Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
-
submitted
11/12/2024, 14:42
General
-
Target
e1ee6c3115b5881bfdd315fa345e0605_JaffaCakes118.html
-
Size
155KB
-
MD5
e1ee6c3115b5881bfdd315fa345e0605
-
SHA1
c23d2e8bbb37bd76e84735be8636fd69771fc1c3
-
SHA256
e658b55de6e7a2bd37d1ea86e466959a207d47987614de898b31b1cde8858bf2
-
SHA512
b828a600ab32bac253e427dfbf0cca897f9c19b2e75b32babf3e7e5b95e60dad4a25c9a728bad7c69ad3a6d4231d7e4701fa3626061abde25edc74e40d0656c8
-
SSDEEP
1536:iGRTFxiC+uMX2mMhLd9yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXu:isN+e9yfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 32 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 12 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e1ee6c3115b5881bfdd315fa345e0605_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2556 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2556 CREDAT:668687 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD54ba95031d74040b2571acf4ddbf23aee
SHA14c5dcd32a74ec31f999020a817ad2f1d7e98188d
SHA2566c98d704abcd7abb9ecf6182f925567a5ff3bd0ae569fe2fb8c9eb24638b2df3
SHA51219f4589ec77ca49e639871d566e76b2bace226658c148df254a33e9ec61d91f909381f52e5f578b7ff3d243787064cd1b669e6799de23ebacad6d24c26cffada
-
Filesize
342B
MD5fe94f66913c1feda9f71f15b01639dc3
SHA13d3d2c7e6fb35719428ee88046eed4159eb52b6a
SHA256ce7712dc4d80d1b31bcd623ba5f93d04bfafec1caf3854a100baec58e34bba55
SHA51276bfad27ad59f74d55e807b1b367bde3ff305dd6b95756af72e5391d981a2b5d935cf79fcdb14e2688b05d1fa2ed2b492e821c89939be05c6a888d1a62edbe39
-
Filesize
342B
MD58d884bd14d5fed894c9b808799834707
SHA1b5e5bd70c93fa5fa07182d4a62d6daa48fff5e43
SHA256304146dd4b5d65767fe8adf2d947c4227d76b429e8d8428f60b7239c0a44c007
SHA512bb2ab7a6f2c8e54cf8acac1a4ee6ea290a20957294ee2b9398d8528117b20f7efe433e0b2dd820b538b270c130e4017eec3ecb5c795ec17648f085aebe940641
-
Filesize
342B
MD500acedeeab41823e828ffa3cf5972446
SHA124b2836063ede45f44988d67603184de2182f530
SHA25646ecd88d92caac80ea77f55aa343217af1de393904f70d99377947711d8709aa
SHA512f049c0e93376e6c38113219c9bcb58360792176c9af88d7185208bdf3e8d0ee0b1790f05fa747bc4fbc52995e64b64219fec5574b1da825aea8faa94a7bf2fc0
-
Filesize
342B
MD53ac6a31ae5a88d9b76e8d074079ba967
SHA13cca2b52186bcf6915931dd7a1e989447f227de3
SHA25612062d8ccf196ae2c74bb55fcfed0ddeae654abd62dc1cce317ffce017feb9cc
SHA512631e49cc5a2a7259056295999f40015e4a60a7d446910835f4c8e76a2b3f9ff81ee82aff805dbf4f8cd15cc433ba3373ca645572dc3182b13c5420ae17818a16
-
Filesize
342B
MD51f311d4707ef661b000d64524df4fec5
SHA185222e8b91946aaa199e214ad4029573ced462ff
SHA25616b5967ffc76319f801e2e4d8eb00d38a2fc7e85e376af4218261863d43213a0
SHA512048924d399c850c4719c3223523374126d68e4fb9bbda053e61765cf9d7d9e866e958217d61884a0d1a593407b0328fc6d191c0b45f42a6a067e8e3073d630c6
-
Filesize
342B
MD56a9713c4fc533691faa5868035c2b60c
SHA13bf3f100ae738ab42e4e02c9412c51aa34b0111a
SHA2567fe7fdd0096b6afc40bc604de161cea35f2c856773fabf8f72d221581d95b7d7
SHA51212d640a80dc12bf9c465216a1ccd0a89c4d8b933dd6cd2d0dacbd34834d8da946b12227f0be9463c905fa27681592088cb177c385301f92aa6e1d6a3a916a30a
-
Filesize
342B
MD5b6e5b122faae2969163c46db5f135f88
SHA1e1d3f4c463be7c08f5cdb9deabcf845472f40e08
SHA256d27844193a35a52107664017edc495b344a570eef10767493ff4d9f59c21b2be
SHA5126f615179e3acb494df16a3f871e7ad46c26cb4f3769c6adde0ea0888bf86f11997c4a529dc2042750fae27358696d3997ee1bfb79d6e32fe6d0cbe9ee98c88bc
-
Filesize
342B
MD51f7319d74dd56faba81f6315ae352ce2
SHA12e82e1306575d4d19c9241f5bbe66b665917787c
