Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
15/12/2024, 13:31
General
-
Target
f43a65b4cc4a930f60760ffcf3623e6e_JaffaCakes118.html
-
Size
371KB
-
MD5
f43a65b4cc4a930f60760ffcf3623e6e
-
SHA1
ac6194aa36dfcf6551a5d75b0a9080093bad7293
-
SHA256
3db216e039af9704113e6aa7f320dcd1dd6fbb54bb77e7178f4c5e36358ada4e
-
SHA512
0ad9fec01b4415bbfc30ad6326894d7f55ffe6e7fb59a69fc86fc24110a8072ab92fb65d0edb0ad6dd469effd4b64394683c5bf0cf9ea8960fe6cd64a1ed1d98
-
SSDEEP
3072:iEz36vzUTvuH8ophMbyRZp2vERII9Bz6QLepldI4dQNuK/AmvRW:vVaH8oeyBs6I8Bz76p3dQNvRZW
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: MapViewOfSection 27 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵
-
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe4⤵
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
\\?\C:\Windows\system32\wbem\WMIADAP.EXEwmiadap.exe /F /T /R4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f43a65b4cc4a930f60760ffcf3623e6e_JaffaCakes118.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1996 CREDAT:275457 /prefetch:23⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD59b6f52078c0c579275213b08011c46af
SHA1fe3b522b4c91d25a57e37ebdba4713c3e267c2bf
SHA256e88da07f59ec26cfe6830b6ca4442e501dad90ac503e13fdd57a4a005a7a3188
SHA5121a69640a8c9960dd7177f0768ffd004ddf2d11a473da4432bccfe88d0208273d0ab06586274fccc7961b6459e45428cf90e0bfc983807e1a40cb27ebc3804d07
-
Filesize
342B
MD54219440482715474929f55320806dd41
SHA18a6200d7d3eb91cac76498d1959cca1842878359
SHA256b79c1940cde18341dea35c2fbb6e57148499cef3f64fb6dd0fbcb76a77f393d4
SHA512c36369bb27989c6e8c96c67138865795e02aefbebfa71dd7e9073a39ca2dc8c7d940a9cb29b5fc07da9096bf2ba078565e29aa054b067cc32a93989180f7191e
-
Filesize
342B
MD52fae18d8a0aae392e48e277f96bdb862
SHA1ade1ce8906ee3ed797b94630fec9518f6e5ee3ec
SHA256fa55979735caab621e9d06b6fe4d42be0f4abba55dc6674ebbfadf7b0b0e1f67
SHA512c8477959b11dc675395fdf358f12f6e8bf0a8965a9c6eb3645c45a3a6a20d70d143f93e4a11c81974163b36119f387ff5d9778d43fc3327cd0c1b1e8ab2b1196
-
Filesize
342B
MD556024149afb88c6efd937e838d5d18a8
SHA180c864a7a776226522ed3f89e6d8c979ee82b491
SHA2562012f2618abedfd32a69581839da3e228c0475edf2250691069ff20f43801af6
SHA5121eacf1b8ae78a509763c7e24f57ac6c5b3a06baeb3d5fcd87a574ccdd21b2bf0937716a51cfec49a5a7a657f090b5a1821ee58ddd8f029cd2eea8f6c7bffb2a3
-
Filesize
342B
MD5f6bd481ff12e05d34ec654028e1e0db6
SHA153759e38a15094c2ed5746d817906b00b1ed2aef
SHA256ff5cc19ccc475b7c0f3e0124040bd77d2d7d62888fb8f5466fa77f656267858a
SHA5129547466679fc4dd03370ae48305bb26e80e6c4e32a4ca28d224dca55be4a6421c0e62638dc8868610c3a0fe7c0ae93e9180c004cbba6485e44fc6e0304d2d6da
-
Filesize
342B
MD5c2416e5e5afb6fb95d4a1851f6babb17
SHA11e6416198a35f2e440244ab1bc8c0284eb4b9c9d
SHA2568867ac3b39745df2e128ac7589c311a9b4dce6b234c3535beba84270d6fd23ec
SHA51248e932866aed438a409ce2c7e19c7253fbcd17c494d2429b73e751dc8887850ff117787b56fbdd5f4aa7a775b7f86c5d43bed9dc77ebd4658c6adc8ab95b8671
-
Filesize
342B
MD5553017610e7f767e6a4cd96f2fee9d50
SHA1cf00afd182c1d9d9fa6d6d65121bc77b96723e48
SHA256194951d7cad17706f2ec545eca68028671f342fbfc515433bc43d5aeb4ac4dfa
SHA512caca086cb8c3d8dbef24b688eb82f81569c24b484469188c0a37e340e73d063ca19d7c0bfd1f93b1f139771e2ffd802ca85c3059f29ed4a095cd826c1d179d9a
-
Filesize
342B
MD56d7513c9d246ce2834908cdafa31e588
SHA191f366573541af8f72594b8f46b3e9b0988472fe
SHA25678132b2020b14997d7a3fa001b98edafca9f7b33becb88e518022b5443ea4187
SHA5121986e9daf37250237c75116be33462e7b0c8c3af9eb8c7dc13608f8239933b0e68c239c5a84c6d75ee1a925ed88ae29b35fe46b137f35c58dcff44ad823eb0ef
-
Filesize
342B
MD52c534cbc9ce7a577e220a4d4e1b3bb68
SHA11757ca03629434eaf9fdbfeb050a63c5462d859b
SHA256c328b0db1508f26abc5a0dee0f331022c381ed8063f721fba7ec7506ab5a8e3f
