Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

68f14eccee...38.exe

windows7-x64

10

68f14eccee...38.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    91s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/10/2022, 17:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    68f14eccee33d195b083273a09b22020a9c72b1c9e53aa68d3fe7e44c3e0b638.exe

  • Size

    111KB

  • MD5

    50341b4a7b2b3a7d2338348c5a419320

  • SHA1

    920ae502b107d359bfc51c1328200001f2d0866e

  • SHA256

    68f14eccee33d195b083273a09b22020a9c72b1c9e53aa68d3fe7e44c3e0b638

  • SHA512

    476a4fd366d1b8f34607eb5bf3997faba271815086e56b5f24eb6ba8d945c56118f160a223f4ff18998535809745c3f99f9c7994feca188710f0cba00bc21945

  • SSDEEP

    1536:4+hzRsibKplyXTq8OGRnsPFG+RODTb7MXL5uXZnzEObzzYJV72x14IKupSQV8g5y:TROzoTq0+RO7IwnYJJV71WSQVlN

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 3 IoCs
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 8 IoCs
  • Modifies Internet Explorer settings 1 TTPs 63 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 24 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\68f14eccee33d195b083273a09b22020a9c72b1c9e53aa68d3fe7e44c3e0b638.exe
    "C:\Users\Admin\AppData\Local\Temp\68f14eccee33d195b083273a09b22020a9c72b1c9e53aa68d3fe7e44c3e0b638.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:4956
    • C:\Users\Admin\AppData\Local\Temp\68f14eccee33d195b083273a09b22020a9c72b1c9e53aa68d3fe7e44c3e0b638Srv.exe
      C:\Users\Admin\AppData\Local\Temp\68f14eccee33d195b083273a09b22020a9c72b1c9e53aa68d3fe7e44c3e0b638Srv.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3124
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4904
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4904 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1956
    • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2308
      • C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:4716
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:5040
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5040 CREDAT:17410 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:3136
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3616
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3616 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2556

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    111KB

    MD5

    50341b4a7b2b3a7d2338348c5a419320

    SHA1

    920ae502b107d359bfc51c1328200001f2d0866e

    SHA256

    68f14eccee33d195b083273a09b22020a9c72b1c9e53aa68d3fe7e44c3e0b638

    SHA512

    476a4fd366d1b8f34607eb5bf3997faba271815086e56b5f24eb6ba8d945c56118f160a223f4ff18998535809745c3f99f9c7994feca188710f0cba00bc21945

    Download Submit

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    111KB

    MD5

    50341b4a7b2b3a7d2338348c5a419320

    SHA1

    920ae502b107d359bfc51c1328200001f2d0866e

    SHA256

    68f14eccee33d195b083273a09b22020a9c72b1c9e53aa68d3fe7e44c3e0b638

    SHA512

    476a4fd366d1b8f34607eb5bf3997faba271815086e56b5f24eb6ba8d945c56118f160a223f4ff18998535809745c3f99f9c7994feca188710f0cba00bc21945

    Download Submit

  • C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    afc3e2584b32e1e7c23c33e9534089a5

    SHA1

    ea4e2266d010c300621d2287ea60fe3e9a9ee753

    SHA256

    61597f5f937da250a5ed7b4b82867bebc546a5a35c0029982a003b1e9cbd2e7e

    SHA512

    f0e0d20b15bc390292baf0d93d982315afc466ccd2d4e48152ed65af97aed573d5b9e65b2b50925cbcd2e736955dfec4f63de5739cdb1499eb2db5dfc3cc4fe6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    afc3e2584b32e1e7c23c33e9534089a5

    SHA1

    ea4e2266d010c300621d2287ea60fe3e9a9ee753

    SHA256

    61597f5f937da250a5ed7b4b82867bebc546a5a35c0029982a003b1e9cbd2e7e

    SHA512

    f0e0d20b15bc390292baf0d93d982315afc466ccd2d4e48152ed65af97aed573d5b9e65b2b50925cbcd2e736955dfec4f63de5739cdb1499eb2db5dfc3cc4fe6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    c0564309b48ea3a7fd39381fee322692

