Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

f911a4a690...bf.exe

windows7-x64

10

f911a4a690...bf.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    104s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/10/2022, 02:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f911a4a690008257a08eabd29ac187653eb1c7407da1a343838ff2cad90411bf.exe

  • Size

    178KB

  • MD5

    93d97be7d5d670e6d7d5493ac920ffb0

  • SHA1

    f3d41e941a9d76621da20658963a45e3cdfeb65d

  • SHA256

    f911a4a690008257a08eabd29ac187653eb1c7407da1a343838ff2cad90411bf

  • SHA512

    4fcea6f64ac6f3d786433ae232c9a8b1a72b829a62bee8873d0035a8d720f8701e329992e4f3b88093b0977dfc652cf3445b9bfd8da6f18c75dcac057b143d9d

  • SSDEEP

    3072:akAwOzhjdRmSZiAqFbrnp+KsYGngtnQnMgjy7jfY0fJLr/7AIvpwZj9u6js5i:+w8h/7PCkKsYGg5Pgjy9RLDcY+hu8R

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f911a4a690008257a08eabd29ac187653eb1c7407da1a343838ff2cad90411bf.exe
    "C:\Users\Admin\AppData\Local\Temp\f911a4a690008257a08eabd29ac187653eb1c7407da1a343838ff2cad90411bf.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2436
    • C:\Users\Admin\AppData\Local\Temp\f911a4a690008257a08eabd29ac187653eb1c7407da1a343838ff2cad90411bfmgr.exe
      C:\Users\Admin\AppData\Local\Temp\f911a4a690008257a08eabd29ac187653eb1c7407da1a343838ff2cad90411bfmgr.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:2680
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1404
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1404 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:5096
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4884
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4884 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4776

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    5ddb1febcd291eb59d3d67d24a05bfd0

    SHA1

    fe957affe27cb991f332e7f5c86d3a15359bd3b9

    SHA256

    ec45a385c906b3d925ebbe6532d10adec9a14c1733c756c64db5133bd9d88dcb

    SHA512

    62d00893402fae125ae3428da2495b0eb864b125f975cd887f894f7298a4a86f361cf50aaa7c9b69f3dcb734a950c43472778ea4062b3146c3de5623d08dcd21

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    5ddb1febcd291eb59d3d67d24a05bfd0

    SHA1

    fe957affe27cb991f332e7f5c86d3a15359bd3b9

    SHA256

    ec45a385c906b3d925ebbe6532d10adec9a14c1733c756c64db5133bd9d88dcb

    SHA512

    62d00893402fae125ae3428da2495b0eb864b125f975cd887f894f7298a4a86f361cf50aaa7c9b69f3dcb734a950c43472778ea4062b3146c3de5623d08dcd21

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    4fcfb0284b3af17cf14378b61f6914e3

    SHA1

    65d7157b6a0611aaeb6252bf3b8bff0c5c5429fb

    SHA256

    50e642b0c032f4a6ac6aac3957e3ee95fc188bc08092ac203631d135d9a6e0df

    SHA512

    f7e45661dcbd9f7aad1da5d60c9439a2abdead4f57e83cc290acc265c0148cdc586279ee1a44bc8e27720a422985c7ffb34dfd982e0b4892b06f1648fd353325

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    ee3852e1c097d956bdb593017d0729c0

    SHA1

    f449eeb96b552bba6a79da1a26d03d0835ab357f

    SHA256

    190d55b245932c20b338b5bb0c29c979408a712fcc0b1dd967cc5bc508406f1c

    SHA512

    5e896227b22cdf1b35a9b8bb89d5f3e4034b017bbe8ab9a7ccae7faaeaabe8bc650e1c5716f99cb7d41ccf038c148d29945aa8e5311d0e461b44821b72dcc4a7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FB8D123A-5852-11ED-A0EE-E6C35CACCF0B}.dat
    Filesize

    3KB

    MD5

    4db360b62db4d729c0d1b45a71e7ade6

    SHA1

    1fb62865ac7c1aa0332f871aceb7c7554c48f659

    SHA256

    db6f2a85027b1941ca092fbe2eeb1899d6bcea6f3662fd0b2b89bf8b45f690e9

    SHA512

    7ac8f9874fca60b83d1254b093b42cc8c6f35cdd92b44aef896d33a77e743799d0589ea9d8af79b949f6727b4a681a13b7096fac9b216e1409cbd5b1e783fdee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FB8D394A-5852-11ED-A0EE-E6C35CACCF0B}.dat
    Filesize

    5KB

    MD5

    fa49cf235d992540d83d64b1b20b0707

    SHA1

    3531b2885baf5f9a493c35463a770a9243e8260f

    SHA256

    30d14bc487d174774db8361198642dd862912ccf22202467ba2fd69625e8a1d0

    SHA512

    5c5bb2eb7863ffe2e3bd02f9173c93fdf3f516dc01d2256564c4b9f8d55795007876821829b83d4b7dc3dea763f29578f7b83e9d3b9d070b6d679b1845219df4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\f911a4a690008257a08eabd29ac187653eb1c7407da1a343838ff2cad90411bfmgr.exe
    Filesize

    88KB

    MD5

    a61ea5f2325332c52bff5bce3d161336

    SHA1

    3a883b8241f5f2efaa76367240db800d78a0209c

    SHA256

    e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

    SHA512

    fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\f911a4a690008257a08eabd29ac187653eb1c7407da1a343838ff2cad90411bfmgr.exe
    Filesize

    88KB

    MD5

    a61ea5f2325332c52bff5bce3d161336

    SHA1

    3a883b8241f5f2efaa76367240db800d78a0209c

    SHA256

    e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

    SHA512

    fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

    Download Submit

  • memory/2436-139-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2436-141-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2680-143-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download