SHA512da9bb54a722a5ac0253f885d90e0efc3d2546e237f592d185f8be1dbe2017132df74d159f9681f023b98abf203902133845e5cb56c973afd36fcadee871b47d8
-
Filesize
342B
MD581734f0e5de638d86b74f4897c291ab9
SHA1f7d0784ea829eb4b80618542e4f04117a13ca850
SHA256ae7711238c45ecb4ae863e9749df3b7393ab2479711b2d742959d5ecf6d1abf9
SHA51271a3080cbf9e82957ee3ffca6b7cb06c62e18a2dc4789b32e301168096b9c65e1f459a01d6f85f16e8267beb101f6f56e71cc07c8e0d67918de62f7c9932ce45
-
Filesize
342B
MD542c4edcb588138f87f6f1ac0e79f918f
SHA1d8950d70cf8958684395d9f3ace428bcc1a1767f
SHA256e8ef771bc420b50322ceea4d7e0a25586531595ba06477ed3a1925f079a406eb
SHA5122b71e2c940d9bdb975b2756020fa159651a8565839d91253b68b721c127469a9f457d8dab78ca126bb57183f99a3260241f6ede0157ca5e137bb4c1b7cdc850c
-
Filesize
342B
MD5cf42ae62525d07adc8d5480a60d712ae
SHA1d1fd746545c918eb3867a4b41cd66eefba35782f
SHA2561c3e98816da4bef9e26375e14f7d02cfc1fd99114158e49802e1254b4527be6a
SHA512a4520a2c07af8b0a7043f765b0fd69aca45d2b8b8b746547a3a24c40f6ba2ba8fc864454aea99841bbe15f3b81b8e634dbb5bd7d23a4e544239dc2e2796704bc
-
Filesize
342B
MD53e4f29ae9e199b9d6fd02926c465212e
SHA1bda2f1de0fc1ffa6854a3bc2b8f0575e408c213b
SHA2560de97e5599cfb16b9b05fed5a7ff19315e0617d258b4a109c4a186ec749d030d
SHA512677d809f5ef063a3b393beaa54b2fa230663585c7fc4cd83e35fe2b48400fb01597c5999b6e3ec9f312f3a55ccda3a83e647843b18d4de70365a6be4893e90e0
-
Filesize
342B
MD54febcf58f60c904e26fb33111bcee0af
SHA19248948af0725153d6084d1d5d67ce62c6256d03
SHA2562ff4c45180a9db699408e240491c9ed959fc8772ca5274c2ad1efdcbfd246558
SHA512744f27c201c0f8dbc56f8fde3c84267b93a40ade9e0fc6f644a41d7415004be7e2f8bfcb7cbafed01afb0b1ba81feef6d2839095d9682844fe493634c97da48e
-
Filesize
342B
MD598253540a6a7b8fe6df8942db58a7d66
SHA1e352754f12a7e873a1611558f5fdad91507db599
SHA256b222c48cbb56d83942249f84f81769473889d194310b5e70750c8d30f2796149
SHA512a742bcc608df690ee9027d9ebf23d79cc2c84636ebc712db66efa1d4866ac7611e3fdb87fc686b2bf50797c081eb973fc5ea28b0197241f08ee3d33eabb2a5de
-
Filesize
342B
MD57accc9fa4c4f3b7e0004461c3220aa1b
SHA1b5b6cb6ed7fa348fa7c13a53129364a954cce9ba
SHA2561acc5cfca6a94450025265324fe4ae543750a1042f626dea70bf571133116c50
SHA5120cc49f9f5e74b239bcbbb6120b61877e2ee80cad8e66067c1c94b08173cdef8d3c9e8c26ca87211af20c927e612a29acaae19aa92421ff62c10be7f1533ab86a
-
Filesize
342B
MD5d1b77b548ae7d35a6209eb73e78e4cb8
SHA1307280093e1e617b2e8a6ac833a129193b98bb6f
SHA256ac44fec5a4855f7235bf205f5388fc400b6850f29269b2e87493741ff5cee034
SHA5124349b93ae437342611be7b10b1ac500cebc52c8fadcfe33392caf39d9eb5a96d58296f31aeab197f2d95eaf7149583a90617e335aedbb3f7bec3cbec47c11a39
-
Filesize
342B
MD5c163320acc5a7bd42441e4d90b76f9cc
SHA1c77d019be709b1c8c9540ef1fef0efebfb7e4d1d
SHA2567289cdaaf82a526d2b5a53ad7f9a2d127a346db3e5d95cab00c56c1a2b750874
SHA512a1ca3cf0e7784d3217b8f90b2b2b58376b2c6df15f404dc8fa786f04851dc0c7fbdf545b671d9b856f3ef612537123a75e525479a3501d4509c63a5770d01cad
-
Filesize
342B
MD5dedcca81244442d5312379b0f5446c74
SHA194930624efb7a5791b81148d642a0aefe7d954f5
SHA256d1c91179cc394b8cdd355425504d530719a7bde5dedb54c60e9b9aec17a7ee71
SHA512071ed81cf25a992a78dafaeca0871df0845461cd8e5056e6662efffc98c9e4a48522dcbb6fbbf7187641d58d7d9e3c9371c95b0c11fc1d15c6a8e371037c92a1
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
178KB
MD5a2c2adb570da0b8f78ae08bce272127a
SHA1b9facda364f8010df5c700098ae1ed2ab0be2dc9
SHA256a4a03d8aa52b426bd96c4d8bedb461e9af46d27a04c4a3bf607c69d2e15b5a54
SHA512d1aa1406616ac4964c11b7d50a2eda5564beaea4cec3b0533ce51c82331b6d400b74545d413f62d58485ec9b0cac9f5c6e98607d70916b5bf924d21a9c45b0be
-
Filesize
372KB
-
Filesize
372KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
372KB