Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
134s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
11/12/2024, 12:14
General
-
Target
e16982afa3555f8739316358388c4a7c_JaffaCakes118.html
-
Size
116KB
-
MD5
e16982afa3555f8739316358388c4a7c
-
SHA1
dd08959240397ac8220698b7a9d79d63fed15590
-
SHA256
41656406b02eda8d4b644155c201f7c4318078a8d0c705b19cbffe6edc80558e
-
SHA512
f73ecc384e35763c0cecd97f762fb06916f2a20ff60ee2d44c4ab843f3f5cc8dc23b16d1a2fd00e5eedbc003a30ce5b1a1c0acec6c9c9cea47049f2fd71a1519
-
SSDEEP
1536:SkhZKyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGL:SkrKyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 38 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e16982afa3555f8739316358388c4a7c_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:5911555 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5cb7ba99b9564fcc879cb6e76954af478
SHA1dbac95729391413fead3304cde2b7d9fbe2775b6
SHA2560eb3b63c89261af918a5de3781f305316155ab7c0d83594d7a251e2578644d25
SHA512910d4ce60a76f2d6af91df717fcd48056cefe30864302ed87d51f770cfab5cb164069beddddb8c2f2eae746d704afaf67e1dc92b6222059b235a5a74dc33f873
-
Filesize
342B
MD5fbc6f6efb82a72c2d39d0550a01f0580
SHA100838ff81178e659d90034afbbcdf32611d90390
SHA256cc4685a9b066a4be4c99cd178c2157d4a337ab78af342398ecafd4878eb2a8ce
SHA512bba448e8576191b160ead2c5b89d25973beefd89a6780ed44855241e8c9f678d3b70069286e4d72bacec8895111ad8fb9a83b8c75fa86756b6f0df7dc80f9d0f
-
Filesize
342B
MD558ea838886bbd2f5b08e1b23259cc340
SHA16e2145df9241c55136894798bf29e851df45a32a
SHA256e805d55fac5d686301d94b6084638f5b5a7a80566d626f99fad5e75858ed7f82
SHA512c52d90d19b48a0dc74215da07121fb34b867007e838d56da31b630440c800ab4619dcd0ffd1006b5d858f1ff801d1c1ebdc8a6b21b298fd6593d23f101239175
-
Filesize
342B
MD520547f6044a84043e21d13697ae861cc
SHA18b3ef1c14989fcaa43c46e1839f585514e86e821
SHA2561ec74cfaafb71f2565b7b46dc6405cc8cb5e1edb5b1b51c578ac9ab4f18f074b
SHA512c9e9cb404cf9523b159aa4b47cb821be416630c85e4b3cdaa9b6e41a2aabdda04c62af9a1e04ea0eae87a301a19381bcf015f2919e726f0e4a633da01a952187
-
Filesize
342B
MD5aa6c748a5a0f2769c9ce20e8a52ea6f0
SHA17e7d80e7f2e9bd831c2da85935a4f988a1f4b9a8
SHA2565c7a8ae9b6411d37e52f5ef5492bb04d6cd1022caf8959c6fbeac41cb4cfcfa6
SHA512fa2037888943e1b9443a6728151de7e95b17e66a4122b89bb9fef8ce8ba4b0616c11ad630f92f66674d3a405331167d14d99728f62fb151113bb418047d3cf4d
-
Filesize
342B
MD5ece79690e6f86d4ea0a4ea41a4d71cc7
SHA113adf0ff9b4f649b1378d6a705a58b32113b4d10
SHA2560719076f10655263e5ffba1ac8f98aa9bfe91e9256206661f9cf84a4b0ff109d
SHA512260bd868bb0b087127059f7bbe90e4daa51dc5210f5510e2c25558bc8e6f28c839c136e2120960d93f54614786ec83ae19a1534cc01b692cffa30447993d5ddc
-
Filesize
342B
MD5d4e9cbab0a56dc766c7ffc7343acf575
SHA1d9ba66e32882b1960fdd9bcbd4153bee62bae589
SHA256c4752e57460c0e99253555cd54b3363cf6226538491fe9c0fd6575fdbc0600f5
SHA51223eebdf3313ee74366dec7084504d690a7fe358515c5f8b3ac613019d8e6c110a952f250ad5168b905f156ceb42592fe06e10c711b32eda10c49b4db2e0639df
-
Filesize
342B
MD5fac5fa73d0cb4a798c0332488bbb5311
SHA1a1042c13abd72d0ec7788ade231b0ec7e0a4ee65
SHA256be8266b9f6b159fa3ce4d351d017876f5a0d90322479c4a442584711372231b1
SHA51246d9fa8959b8360f496ba9897bcc1c53334788de19e4e48f1e09b968cf0be89bb3ac05396858c603d62308b3f3291b7517f524c3619a5f60e9e019317367ff63
-
Filesize
342B
MD511294aa033a98540ed351f3779fa67c1
SHA1a74dd6eb19cabbab6e9e014bd26b73e9cd25724a