SHA25676d13c98cd18b804084c4df0f4d108a5175bb23aa959f6ebbf7e70df2a96aff1
SHA51272615d0cd49f1edbe5214e357b7ae35f97acf0bdfa3503705deea71edd41044eaab67fdf1d82094acd5ff4ec5dd586dc69d0fbf85f8650f502e5c6123b63ac69
-
Filesize
342B
MD56b34e9aa99d038ea64a4a73693b2228e
SHA1dddb0eeeceaa80fa4c4e9314ee4215f0766b9705
SHA2565eb853999f6c025c492f293ca39253ac02d6c7ed4644a1b3d4ab6b96361f2860
SHA5125693551f5c23e4ccade5b88ad3ac9509421d599a4972760812360bd855e94072ea17c084a0a3cb2671972f15458c4ccb45c03e341f1f9bd25a67dc3713cc80f9
-
Filesize
342B
MD54ae9f63f1fef28093120771b24d80e0b
SHA13c555e1ed1ededd5a9e4d28a19f1a523d319eb52
SHA256d192379b5dd0e617ed9de54112ceb4271c3c83c4cf420ba19436fbcd914f7f5b
SHA512a162551b23f2b3c41b2bd55e69df7a539b8f39fc2971feaa3a5b7de092ee75e5b1a6613a3f05ad1ebd28d8abc8eac52f0b1f058d3006e4bc6a3e5b5dc68fe5be
-
Filesize
342B
MD5b21de8d25eddbf920614c0dee67c0226
SHA187e0e31fe368640c15d2abf88f989f94e01730a1
SHA2562b698220b2ca6c0af2ad38286eec549f192476c216591dc0b7feaa58751c56ee
SHA512e104600cc52b90acbf61b80daaf0d23921eb8dafa33b51e16d615d4fef597d37bcf671b55f6a3649c696085ae105a4ee8fad8e7e57f1ba284c52c90506f1906d
-
Filesize
342B
MD546837d546f4659e4163380b691c9d02b
SHA1b8936b4d09de71b6f05336c1b272f68e53b3fe4a
SHA25646392b04baff9a41b84daab4fca17e5717136b6f075456546ccd04358d15ab34
SHA5120e4b06a744ec641af5764a7c225d0725dbc7a7571af744e5b8d05f142d58c352488d8435bc5f7e215b0f87feba80040c7f513e296156009588a3e9439dbf1bbc
-
Filesize
342B
MD5fd67e7abf01300814681af06285a25bf
SHA1b2eeca8e244e64bb229811e3f58cfbf5fe6474a7
SHA256832b11af3cb39ee0f96517dea5a1bbcfe84a55c62624a27496cb34aa8cb18650
SHA5125d449b508942240bf831f061c4dfddbd24fed25a3ece65f1b8f76388dba2d6beed4a04a3e666adf433c2f2b49606393e99a47d710b2626e05e7e3d0e471377f0
-
Filesize
342B
MD564521e430f17a64b80d918d9b9e7fd6d
SHA1cfd250807d43004166c048d9fa1616fd16cf42ae
SHA256aab31f155ff5e9a5eada288852b82bccdcd935da446a8995730dabd2facd190f
SHA512b41d7fb65f6a2736d1ce0dc5261cee86f578438cd095ba2da2078061588d32b61aba29f76a37a4a88179f51bde58a4b117ef3b9a0522277c167e6a279a1df2eb
-
Filesize
342B
MD539ec3cbf124e6ce1017c5077a1952c0a
SHA1169cf0f8d1f03a705f9a40eb9c89a9ce65799125
SHA25618e482dbe1881b93bbe999785bb9ac08f10e0b56d6c2adb17266a48ec79a846a
SHA512de656d9d127f2d0b8a112e700a6b6e31d3e7bdd474fc22b3766a9af9a7b0cf2cc697076222a13489bba44e34c69968a97d8064240613769330d5b56765f791a9
-
Filesize
342B
MD5f09b2d0fb782d5ecd358bf46223c814a
SHA185b0e9db0a477901977d98fc849807c5c2aeacd0
SHA25688afcde46e389aec06e4d8a6696b0174f26e56280f695c470f32069debb3c86e
SHA51200339f4cc6fb95c899d8a47edd4e1bbcd8f5a39614e7c505cd1e8241e15ce4934aefd42c6a3c8db2710ba063a3ce0426764d780f711d49a59cc9f6904e5008ea
-
Filesize
342B
MD562e0f4bbaed7b5095dee0825120533b2
SHA167a38fa8ef4de14e0ed1c280b1602ae4197d8b7c
SHA25676a090ec06f5b797e03205490e755faecb0ab4f4ea9c6ade92167e760195314b
SHA512d105771111512a892e0906a9727cdd627cd91b2b428d32e8fa9d5b13debebb32d4c73723e44d506dc8d84cd0ff69a2686db8ecc4826b698bb3eb1da3cba69230
-
Filesize
342B
MD5a86330e8a0760b4e13bd3c894e18906c
SHA11628f08a61f38deff98944269c56db3b899849c5
SHA2565aa08d18015fea7c8e1469fc7f51a68f437ac2e36186c65c8e4c7cbaacb38f60
SHA5126423cfa3437fc4fe8c993154f09e6e101791804a90cfd35468dd1dbe1951da4cf7e48a30eee45ab36e526061363a2f9c24a57997f0e2b4cbc970f7ece0547c85
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
4KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
60KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
184KB