab20e
-
Filesize
342B
MD5d6603367fa46688c7756df0df1024263
SHA1fed878e5b98ee91c3196886ca2aa0740f6a6ca65
SHA256b3f9fbb92f983abb7950cb867994480cc5bae2fd6e3992ea4e30e19946691e9f
SHA512ecbd13281cf701125935e94699a0b91058f3ba8b123e387ed46f38e2a76b7fa4d4564f8d64254d474169aff0ead3e410ee8a06309d1beaed08ebd5b530b9672b
-
Filesize
342B
MD58393f6af18c38ffcf8c13ecf132f48cd
SHA1efb5c2e898564c7b10462a13bbbebb5c6728895c
SHA256412960d17d7712309b09dc82f7b2920919ef6e5af02b8aad38fe924258712613
SHA51287da32353065617340b02379b3f509eebcff7139ec2d2074ca3239a843de08afc97357e7d0ac8e0b16b7354331655a08e8492955c0ad6935a6f86bb0cc505d1f
-
Filesize
342B
MD516a143929228da56e9799b0757c4fed2
SHA1aa1c5100009cf7257db26662860cdd01f4185a84
SHA256f71c457ac8c26240e397e74f1075c72aff17e7ea100713bdc4e19ea25169baba
SHA51234d7497e9119e028c87fbbe7bf62fc3dbea828f91a9907cf23f418700d49ebb1dff2dc2793426bb1a17e2de174ec360f6667a973eeab8b77e006becaa3a07c06
-
Filesize
342B
MD5ce199894a25259ed17c0e6ff09a37a66
SHA1641f363973049a71d41bf9b219ce1b2172f31b80
SHA256affefbb45f4fbc8a147561bb791b5b6286649ed1b2b0de884b57e8e7e95cc8e4
SHA51270aa7efcc4012a745a5ee3be4241751af4c294add71e9c663f768464d2ee4a3bd14594cf7c2721a013e30c9663ce1dfe1b4672af47334eee5db0129f27e3c804
-
Filesize
342B
MD513f7caff18630214027e35f3298d05c8
SHA1a0c36423c0349bcd45380389be49352878baa125
SHA2561ab54abe0cd5caabbc81de1898c1a0ddcda1b4e7d6b9b6b28bbf4c5b4c55f61d
SHA5125a234aa12f3c07b5e68efac25bbee1677dfd63d9477f96f00ea7692aa51738e9326d7ed3995474d106c8467a9893e0894544a6d1412c61f3c93c263699bb922a
-
Filesize
342B
MD5815a7ad95c9f1597e96073963890a91a
SHA1d7ab269807600739d585887d9eb38f4d638d9409
SHA2568b70439bbf0686b2201abd375128cc711bdc755503981ae5ace5e9e6d34a6932
SHA512a3c949c013d04d2513700682aee027f2180550fc60648d1e6619a03bb5128999fc6f22956846e1e8f4ec7336859048aac50e7a16a48b4d0108089e2caa51d4ef
-
Filesize
342B
MD5614ff694be29b16878b241a6ba17f717
SHA1962465689523d4914233592f9e5b50fb153db60d
SHA2564a40525792a6c986710c0bb8259273f09e0ad39824fcfc81e6bebcb9dc32b41d
SHA5122a7da608467f2f52bf1ee9cfcb3c59fc06c5cffd881569c53129ff5103b55d824dcc26ba86d67b4eb91c7e0d4a7f55bee038823d1648714f3693002ca40aa603
-
Filesize
342B
MD504cdd3de1eb8ae7726738aeccdbdc3f8
SHA15fd801e0c6ce54330c24ef37010f0782f1616601
SHA256172d47aee56a8434ed2322d9aa150b83ff39163802e7d5f252232dadf02792bf
SHA5124418766081ca1900245016b0b5ca089d5e46adf8961fd76248b19762b88fee24afb01beebed683937582fe7e53a0ed40240e8d705e18971314c82537ec580d48
-
Filesize
342B
MD506e96def4bc2d6959b30e0d2c0e758d4
SHA1c62d58fc8c8fe7d0ebfd0a02ba282f4a036999ce
SHA25680c91a9859b8b840a648b25ce4127b644df2b31fa23e1253cb5dfa5b812e73aa
SHA512255defbfdb71e6d257a925c08884adfeb8f2de031def57a960c13eb220ed245943dddf15d804e225e5132e7f6068361b45eada240a7f00a771e80190bbf9d91d
-
Filesize
342B
MD537be184d64ac26fe1124a098ee679933
SHA13c399a0043aad6d04268e99e1376558107a82753
SHA256b0dcf343783dd970f10dfc41b30080beb03047da5b95ddbb72972d448693db94
SHA51262551bc76abad9a630f1712c40967170eca15290eac32d1de898c9508ce74435917d4b2aa6051b7308e1319354a669279c0a94c05ce8609ac25979e9b2e0d243
-
Filesize
342B
MD580c5937c32dedf2daa9efdc6d75c16c7
SHA10954e004124a1a9b6b2a1a0191ba6546d59b3267
SHA256f19a5311b9b9c8afafbd3cc18566b3f8dbac3e02d9f05a9e02f65230c9d06a61
SHA5123d0bc4f5c384fbb37707b83250c94bee670fcc14876d8a29a7589153f90293abec03c5702032b42151f27ccabf1a334f05512f4a689ad2062ddead5e7194e087
-
Filesize
342B
MD5578624cec3fca1124294953fbd22c152
SHA1d3f3a79bb2193da380092d02dc0df0f5c4494ba3
SHA256e4ce1295eefae9d6040db2a73d04f0a420292c30d3e4450cdbd648ddc975b7ee
SHA512f8abd3bafc8b5628c1c143cfcdffc15e7bb2bb051e11c731a042338496479f716e1db5542ac65d52369416e2ea7217954b59c5e28b99dde84ff7f0e10aac1ce9
-
Filesize
342B
MD5d0f20747de38711e304935612568239e
SHA10a8f328d517e8440027d33eec973dbae4628cbd5
SHA25690550eb7df9b2a804c259c5cb4bc49bfd8329412fd63d6687721c14c458e92f2
SHA512a6ee879f26b660780d29bcf2963396264cc5ba7fb32992c70f4c5534b38d022eda610545081e1bdfa19f4a66f656a6ef372efce323913f42d59abc0988bd3529
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
84KB
MD5df455f0fa8fb3fa4e6699ad57ef54db6
SHA151a06248c251d614d3a81ac9d842ba807204d17c
SHA25615068b86edc0473a4f96f109830318e0540af348197e2b65f2e90ff32cfb14a1
SHA512f69dea5b68e4fc8737fc0e6ef48476d3ed0a5ebd2f9dccc9d966df137f9ffdbb51e413a0852c22399afab53ea8a2755664afdcee6897a1cf387a9a620481b2a6
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
60KB
-
Filesize
216KB
-
Filesize
216KB