Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
104s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
07/09/2024, 23:49
General
-
Target
d315028331a02699e2ec0d286a387a32_JaffaCakes118.exe
-
Size
253KB
-
MD5
d315028331a02699e2ec0d286a387a32
-
SHA1
cd1a66287df2d8dce8979c641e028704ee91ff60
-
SHA256
f435108186864246270476f6fef691f0b3c15766914a581771edec87da8b0769
-
SHA512
d7e80ab42bab0063e16dd9f50dd16675b5d9e105b81d21e55130f1831785e243e5d253cdb7dc02e4109ee84d9c7f411cf2c6514317824c9751865526357bade9
-
SSDEEP
3072:SE/i83OM3Ao9D5448xUIWNwRAoQtf03lwW3QPm7BiK4aQdbJ42FS5QrX07RNvXOy:sQFTDIW1FS5Qr6XV5Kg
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d315028331a02699e2ec0d286a387a32_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\d315028331a02699e2ec0d286a387a32_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\d315028331a02699e2ec0d286a387a32_JaffaCakes118Srv.exeC:\Users\Admin\AppData\Local\Temp\d315028331a02699e2ec0d286a387a32_JaffaCakes118Srv.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2800 CREDAT:275457 /prefetch:25⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD59314910a0ed3c565fdf3c7b9a1e95fcb
SHA1e551e65172a5259ee41fe2bd226894dae0067f5b
SHA256fb3733f3945bb5794bcbdb058bb272fdfd2eb3e55f3fbc4bd3a0e4995df1cc05
SHA51234c11202cb85ccdb957e8ecb8041868c7dc73a55082f753be0a830d2641fec6515f7f67f1eb467d04a9eab51ac2f326533d646ca5f0cc7a2aa3042cd09e13441
-
Filesize
342B
MD5bab45aaf4c88781055836637cd9b9481
SHA1d6ee2293317757f721350263af667f0b326ee123
SHA25684e37297923b18f94c48f202eb7d108b1feec9896918a1a1b10d3f95485c0945
SHA512230c9a3f3fc5c651c9afa283f9ca9d50942c502eb90d45765b785921ae210cadef09b5abdb2a53c06d5faaca1753352a7d012fed4472977288aa931df8698edf
-
Filesize
342B
MD53b4dbd6c5982afdbf7f1a07352bcd683
SHA1dd2880b9c2742e9b35af0bbfaaa7dfa173a69918
SHA2568e19275775ec9e43c4e47cae0870aebfebad2d5ae68252181feb01f1524bf2b7
SHA512af995a7fceb1284c660fa762a5781a4b6a74d6f4ab130bd8dc6c8587f8ccd8658d8c85d2159ddeb88318b201ef8a7283957725177a7cea28f1fb67e5b056948f
-
Filesize
342B
MD544169fc4cc4ed4ff6fcc248166e1e15c
SHA1545e5632cdd293474ecc4cf0add0a0e26872740b
SHA256ef7ba33f91d7b7576259bf39ecdcba79a670a16b34c7066b72d19eaf96979737
SHA512d37b21370d07df7e4ca08a33e3f34c30b87480f222303733f29573ec06479e5db23d6e7b6c7769ca7e6d9a5577d53f76188d1b2d780c9ef3cbef9314eb5e161d
-
Filesize
342B
MD5e75e86156640d28c76e6bb277e8bd10e
SHA101c320ad76e8aaadffe5eec66217fa54f7faad29
SHA2561d67b07c0b4c68d40523126fa288cd3f3264a147a256616122ca6a06cc256c0f
SHA51251ed689ab42dbcae1e7d9ee5aedf9fe5e0f9a25a3ee3b76df62bfd393d8bf0fbe27fe32e0d4ee8984c668b13feda84d6cf19d5cf49625f82ebbc6054db412f49
-
Filesize
342B
MD542a6422f96e08baee565cf5c8470f0be
SHA13a1f29206b42085ecd6fa87d9f156e7e99614941
SHA256b203aededb8ef0a2a15f63b279cb3a6547f1e49a23929765d376fef97e9d36fe
SHA512273fc789028ca56429101561e9a19c0e9a3b04729c35cec6eaee56b5244cda15f3a3b9b0b8a6a58b4dc565b8f90b7ee2039087d8e558172dbc68b2fecc565509
-
Filesize
342B
MD5342ad4bbe00b35a6a8749de570f50e2d
SHA1f4cedb6de3ec8c8c6d789ffc1e78a4b1d7cbe57f
SHA256b4df5000e1724ddf175fe1bdb96ecdd99ca3937dffd7fffe174c1e7407f12137
SHA512918d5b72a078ea154f3870a11c511bc94753c091b3c9e2cc6215c66e57ff79666d79bb87de877ab2459adc22d84b9929f9996ca5509978ade6e395513b6ffa40
-
Filesize
342B
MD5afa862a43d26a6ead4bef4b3509bad0c
SHA19e1528f84504a2ea3088a27c37b399ec04427079
SHA25679e5213771a68b8db741dc9a8920d096ab0d342942d222d328089f6530ae2fdf
SHA512a448d0d10352dabd796e3547fbaedaa8a3459bbe6a4df55e8ed71f4d4dac9c8d6144cb7f91d30ee544260c88d27a5242d9d0b742909a1714a4dd7b3000ddd5dd
-
Filesize
342B
MD551ee396f71b0b4cb70f8c00b1f55934d
SHA1597740c7556a236f60b7d1ea55699a9307c8072a
SHA256df0f7e71b46e8029181c83454ec452c4ab80ec4d6354106aa0bac5e52940d10f
SHA512df1a884e72162a06d53877a0536bf3e04da56fd19746a2b6c2c74d42e498321b4071175d6e334720c01e88e511c4fb8b44ec3bc65f9afb37685a602f4b00b125
-
Filesize
342B
MD500a3775c599633602d41c1d3024fbc48
SHA1243a516f4e4731c103ac3ed142972b391442a2aa
SHA2569067e068fc2e24b9dd5b2c56177b15803a49176a7c2c84ee019c0408524bb98b
SHA512d6640216ad2c65084effbd2ea49308f48e21c88431003c98b22ad7b6a5149fb754378d0faf1e65946b73360480a1e44a18fd738f53710fa2ff2645b5bc92c2c0
-
Filesize
342B
MD5b06a6123fdcbd5464009d8e7b1ad3a15
SHA18c5ed603d2121f2e814db081b745debb6dbe5784
SHA256ab91139e11d0374567a62d6dd11ad6859630ba7c0b745de0d89b3d02ee353f1e
SHA5125b6b245d168670d624de9b1b6c45059a5b9e8463a01889e3b5e13584cb47e02a2753639edd9b53351018e81eaecbac77327b1b248afaebe790d4d0716f773f99
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
280KB
-
Filesize
184KB
-
Filesize
280KB
-
Filesize
184KB
-
Filesize
280KB
-
Filesize
184KB
-
Filesize
60KB
-
Filesize
184KB
-
Filesize
4KB
-
Filesize
184KB