Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
19/09/2024, 11:40
General
-
Target
eb41d283fa2bd1f9c5bed4e1806d0a43_JaffaCakes118.html
-
Size
127KB
-
MD5
eb41d283fa2bd1f9c5bed4e1806d0a43
-
SHA1
b104901fc1d52cb13583c1e5b1b4dffbd0f70cd9
-
SHA256
7ed66ffcdf86813b56b47dc0c67cc8a164518968f0d71641d68b4d9f2395dbd9
-
SHA512
67b9164115a9813490bcd203513234f6cf738f1b622d2a2054e70a69705e52dfedd85336855acb35a817ed12a5265652de9a2f394edb321e40e31a27b3639226
-
SSDEEP
1536:S+Y6yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGCW:SkyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 38 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eb41d283fa2bd1f9c5bed4e1806d0a43_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:209933 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD570f201a803fc03670939c8d72a454a57
SHA1fc158e07c000676e200b7446bda923608d2f8d07
SHA2569c315aad899c09331cd864f3ddc663419247e40853d84b7721e4e1279dd202a3
SHA512945d3461dad0e7fa99382eeec34ec3ef10d9e890430feaa95c9ea16fb962c06a2b3b925e2a086e754b5bad2f4e3fc3a2014158a30a3921cfb59bca1792927487
-
Filesize
342B
MD5d0b69a79e31f65bed2a3a30a66861619
SHA16f927f84c7c211ff51a501cb0f99a586df91fe14
SHA256dc9c47d587f4ff895cd04ca9faef20de704ee9da4a2a6398e85e4d54f51d645e
SHA512a62aa58f486f18dab15145d101bab5a54acf8a9a97775ef23dddf1ddbb05e96d83e0778edd155b4f346889f98a90f2765f57ef33b392bb7b53281bddab2c4ca7
-
Filesize
342B
MD5c394dd08280b876d78ba538e23b29e13
SHA1c09ee6732b3de19d6dc6c4ee35a4b150389beb95
SHA256aa5da3c96b5b26f6ef9562e2e6087657eb9642fcf2b8b6ad3b940ac13dc415cc
SHA512a8f6def8067cd0b7a1db62b894c5099fc54acba2c972bb662bc90106eb3df3bac6f7c19fbe9015f6034952081724f1af16349255e6a94bd4141f233cd24f10c7
-
Filesize
342B
MD5cb4484917bcfaf23977797e913502aab
SHA1c9e0ac79e3f061d5c27158ba0b8232120604d7aa
SHA256be8c8b60a7d3be600e3e570bb63326d29ede8fb4caddce2397b6540d39c307fc
SHA5122c14baddf770573703e2708fdbd9761a2c855fbeb4ed04be674813d74113c60595d6e9a7ff75338d6f55f561069779a9bb5de41afaa7bdb88459c04e90433694
-
Filesize
342B
MD5beb0fb7aa8d5b49dc53189a5d9b82e08
SHA1d1a0e5632f153cb49138a1fdf66fd527c66c58c6
SHA25651e9c3f5def7f67d2965c544b2b9075ef5842ee1fda6fa97911d7cf8f039ac61
SHA512a9b67794ab1ebe98f2972736bf3538852f215af5cfb09e0a6c124b5a423cf768a8c48271c8630d4ed14064c110ca57089f33653696d7c72d8d178074148d1436
-
Filesize
342B
MD5fbf5b143bad4da21e1298675ccd43469
SHA1a9f00ececb7e864594c68bf6b88501f940616843
SHA2569da2ba01b325739d71db6ce62a4abc97f7ddb06c7c0a7db3629a710cdf61173e
SHA5128db75c5d92c8ea2312971d66c4a9244cdedb4b865d95a1232ecf0d67b7dcd6f7dbe2e5cd2a899e029fb1eb5570355ce263b19a7b74ee8180516fbb56af76e9f6
-
Filesize
342B
MD58e1957ee21e4d7b2af4307b342b82e08
SHA1ca9b43963a32b27b530a16547b334837989aeefa
SHA256ed9a82b9516ca9aa3dd5d23c990bb5aae6d721000276bcfd7695355ba0d1f821
SHA5122a772db39ccb2bc6ca6a6db7d0a8b91a11077c673c866087e005003964f83ee409dd5e31527010b2114b06432857a9cb1e00971033a3819e40ddd52b28854b32
-
Filesize
342B
MD54d326c1e923d4c18f8e81b85e4e056cb
SHA11dfea8b8b5c96b6bef3b87ed4f81207d0e344710
SHA256cd02267429c6f5dc89379472d437d9dc9553e1817ad455e9e1077755bc20730f
SHA51266d6ebdc4d107dd65ae68c20c6fa2f73ce691ca33483ccd54e74eeae1dee1e1adbae0a3a951db1637810a65e77f3e595ecf2fb9bf04a58c7b338c68ba60b1afe
