Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

1a306aed8c...JC.exe

windows7-x64

10

1a306aed8c...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2023, 17:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1a306aed8c1f9da61606ce1edb133ee6_JC.exe

  • Size

    220KB

  • MD5

    1a306aed8c1f9da61606ce1edb133ee6

  • SHA1

    bef581bb9cb5dcf77d7851d972be5a84e7cb45d6

  • SHA256

    7899680f19eb277229c9f463aab1bb4af99cc1a063068efbcc2f752012754a5b

  • SHA512

    342d8ee7d9ce977adfb0ec0fb6e23fecca1b5f036436c5fcfd7f86b1466a018b5691c360b7a82c05d18b1c5379c318667025acfdc0f089e162807fae09ec5502

  • SSDEEP

    1536:wMASiLNFZdO/ssgbBd6DeT9BbUbJesmW8eYGdisdZtxjwiiGaWAajzaks6cGjxH:w3vO/0seX2gQisLzwivaW/HaMjxH

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 51 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1384
    • C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe
      C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:1432
      • C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JCmgrmgr.exe
        C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JCmgrmgr.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:1212
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1984
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1984 CREDAT:17410 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2748
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2112
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:4832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{94B53595-63A5-11EE-9359-CA4DF275542E}.dat
    Filesize

    5KB

    MD5

    ee32cd408e808cbf0156aab7fb30eaa0

    SHA1

    42b57dd2d3589c7e60e42ba8b69d86ec36c94908

    SHA256

    93bf8f81010541208a809dc2f8e0fa9027c7579db609bd4e2724962596fbd4f6

    SHA512

    df9e38c824a15ccf90922c26883f59cb3a6515704cb78298003763410aecde8952a8f49b23b143b25f9971340eaed0324be8ff544fb8bbb692188ed40e6a1813

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{94B797C2-63A5-11EE-9359-CA4DF275542E}.dat
    Filesize

    4KB

    MD5

    a6241ce7f37f8b5d83661ad1608adcdb

    SHA1

    633c7e110bf5861b36e2c89fac44cef2bddde5c3

    SHA256

    8b35b8419f0f6f8b7fb1eccdf8c70350e66e5e51076f44bb908740bd4cc7b75c

    SHA512

    a23263dd08ba2c2530d5e674f486858a1ad7a3af609c522fd1ce6008fdde9f409f91b5771efdc5756dc1281a2d8379dcd91a5c7dff257a1cebeff60aa835ac50

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver4CE3.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7A5L91DP\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe
    Filesize

    184KB

    MD5

    4cefc6da56aea9fa5fdcfd9f05cd479b

    SHA1

    aa428bff48c4e4cf3599311609bd28cf5d89fa44

    SHA256

    31b286fa56ef6991ba8575c00d7fbd1d585bcd6f68369b31f46c0246c31f8d33

    SHA512

    71282cb46e762377d74dc2681de5bd92e0b4d50b857f049d9dc06e5545f2a4530bd890a45ddfe11f8657a90935a0bc9ffdc08a09b28c9960b42b6dcae69fc24d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe
    Filesize

    184KB

    MD5

    4cefc6da56aea9fa5fdcfd9f05cd479b

    SHA1

    aa428bff48c4e4cf3599311609bd28cf5d89fa44

    SHA256

    31b286fa56ef6991ba8575c00d7fbd1d585bcd6f68369b31f46c0246c31f8d33

    SHA512

    71282cb46e762377d74dc2681de5bd92e0b4d50b857f049d9dc06e5545f2a4530bd890a45ddfe11f8657a90935a0bc9ffdc08a09b28c9960b42b6dcae69fc24d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JCmgrmgr.exe
    Filesize

    91KB

    MD5

    551161ba25d6c58cf6a4afe7587f7dcb

    SHA1

    3f36d947c0d082433bb121a9914b4841ffbfb5af

    SHA256

    f676ab20252c6ff437c7e3db1a8a3875715bf1a5a59812439f296cb5cd724b58

    SHA512

    f68a52bcfafccaf9b4390f7cdd9a57544d82a1f41656aeaf98f46ddc0198e636a790088cf8b734244cc5144a00704a8430e469c46284387d04c5a38cba17b00e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JCmgrmgr.exe
    Filesize

    91KB

    MD5

    551161ba25d6c58cf6a4afe7587f7dcb

    SHA1

    3f36d947c0d082433bb121a9914b4841ffbfb5af

    SHA256

    f676ab20252c6ff437c7e3db1a8a3875715bf1a5a59812439f296cb5cd724b58

    SHA512

    f68a52bcfafccaf9b4390f7cdd9a57544d82a1f41656aeaf98f46ddc0198e636a790088cf8b734244cc5144a00704a8430e469c46284387d04c5a38cba17b00e

    Download Submit

  • memory/1212-15-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1212-13-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1212-12-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1212-17-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1212-18-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1212-20-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1212-22-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1212-27-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1212-26-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1212-30-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1384-11-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1384-0-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1432-9-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1432-37-0x0000000077422000-0x0000000077423000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1432-34-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1432-32-0x0000000077422000-0x0000000077423000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1432-31-0x0000000000060000-0x0000000000061000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1432-5-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download