SHA256784097f47845d26e0e99332ffca0ae94e95ecebc68b00137c328d73ca923db62
SHA512bf878c5a917bc2b82e554d1b8f614c4d4123084ba667b0ec471dedba4226b4ddeb192b661b54286a110d981e16d7c8665e101a98f4866556af58b293519a7d38
-
Filesize
342B
MD59fbef31f2bea3349fea22396968303d5
SHA134a31f7a8b6b698cc9907885d68194bc24b3588c
SHA2564c63ae0e21ea69bd555180dc0daa59bd12474cbe84c80dae5b9693fbbc6e099a
SHA512e7a9df7547c91b8cbac739fb338dcc1c70fd6e9d211c38c39353dc8d424a3627bb46c1461a37de1a755cdac1537e3886bd625b1803cb10c7a6be51d9dc465bb4
-
Filesize
342B
MD54350db16fce9c0aa97aa88f202361d39
SHA1b94381d970773f2a04a0d9fffd9e5dde081f3164
SHA256025e3ad6daa7ea7424bd9ad7a08247216d029fc08d85bb67fd25a20f83ef0842
SHA512d9b574d6b9e918c0c15afbfbcbc5d4781eaf6f683d3221bda5d159ff88429fa303f649262501863d33a27ef409343ae2d086874e7456e075bad8f7de38c47653
-
Filesize
342B
MD5774d48d8af5da9f5492e75314ebb6938
SHA1fea42d22d0408f31e9053a0d9977f6c0bd625e3b
SHA25675e083c8b32414821b2714ed9791bd95dff116e258f1dbb6c424677d15381570
SHA5128e721e39cd974fff12f29f80033d95107d6c73259d5dea4a2c5ecaeba4faedb47dcd3d5b42b3569416be7da9050aedb2328447398d2945a5b04233f93db11db6
-
Filesize
342B
MD570adeb60d7b9d2cb5a0bf4c704491df9
SHA16817bec70f8445dcda6d0ac673ddedd00a2f21b4
SHA256451806aa7f0886d18f093496b022bac23730e7a77b68dc4714bebbb3837b8798
SHA512b3c2117c20d951d2af1939c472c138eb29caf5a02b040a297f0e9b08c871552205568d7111768466058eefa96d9f4e10de81106ea3a1b79e7aa25a69bd416e84
-
Filesize
342B
MD59a5b832e6a7a59ad24ebc0ef395bec47
SHA1f9fa6ae70e64dc681b48215e954af28104583274
SHA256cc5816b8547d7969435f1bd3d1935369184bd81c8ca7e5a3b80c58af581da733
SHA512621f5d6de54127c5ab68c76680489ca02340202f0a8508072011e9d4a056dfe0291048dabf9700a78771a8694b617dd3e964572215cafce42cfc85cfa063ec1d
-
Filesize
342B
MD598fb557ddb709cd317d1225c41182ce0
SHA11f97782b5495ae3a6f247ee0a49ee0d568416e4e
SHA25651d82ddd3502db458591340d3561a652cef6348549ecb1ef30489fcf255e2726
SHA512db335d75c7896bb1fd54173ebaec014a7fc343713890d2678e9e1a449b2ad90fd1332445e103a2534244be253a7932599ca86ab51274986fbca91dcc9501328f
-
Filesize
342B
MD58548fcd3269f6ab49777f0c04289552a
SHA130ecaa866672d142e8752c707babc3e20218a6e9
SHA256765d9739d9c89d748352d31338112330fdfc746079ea48f3a0d8612380868dc4
SHA512a9d45e6a6dc333663366f66700a6359ffd4f924f203dcc4e325fc73bb084dfc1f8833fb344ca1d561bd538b50859e6b22630448759b3d86b92a6f854c34c8ae8
-
Filesize
342B
MD5670f2c42bf042ceec6c3ecd9d925177a
SHA156de2b46fc22369826aee195ce9cc2c8132c8908
SHA2560c75b518cc9e5b1a288ea1ee594bc9b236c877fd0d6c169f5dad79597e911f18
SHA5121bb5963838902fc5e8a8a6046ea944d315abb5dc8c23e013b1fd5a43f7664a22e7b40d44d6e709cbd8ea20aa681715370722fc9565c780de342c6923fcf603f2
-
Filesize
342B
MD58210b8919860d498dee2539a3e4eed66
SHA1a2fcb49635c14f3aeb5b29e7b3a48f9732ba980f
SHA2565d07937fa2dc39e7d8d4e9c98d0e79c38c8c681355200e0127966eb8e66cb827
SHA51238adec705235b01a13ca2de4aeb525d6ca75a5f4ea6a29d8cb96591df7ab78ce580a92d325f643e8d9f6569219818738441cf6939831b0aaa3006ed72ded50a6
-
Filesize
342B
MD5b964f1fa5f45605d5e528d1f8b500889
SHA1a8836baeab2abb5129ceb51ff68fa795a32fa7a1
SHA2562ac52ef52e43af72baa1a1a9bf410eb0b37f2a11f8c59b5b644d70355ddb8258
SHA5125ab6721c62fadd51e4e5ec8fefd98a7660b94fec28e8a6507be0c9781e75befdf9113587040d62bcb003809c214bf28d4657fec1aca52416ddc97cd2c895431f
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
184KB
-
Filesize
4KB
-
Filesize
184KB