Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
14/09/2024, 23:12
General
-
Target
e139beb2696121e5fe8c44c183274197_JaffaCakes118.html
-
Size
151KB
-
MD5
e139beb2696121e5fe8c44c183274197
-
SHA1
5bd3a6cc7c542e6e30692222a784a7bc8000c494
-
SHA256
2d0614de8ee4b948f9b3d8ebdd972af3985545d4b1db1867641920621c51be54
-
SHA512
d1139c6da4e967e76eb4c285d4b092c733b2a34a86af831baf376a450440718ebf69b58ea00c1b2e8e557eccf51df6821eff93f8fa588abaa5f02e26e5a9b5b0
-
SSDEEP
1536:9gj0rXyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dK:9hyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 38 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e139beb2696121e5fe8c44c183274197_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:537606 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5e52bed4575ef877f1469296320ac335e
SHA1993bfe7757dbad09f074dfe56beb135d6132849b
SHA256725455378b04a200639ece4837d42fbe7ea84f3a300bbc7e76c57e3172619a22
SHA5124cffc6b4d9ae7e45bcc5eeda1a4932a51c1b03395cc9d51461efbe7b5df4ac87fc6ec5045186d339ef2f1c296638f5e776e80e7eda6ca7cf016a4a77d1b423b3
-
Filesize
342B
MD59ddc9a3da706b7d0525f9ad7f4010fa1
SHA1a29797711c3a0054082da84f5c36cd472b165bd9
SHA256f7c6c71ec8760edf1be7096745baffdfda831a7a3785a6e7eb82e30b613dc47e
SHA512d53833fdbd6d04bbbf8c8fd142d16ae0eff5dbe68969975f3e1f05dc3aff8e6c2923fd2a31e2fcb2b55f42d5272991604229ffacd63352359bf56d999935f550
-
Filesize
342B
MD5154a545e45cc7a2e0ac9a5fd7ec3674d
SHA19d8cb1c0641fc4c88e868b007e73907a2c206413
SHA2569a17dd0bf3433da5804de38b6ac1c5eaa31583905d1fcb9bfd170b63950f56de
SHA512d3edb757b662551ba08b9236f7ca0390586d7e5ffc509305d39194234f844ee4c14efa6cb5fa33a107b0efe30acebca84342c1ee2397c0bad3e85832aa30059e
-
Filesize
342B
MD52b7daea01a5dfbfab097512e456d5b60
SHA15a2b97afb86343c6893ccce5e2c241436672e04e
SHA2560abff7d57a1e94df8bfb0f59be02319188dc0fbc066e38a2f327786963afd7f4
SHA51282d48ce5aa925db192a8cb2c9cdad64abbbd4e6497c78ebbca2b45c9a9c331e4ba058ec4557d8d0b60148d271ecbb5574c7ac7b27f69631b2aca92fa9cb1d86d
-
Filesize
342B
MD5e8ae2cb725e1860076c4c05f02a5653b
SHA1a05623a21e4e8437a70b68c0660512931d22760f
SHA25670a04c8e2fdd79414e233e5391f6849a5920199019a1d6dc7ed85b884d5f12cd
SHA5125cabdb6d46b2dc0ffab0d6284d10895330cf9b8b805b6f8132d5bff13db83a3cfef0738c13160ee789a6f87cdd19fa296b62c4f7a915799962600cf5da42473b
-
Filesize
342B
MD59e0011bde77f882c11e6c1ce2d803fda
SHA18568872f4753403525b8592527542d31bcceee96
SHA2569f52b7442838d7dd568b2b4a7e60dd9d8368697c1e9a3f8206c3f68930c958dc
SHA51245a042df61c672270fd3a9664958f55433237c7e2be013b7149a501301d87ff2400844b8237434f7f22e42f95fec654a9bbcfb3f94c54e64ebaff45a2284011b
-
Filesize
342B
MD55b1affb2faa81c7e67c44f81126f42ac
SHA1970a0585572de66702eb1888abeaa492b91e2636
SHA256f23da2e116da7493505f56f9a4cfb2363b280cc0e13e9600c9ede8a5ed7bf1bd
SHA5122c43c48c88fd8ca004bcc6af0d97af0d207fd379b15ebf1ab075577e8fe34a3243c7f884806f8abace8026be793837edeab1aa8b2d992ab3320c2eb7c7a4d185
-
Filesize
342B
MD5c1d33432a9fd102f743e1a03d71ed2b8
SHA11fb693834feef404a5ef37d61bee1a495269496f
SHA256c35aff0f30d5d9706db3d9f9578d07216bb675b0fa9526c759466fcff8ce702a
SHA512dd0cb40baa4bff23ba042ddea7dc56328e5e8b7261c5d252835a3b5029a49d8ef33357a8acb714dccc47474db6748407ebb9c2ced7f93a60ce473bff8a31cb30
-
Filesize
342B
MD51075b2caa7cdfc26992937e1d860c8b6
SHA15155efd9155cc5098be412d239daa1f2258ce984
