Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
31/12/2024, 06:07
General
-
Target
JaffaCakes118_07fd27c6fb75e536791b2ed198731580.dll
-
Size
518KB
-
MD5
07fd27c6fb75e536791b2ed198731580
-
SHA1
af8364513906b738a40be70c15b2d20d7407b53c
-
SHA256
b76c839e5d5e62af94fb460ed05241699d19f60a3ec55dbf8b36e9728fd7322f
-
SHA512
d4290bc52a59d6a7326a33ee5c5f18abf54cacea0e847709eeabab45d4cab378be44de0d3e8a051c51eb58e5b3861a5d711df4b81de036a592be3b45a13d94eb
-
SSDEEP
12288:g5nLZdcEFsC9xj7FC98/NbEDHHvKCyeFNRV7XNxNxftOoeBYR7YrbqFv:g5LZd9FsC9xj7898tEDHPKCyeFNRPxND
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
Drops file in System32 directory 1 IoCs
-
UPX packed file 7 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 23 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_07fd27c6fb75e536791b2ed198731580.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_07fd27c6fb75e536791b2ed198731580.dll,#12⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32Srv.exeC:\Windows\SysWOW64\rundll32Srv.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:26⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5c1fb452cc015fd31bd2a7c4daa1848c4
SHA19b8c3bf25e492384231a99bfd3fd2ee924b3c629
SHA25645faae8ce334b2dc81e3c6e76478c7cfdcb839cfdcc314497155371e9fcad7a2
SHA51218cdc044d2bd42cdf4129551c2ccf643e509d80926f3416734cc9921528f7b91f00682e87212ee7880e0b0674503819c0e9d719668eca715c721d7cdb1fa15d1
-
Filesize
342B
MD547eaeb2fa53f4b22d118b78814ec8235
SHA19d979fbbe7d4c121bf3f2654ae6b29a4be0cc207
SHA256dd94bb42001cd3f44ea7e5cbd6e876d6f5e3fe2d1b050d7158d97a9b7d9c09d4
SHA5129e13b4f9ba30fd95a6d81983d054caf22eb80fcd2acff9359e6eda0b0fdef14d86a86fcd040ef5f42dfa66e7b7a17f13e6a13972dddf33095d0d88bbe905ecd3
-
Filesize
342B
MD568060a81d597f5d7d1083d6c2c33ee08
SHA1ea5199526dbd46f37980310a91e42a50031d525b
SHA256ef146c2b4222ef66dd79bd352feb3102cac116050f4cfeec3ff3f74641a47368
SHA51262dae26bd9c61b3da23e3369536499e0a21f96ddc5f8dcf0520be1e0e8da600ef371aebf92bb6f769b7127f4ea7a51fcfd43092eeb2026b0b4515e2df87f5fbd
-
Filesize
342B
MD57a7524d7b5e2f545b64b89da16c93f7d
SHA16b8794361a874ac27cbce10c2e625e8844cc0347
SHA25631b50d4b267360520c0397d344fe191cafd47fff8ce53ed2183a40e6ce52ead5
SHA51228881632926eb920cb3145a0785683972225c5068ffbf8847e1100a1da94e01002d08ef3d68e88afd41716d07688b2f4d5ab96c1ec64a4848a07b18213b03cd2
-
Filesize
342B
MD5a426b599b8797f71862a28b582b751b8
SHA11d9d96550cefecf5077b3a6ec19e0679555b760c
SHA256e978dd25db57a74025c5cd42cdf9e4266b8adcdad4ed8eee8d4485867023eff7
SHA5124faf9d0ff7b8d7edfae5a84e8b8f93c4f7f74572c5994135678b40acf9506b96d9916b6d1d92519f0e63104ed2ccb58dab37d43a74a1a956f6309eb62b684c1b
-
Filesize