-
Filesize
342B
MD5d60cac696b7445af9f6472e438ffe53e
SHA18b61de360bd6fe776c613c33c78af2495de5b6b4
SHA256c5d042d10b555d71b9a225f2065e1a9e1174864802ddccfa67465ada086e98b0
SHA5128cc6f35b95538a90471a6fdd15d51ae1f11135b4c802a60a46f162bdd37852ea06def7eea19806f9dd86ce925ad64a13bbc66f4521e26975345e939af9bc04da
-
Filesize
342B
MD5c21132628704000ebff4044ef3b5a40e
SHA19dcbeb87708007ec190067ccb583d50047faad36
SHA2569acd9c57fc2858c4847efcf4aecc03e41fc60cc9d6d708362e5ff75bc95c28f0
SHA512177713334f21b73f814bcaf4c62748cce73293991357e98c0a72ad3645d873559c63be923e112022ec7e8c8b85074988aa64e0d2cf4cd0d0a3f264d4ee484fc9
-
Filesize
342B
MD5cdd84bee6aa8d38be010b74fee405ad6
SHA117dbd11fedd76c43346381a2241424d85a929817
SHA256daba23820d7c225cfa8209bf0e5bd4f0d6f771206c700d1e5fbde5b3e5619567
SHA512abe50d7cb54969efde6afb9865575c90cfa25ffe7fa830a863ad56dfa89fe86fd60df8f74f623aa5e6f5aed4ce77a9f5ebfd25c8b9a9b35b33d9ab1f56c37e4f
-
Filesize
342B
MD58bc81e0678734bd1cfe82c87069c2a7c
SHA1f48e9ee7d5e49f34214c0adbe897bc62ed42d6e5
SHA2569400900d192c4311ff677d6c3c5e06b40a4efa697c1b85092e526857a9ee107d
SHA51282778b4ea4b00417aade242745d552df6c9056c141be5e087c22a67bb5dbac3df3f85e9ad076492b878496be6cbc0bb20cf4ca495d184d081e1e5bae33309126
-
Filesize
342B
MD5cb1c5c6dcf2be4694fd0d4e883e899b8
SHA1607ad7f75d53dbcf02d6876f49a06a25ed0bb3c2
SHA2568ea205bb44c5867163c82e68379c40effd03e6da3d274f130765aa6661240a1c
SHA512a3d910f8ff2d58c308589656dbf56d65ea3045874262fb0467a2752ddd74312c57672d9ae1618f620f302012eeb0ec4a25dc98a7663302d1017fbc4b7d1000f2
-
Filesize
342B
MD51d6cfc4c483974159bbd1b21a4e05b86
SHA14ad71b2e81cd4b5673f7102cd8941795298e5e77
SHA256128b5bc394a6cb0a6b0da28470ad7ca12c8d2edf423682169b9f16eafa1ffe33
SHA5128ff057db5fd50058d8aec0dd7eb7fd67b803354d4ce8c82f497d11f21b159d7c6d84634b0266a7e691155652c44afa7385d0821cc2f9d50663d1ee4e462e30b9
-
Filesize
342B
MD5df625579f0b9902bb3f0069e01ee7a55
SHA1e2655ac32da26076621b9d6e0d72911a9867527c
SHA256840dd970d9ec7ecb2610a19784d3ee3e406ef49f5685f0f45ec0f1c4412d8b05
SHA51249ed3e57cc32e592c958f5864e804d0d2f56c833fa4efcb684802f3984761d3e4647617556813dec8dc512e223f99f8d03edd670c8198e443fe7f2bd5809c785
-
Filesize
342B
MD59d7f7604602cda34ae7ed994eba4ef22
SHA1f980f3b1afc7645d8a6370c00f212fab83b234fe
SHA256b4eadda84218563ab377f8dd121314f7e9491dff98b72b8c065402cea170d9b9
SHA5125311eff5c94b145fdc71b057db358e6e81a2eb1c76564fbab77b94c37a6bf0ae60da29d6c435dcfbc475875d2395fb495ac4cb701def8de54e3def1e79494753
-
Filesize
342B
MD571881a97bacdd20cfd8879b508392640
SHA130b669e58a37e881ab045e9c12b495fd48549480
SHA256ed18c9e11683ca49257acb971f3caac297786e121bc142a3199b691deb61764b
SHA512c2e0d69af4f5d0f148638b80fdf596483a32ba2087377009ed1200f780f8c1ccfff5a50ead5a71e7e5d7ab2e6f57ceab51b089451c92a7f15df7f8850ad02e2f
-
Filesize
342B
MD5a37497783e3045a4388c345535e7a638
SHA1f0c2c62adf642cb0f2d5cec66627da91794c370c
SHA2563e1c2f1e201c4b9a31d999e85b04607280d0fb47dae5875993b1651b1d6fd451
SHA512ca81d65e9ac5bfd847e6dbe232f30cadbd1e9fabda9a7042116d7c12fd57d232bf023155f860cae7a1ea2e1de8073645042678089e8314070894bddd905624ac
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
184KB
-
Filesize
4KB
-
Filesize
184KB
-
Filesize
60KB
-
Filesize
184KB