SHA256cb31a452022b6d5610bb1f4a1df1ae1af8bc87dcd6ca5253da42f60221e300b0
SHA5124efd1c06b93257a4c795d6a2802d40fe746238b172113cac7aabf127021d5c31a26df4f05766040f3335a42ecfeec8c0579c90a54e9d6ba986e56316145fff4d
-
Filesize
342B
MD5209325af0e7c7562ed4305169ce7c9da
SHA1d3fb03b5cd928f5514fcf4afd5f5856f395c0c55
SHA256d72a0f980a52b7da87ba1d8feca1e28c955ced164a116f28d909da4fb55b2330
SHA512570f8aa8541159dceb18cedd40115f9e70cac4fd6f94cf71e86a6efa68edeee464edb1e76b2d9b71fe513750396e17fb5ef51474cffb0fa2c2a406e4e4341229
-
Filesize
342B
MD53a21a6dfba542c8397d52b71db2206af
SHA14f399ad07c9c3992ccbc51bba460698c4c1d7b8d
SHA2568f463f8efc9e67621eb2110b7e23b6caa02bcb0443519b304fc25ac0be23a26e
SHA512ddc0d0a29aa4746683a8c6661a456be4f9afd1bf7adee0956e0966ff30da9cc6af3a0496ff817b9c430ca8298fc3f34632c0a8679fc7d35b06a748f5e1d3af6b
-
Filesize
342B
MD5f86cede266ca0b0bdbc7edd9d0394c5d
SHA1ea83d75139d0e6f2872cf7a1e594b5a236f392c5
SHA2563f02d045cac1d4f19890805837d92c27ed80992cadb4bd1205ae1f9ca872b5d7
SHA512a74524efa957599d81ef66bdb738fec200e2904738ac60a44b436ad8af1ef66f7964044f83abdd3a94b6a119a7a66f50065ec302c68957c55c81395e0506752b
-
Filesize
342B
MD504eedfce5260b8a4eb680ba3f02f8ea4
SHA1a34a94fedbe01ebe4d4f2877d8d81161bebd517a
SHA2567486a57311e1ea6c2db799265a0ac8eb45e0ddd47b2b49766a55d815fff3714d
SHA512cb07127ac9057221ca57e37db4bc79710b63e2ef06480afdc7e3872f50c75ef41fe58e09bab27139cb78d723e6923743c6f5c73d6242f900bab772e584fbeba6
-
Filesize
342B
MD5caa8fc73d6b8f5fba099fab508394c91
SHA1923034e153cd93fb070bd429685ed75293394084
SHA2567648e02950e3c2501217c20e8a71a243e12e5cb02bc138c8660a97fd3d60c74f
SHA5121ff8e676dd16fd52c0df79a7572001a6aaddf84e827281274b98fe01b62b64eb504d6f78b2a0b82eff462bcb575aff0bedf8d86111aec6d03ac86cb46c1f8d9a
-
Filesize
342B
MD56a6390c045190d12797195ce327d43a1
SHA1a51bce23114aa929d8ef7b59ef45cc2808901caf
SHA256ce0ac145e40df7d88f940bc164594e657fd14f2e88e13c6a7914f2b1357d2dd9
SHA512309704f90a5f5abf1139b1f52b4a271bbab34bc7ee1c584b8b5813fc34e78bd2c83afb5d82d301839286047a5a2fea6618acffdd69a25b19ded648fc08b9a453
-
Filesize
342B
MD58f2d791739b54c69cae8c46a917a0403
SHA13451afd0c13463d4d48e02a3e28f48f517d28ea5
SHA256bbf3227fd688b519c6a4ac22200050a38667b4d600ce6607e7b01e2f3472ba10
SHA512d197a7aa52a2a09ab5e61a28ac82de0776051159e88e3aa16392a547da2e61aed15794742cd05338558a706efb5a252af7987b14203a8f6f820cc8ec8c15bc92
-
Filesize
342B
MD5c7d36645890e7e62327a5de25357d0e2
SHA159b58ee369ff5cd30418948d1a442d6e1a13cc55
SHA256d05c516426fb2a37711f4b1f89829e4694bf853984ae69737ce2ba67bb68213c
SHA5127aa08ab999457ad00781fc9e6a74c02b2d3c5735cc4f19a42a333fa52c7b3c144d24149bd447828dfe1aaa5bda21aac4c192ff5add7d279e0340776537c93042
-
Filesize
342B
MD5018cd2020f697dec006a154d6177a75c
SHA1a73b98f4d84aa581685077701ad3b65b0f472f32
SHA256bcf014edb04481a8623e684a151e7ce2ee8398fbcfbb89315ed2e19feea8bb60
SHA512a8c29e36298e3d681f1e163a79e4e89f32461c1ec0495f5833a5fc362db7bcd829df60846b9bb7d50d29a52618e33a12c0b851abca13b9a7e29f3f6b505ad7b6
-
Filesize
342B
MD558922fd796367cdac16c1538a3b62f36
SHA17c3f4c0d6fe15f31e7935da108c0978b8a6dcf6b
SHA2566636997374b88e6540242f94f03f0b2eaf9e762c9168cb67caaa25285c8c0bb2
SHA512c8e48db9372059dfc245fadea87e4bd9a8ab568b0d0e359597c81853561cf500c4fd7b00cd31d326e321dfa252df2003fd74ca377b6ebd424f04d7abb5e459c1
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
60KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
4KB