Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2023-08-26...JC.exe

windows7-x64

10

2023-08-26...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    136s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    01/10/2023, 21:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2023-08-26_f44297f2034aff40dddd6ed8521d105c_mafia_ramnit_JC.exe

  • Size

    3.5MB

  • MD5

    f44297f2034aff40dddd6ed8521d105c

  • SHA1

    7740082dec547abef66254f26acfff83cc89011d

  • SHA256

    79dfb888ef76df83ccc2ab9627cffa592127c11bafefd3d6c469fa2d609baefb

  • SHA512

    c3c64c84e89d03511d40654513ccdee1acaf70c8ad0e50a1818a05f203a27e394a9454b6f7ce561068724ae2389f7e025f29e9383d57240859d85198f300a940

  • SSDEEP

    98304:+1fX1YJdXWdlfmkfldqgVMgDnwo+kUNWvI3npO9Dz7vYzLEEvBZ0qwmy7mpmm9m4:+90dXwgSkpWfDz7vYzLEYBZ0qwmy7mpH

Score
10/10
ramnitbankerpersistencespywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2023-08-26_f44297f2034aff40dddd6ed8521d105c_mafia_ramnit_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\2023-08-26_f44297f2034aff40dddd6ed8521d105c_mafia_ramnit_JC.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Users\Admin\AppData\Local\Temp\2023-08-26_f44297f2034aff40dddd6ed8521d105c_mafia_ramnit_JCSrv.exe
      C:\Users\Admin\AppData\Local\Temp\2023-08-26_f44297f2034aff40dddd6ed8521d105c_mafia_ramnit_JCSrv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:1852
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2264
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2460

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ecc78d765cff7223970cc54de0ae8a82

    SHA1

    913505cf68919892a43774dd061714fa62e3f950

    SHA256

    031632274b4d615a0c8270523fdccbb5bd627221489ae6166eda383190d5b1fe

    SHA512

    761a5a0dc13897678abeafabd1a7fc64b23e32caf2edf98c8544e61535c4dd200c688b2d62c7067bbb38131688409bf424d2c4f203ceed4ba8610b4a78832d52

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    db408237384a3ec5506b88bab71fce69

    SHA1

    c6d74ddc64d9a1d4d13f0c98ca4d42f626fb1b9e

    SHA256

    66f8239f33441eb1ef4fa2ac9699efb93250202d8f574a28b53b9ada4498a198

    SHA512

    509b6bc253bf4b7e415f2f45f5462142d1ece23fc1a88bc40a2183298e84f6bda2cf68a8004045fcccf35479096e9995fea53dcd53d19bc1cde0a7d06ffb4e1c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    02a57287f043d7df26c8ea72f9c95535

    SHA1

    e0111fb161e52a7bd8e3a119f3904ec3acbcb069

    SHA256

    faaa1c0e51afa4558d8025048414375da3e59b33b5f036873d1857d694616384

    SHA512

    8bb6c2b05cdc3db6122a525e33b4fa0dd0561349fdeb0d40f73186573a3dccfb21ea14bd0a98f97ddf08c278c0edb2af8b875f20e9c1dee6334897044c850ff1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    904993d2c1e154685e8b03509e4a52ca

    SHA1

    6a031225e86ca53e98b2fbc8434dc08a375d1b8d

    SHA256

    529894674229684594654e3b9adb81bf368852c44cb71fd8bcdee07461eeb83f

    SHA512

    77bce3d2e5f00aa242876186929661b9cb7249a42272179ffadaa100ef138574c0b4c10884265daec8f03d282d0e823cf74d220a2008c08b9b4faea67bbd6cf0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6803e57a9cb960803b1c1aee8c8d1cf6

    SHA1

    e029cb17067f52553e30938350c58edfbe11962d

    SHA256

    4693e6ffc0795b912131e48592c15b0c4f9900f2da4ef067b91239ab66619419

    SHA512

    d907026af122b256f739b90c37eb09387a15ae92cef28e3df4eeeb94ef25d0d5c425a261ed7b7e3837e0da3018ba87a7c5c8d79606ab0bb02f3a6da757227313

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    85a417ca31a4d7331dbc408764af8c7b

    SHA1

    6337c22232be435306e111c91cf96e78f1881f4c

    SHA256

    8c9c1100fc68b1b69075b2164b5638bb3182a5ef35cb8ef082d20ae4e46e9832

    SHA512

    a30276fad5f526e244a05124da9352196975a55ecc6f3c2d1540583786415e3da6aa356597daa49b972e2d7af5bd5c182eee8bea75ccdcddd0779d820f40ec12

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    883cf2e30a4e65c81fe863a47a10add6

    SHA1

    caee1201a57436ba951f91972916f28a26fbae1e

    SHA256

    3785d17a34571492d77380380477a2bb6a40b9b9d04f9b1220f35906b191b9d2

    SHA512

    fc00ae03d00472992aff17adff3352e2d82704e25cddb2bd31d651e090ab0d97b4ad9488d8d4f428350a4ba0ef11893dffa9a8833d14b57273c35b68633987fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c617c2c153b45d4af416b28b26d78742

