Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

cb63d8b56e...d2.exe

windows7-x64

10

cb63d8b56e...d2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    197s
  • max time network
    241s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/12/2022, 13:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cb63d8b56e7dfcaa5cc7a9940b6380b513e85ab6b8ea6cbb6e737eb37b1c98d2.exe

  • Size

    97KB

  • MD5

    1a5cd6ad7e4f37fd542964a50601aef5

  • SHA1

    908c57eed3dd5f192152546484f4bf799cad05d5

  • SHA256

    cb63d8b56e7dfcaa5cc7a9940b6380b513e85ab6b8ea6cbb6e737eb37b1c98d2

  • SHA512

    de31bfe5334a30a714fd696681c977bf50b1bd29c97d12a408f22be9ce917311fd986783f505e02e424a02a37d8785caa17de81b428d05122eb55478bb584ce6

  • SSDEEP

    1536:s9XfGxKjqArOgFm7BYUfng9fMGQkINB1Eq:UXO2qwWZnkfIkIWq

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cb63d8b56e7dfcaa5cc7a9940b6380b513e85ab6b8ea6cbb6e737eb37b1c98d2.exe
    "C:\Users\Admin\AppData\Local\Temp\cb63d8b56e7dfcaa5cc7a9940b6380b513e85ab6b8ea6cbb6e737eb37b1c98d2.exe"
    1⤵
    • Loads dropped DLL
    PID:1760
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 468
      2⤵
      • Program crash
      PID:4408
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1760 -ip 1760
    1⤵
      PID:3576

    Network

    • flag-unknown
      DNS
      164.2.77.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      164.2.77.40.in-addr.arpa
      IN PTR
      Response
    • flag-unknown
      DNS
      2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
      Remote address:
      8.8.8.8:53
      Request
      2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
      IN PTR
      Response
    • 93.184.221.240:80
      322 B
       7
    • 104.80.225.205:443
      322 B
       7
    • 51.11.192.48:443
      322 B
       7
    • 93.184.221.240:80
      322 B
       7
    • 93.184.221.240:80
      322 B
       7
    • 93.184.221.240:80
      322 B
       7
    • 8.8.8.8:53
      164.2.77.40.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      164.2.77.40.in-addr.arpa

    • 8.8.8.8:53
      2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
      dns
      118 B
       204 B
       1
      1

      DNS Request

      2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\~TMD39C.tmp
      Filesize

      1.6MB

      MD5

      4f3387277ccbd6d1f21ac5c07fe4ca68

      SHA1

      e16506f662dc92023bf82def1d621497c8ab5890

      SHA256

      767a3fc4a7a6818cdc3f0b99aaa95db694f6bcde719d2057a88b3d4df3d74fac

      SHA512

      9da199ac69e3c0d4e0c6307e0ab8178f12cc25cb2f14c3511f6b64e6e60a925c860f3263cb38353a97b55a71ef4d27f8cb7fa3cfc08e7c1a349fd8d209dfa219

      Download Submit

    • memory/1760-133-0x0000000000400000-0x0000000000421000-memory.dmp

      Filesize

      132KB

      Download

    • memory/1760-134-0x0000000000590000-0x000000000060A000-memory.dmp

      Filesize

      488KB

      Download

    • memory/1760-135-0x0000000077770000-0x0000000077913000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1760-136-0x0000000000590000-0x000000000060A000-memory.dmp

      Filesize

      488KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.