    SHA1

    53b343da365e24cd2ea7158866fa0b43b741c305

    SHA256

    aadcf0d5065f6e578cecdc4b4effe73fb09674a941cc3bffb2b2fe77e5b24c33

    SHA512

    1dfbaab9b3de7a6eee31c5d1c5527905cde251ebade278426374568fc76ad30233635264d951ffbe1384454fbeec0095a4c77029879fa76982b13a572aae7404

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    102df8d4196952de47acb400de410117

    SHA1

    098e4e63bea0d420574ea2d3db78e677e7099eaf

    SHA256

    570d52d8a3d193c157161107767ebba60f45bcb0bbaeaf89ec97a104f7a751b3

    SHA512

    86964be3e9ef14922b651d60abc0bd531f6447e7cdd60461b478f56f7fcbda72d165a5f2b4597e937c87ba7ebdb0a925b1e3833802cd590545c428d0f855cbac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    102df8d4196952de47acb400de410117

    SHA1

    098e4e63bea0d420574ea2d3db78e677e7099eaf

    SHA256

    570d52d8a3d193c157161107767ebba60f45bcb0bbaeaf89ec97a104f7a751b3

    SHA512

    86964be3e9ef14922b651d60abc0bd531f6447e7cdd60461b478f56f7fcbda72d165a5f2b4597e937c87ba7ebdb0a925b1e3833802cd590545c428d0f855cbac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    102df8d4196952de47acb400de410117

    SHA1

    098e4e63bea0d420574ea2d3db78e677e7099eaf

    SHA256

    570d52d8a3d193c157161107767ebba60f45bcb0bbaeaf89ec97a104f7a751b3

    SHA512

    86964be3e9ef14922b651d60abc0bd531f6447e7cdd60461b478f56f7fcbda72d165a5f2b4597e937c87ba7ebdb0a925b1e3833802cd590545c428d0f855cbac

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{23F7ADA1-4437-11ED-A0EE-E2272FE8D9C1}.dat
    Filesize

    3KB

    MD5

    49fa611a66de033b45ff9a4ba12934c6

    SHA1

    f623128d19666482660626a3897233d8a65fbbad

    SHA256

    0556cb1e4558acd0fc12b6935da2d662a0b4e70286af87155a8beeb048115819

    SHA512

    bb40b240fb0915efba269e104f886002239f7b2c46f07bcdc9459f9cd336f7bd0d04fd2bce7f140e27393c9c9e4862c43dafde08db95166c8178977d3be78d68

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2411E714-4437-11ED-A0EE-E2272FE8D9C1}.dat
    Filesize

    4KB

    MD5

    9c4cda0f2cbbba9c96ded7902dd25156

    SHA1

    336974cd744b5dc2653d2d2c3b11012aa2d9428d

    SHA256

    31c48cec7f8983eb8dc8fe58b26d1687e6abb24d1aeb32cf51688491fdf930cc

    SHA512

    9be635b2fea6dac31c85636c8023af2c5232bde2c2593f3c0f42e196cb124e9e031e68c1f1a26bf5d5bc838f09e4aef9912e4611d7d332fc08656c7c40a9ca34

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2411E714-4437-11ED-A0EE-E2272FE8D9C1}.dat
    Filesize

    5KB

    MD5

    f379148c23cc8d585735809743693660

    SHA1

    512be47d1c480702aebc5ed77e5e25d403901699

    SHA256

    043353742591e160aeaa30470d86e49469a05a7eb212bb81e03d0e553f82ca79

    SHA512

    f35e270be4faba963f60920c7378723a927861da305296a8bb5a8aa52ff6b8f9322e70829c31b87e25f04ba07ef2e68e4be7d808aa8756c308e196d5da393828

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\68f14eccee33d195b083273a09b22020a9c72b1c9e53aa68d3fe7e44c3e0b638Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\68f14eccee33d195b083273a09b22020a9c72b1c9e53aa68d3fe7e44c3e0b638Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2308-144-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/3124-141-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4716-145-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4956-132-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/4956-138-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download