    SHA1

    836c0c55a5024d5a47fe2396c06ba5ac93db3cdb

    SHA256

    ff582a11a29f163c8f0fff79c7151a98cb37839a6989156159ab7488a5d8ea30

    SHA512

    1f92a9359fd76aa37e6474a95890919542b0ec39341b768d47c797ece5bd691f88fcc9ed2ef55fd40ea3344c904c2c49f84186db4e4f99ec4e0ee9d0603fc765

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3a0e41d48af4953502cedf95d3c80cb6

    SHA1

    59321dd9f54df2bba404e130336bef85e1486882

    SHA256

    e15576c063b92683def377adc0aebde624cd74cdef4c770ea0cbe0a2ccbd4c82

    SHA512

    f3195d483255b691283bbdefa1101fc30c8828f1e83f51530f1a75b793058f02d925c7f3136b88298ef172427ce48d175b803d4f361e35ef5bda84ad093c02a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0767fdb5d4496ebb35cf1f5ddd2f2e3c

    SHA1

    6702ddfd8feb68452fa3bcf57e8e73070d536d67

    SHA256

    44092ad4aced934d301082904ef4de28070f06f222743893d7574f1092159139

    SHA512

    0ce81ce8a2bc7c7979e8839ac72767db8b51fdcccd3cf5a0aea1faafe070eef31eca69466321488225c468e033b7c71fc5b14d227d394faf9c403fbc92285b1a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6e3f3dc1751275bc5333c777ff57269a

    SHA1

    542773f4c07c1388a9d2bbefa662a52f1ca0d717

    SHA256

    6680c5d17276c91e38e79330b60cc8d2ad1ccf712e174c023aaf300de5a3d076

    SHA512

    6eba8ec0335bf7c47eedc9f6fba7fefa3ccb06f943f5af263e3179d8ab8fece94e368df2e12412fda4305d9dac7a5e2db2c7e9365cc391ddcea02e31e68b2e9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aa621feed77749becd3b2845f251d782

    SHA1

    dd3052a4d2464d80eed43bfb94f05e68da847dce

    SHA256

    e92206a1de128a36afaf90a018b451dbbb592532b4d41c81b5b4d2e9730b7889

    SHA512

    6834797f6b37752de57d6b281f851ae5587d8fa536ddea465c845d417638c4d4507f76342873928cdb3a6cf7f7ff978653cd220ce8a73c98ebad4fefbe35ba6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3ba5790ffe9947655ea4fedd7aa53a33

    SHA1

    2d32b6b88a4cc1754d8bd69fe9b0a6ef00ea56a3

    SHA256

    7e25193b03c3182a011f521ff8d6db10215d5e1f5943bdc11cd04ef437620b72

    SHA512

    45f3065f0f27fb1e1bace2fb0263e3d271603032a14d72f7bd7952e049d658185cb680a156687703055ff79404c4fb182a13eb8b9f91b11cd453c19fbe228c05

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5c3af0317757b878faab6b815d379b5c

    SHA1

    82c35e56c316b4cc26437bcdc49ef32680d206e7

    SHA256

    569d1640ab358ee651e7e41a16d068d68c1882188c8654999bae743a4e186b70

    SHA512

    770e7656d23ed471ae6eb535e8d310d2293dbd9ee6ff3d1002aa87552db96697a3f379150794b419416218f20b2655c064835949e725aa37736f8e43ed33f787

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c1d7998ee795280e527d00742e2e63e3

    SHA1

    4d86df0f22e31a878725d37a9f669fb677aae7d8

    SHA256

    d0d0f948f1a9677282119ddbe6a2abf48b58cf1239de82b7733303888370224b

    SHA512

    3efc7cb6301187204d5d0f8a377e6ce90aeff2f341756ff211a1ad5d7ce667a29dfd248f97d82f544779ed7e014d6f608ab130fe4e557e3be0942bc344ca0d9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5c40a40f0471777a145044f4aa1ffe8f

    SHA1

    b8c559da6f9948fc7ecd1d42db74262adf5bb173

    SHA256

    fe2120a861f7fbb3266f64f2c9d2f9a40ad41a3d1861cdca5dc38c4bd4d45102

    SHA512

    8f7721cd0d2178c54b36bdf5af8c74392fb4cf78dced293ad810ffb100ac2add45781b2828ca015917ecd80f231f8a8db29674f34fa3bebc559e84c2498b62ef

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\2023-08-26_f44297f2034aff40dddd6ed8521d105c_mafia_ramnit_JCSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\2023-08-26_f44297f2034aff40dddd6ed8521d105c_mafia_ramnit_JCSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5FCF.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar60EB.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit

  • \Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2023-08-26_f44297f2034aff40dddd6ed8521d105c_mafia_ramnit_JCSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1852-19-0x00000000002C0000-0x00000000002EE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1852-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1852-9-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2264-18-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2380-41-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2380-40-0x0000000000E40000-0x00000000011D5000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/2380-0-0x0000000000E40000-0x00000000011D5000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/2380-5-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download