342B
MD508572eef857ce2657502ae598d11998e
SHA198211a688ded426fac68725fb8b6033488961e6a
SHA256b4d46aba331b683fb66408d732cfd1ce99dabb3ce64f5d3ea4688d266fe42669
SHA51242da301c39abd5d52f94d9730d4696910d9d6522655df6d1bb41d8ea7c03f4d40020b4d671a4cf27caeb4405da73fa4220c58bf64c34148eb03eda9f7b6aa948
-
Filesize
342B
MD54319397ed1ffea677d6fd3427069ce4d
SHA139e212b7f0f7f34c0e106a58f390cb9b989a2e20
SHA25630223291f8c1293115d28aae430d3cc98a9c8f3e108354efa5eae98e5f65df17
SHA512873b7b2ac50b9b51965feb4312acdf0ab1e57cadb0a82a6fa1861d8cb16967efa4029b48dfad270589634cc0149993399b763d6a51806dbac85f192ed2c0e9e2
-
Filesize
342B
MD5656a4c9c97ec7a1ed6600e6547760b75
SHA1095b02c426cd0f01d328921c8c774c563f9d7d34
SHA2566e08a168ab9d379cb34b57df09db15a974327eeb15af271972b86c39e1833d8a
SHA51257cdf804e59b70b06a8f329c263c9a80533d580d5e167115d42b7a8a8b57e2bab4731d08a5ec8299c6a10f672950fb2c7fb107f0c70a22d5132508894ef9a2e4
-
Filesize
342B
MD56825c979f2e3b8742dfc7b5ff4c7be47
SHA1749c9e3ff2a6441b506ec03b8a2eea28576641eb
SHA25605f002fe96ad3597ae952b8c97c5c9289d8827d1d843ee40ab86165cd3e5c9bd
SHA5125076b5c768695d73e7ee78858e3f81a4ace5d2139779060114ef0ec82c4341f9b5c5ae3ca0da6ab699788a929d16b6b3c6b3a517193ba53dd109d0c5cb90ca10
-
Filesize
342B
MD5bf9adaed8bee881983f2ca64b45756cb
SHA193e745cd93c8a14825ccb908d57acf29d5832a5d
SHA2560a25611d8a28e88131f9a61e03a03d1c8fe300abc41462da9d2befa65aba054d
SHA5120714c48a0160c42cb238759eacd119a8c1046aca680d3404fec4db6f4a4aa3019329145a77c7225ced6befa6e5c5a863d04bea30a01653ec8bf958003eb87e26
-
Filesize
342B
MD5a93578657ece35a319743a8c2101db0c
SHA1d7da0415285c3ba3f2f9e16804d95ffd8356cf39
SHA25677648f2b57b30e8c8cb2fb4bc4d0485c3f4ec77ede5f1364106168b1604bead0
SHA51238717bfb752fddca62a78dd1ed072b9452fd567f80f4238f8be8fe477049c2a0c32675e3a35d8e20f66a233d2ec15f31942aa5c63a172e720c02a9b377fe2c06
-
Filesize
342B
MD53ff9f0b4b4eda6b97e5bb11f63f96178
SHA169d2ddcf397d4e4a6c307d2fe63d2eb6feda1d93
SHA256748c142acf2d9b43b600edb9f065f16d6ac3824545e377d4bb2bd810d4b57e38
SHA512c970a7da2b32d0cd0d2ab25dc649585dd2608e6df324f166a35e1dc86e37e30b97ea90b7b71b7d16b9acfbc0320bc1fe90c4c01a74b80991ef56c0b0d3a2c42b
-
Filesize
342B
MD5d6ba34409f32de2ee1c8a15ddd43469e
SHA1ded9e894c934cee6e53b2b17dab934a0cec8ff0c
SHA2561438a3c20663890cef5d18ecbf0ce41b5b9031664384f58635c6ac1cdc81d324
SHA512fcb01b5d7501b40468aa0cc34fc4fc792c1f6388001a855d7e2a796b298e4439589d558930a0974a401321b3e5eae97fdc386b0fbdd445a5353b66ca7b7fa8b2
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
184KB
-
Filesize
4KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
532KB
-
Filesize
532KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
60KB