Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

44bef2e977...71.dll

windows7-x64

10

44bef2e977...71.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    17/11/2023, 16:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    44bef2e9777216494d72005804aeb0db565d467ca68c1cb34be5e984f5768c71.dll

  • Size

    189KB

  • MD5

    bb47f696fcecf06265d90a3c5747a8b2

  • SHA1

    d154cf58a0f8ccdb309696c63fd8bf9740d55f8c

  • SHA256

    44bef2e9777216494d72005804aeb0db565d467ca68c1cb34be5e984f5768c71

  • SHA512

    ef77527b2b0637f047fdbf15ad11ee82ab16721da45491a0988dce14985ac5b49f0a1b1dac2bb5558024b9f36145436795ccbcb5e0ea0f8be2ed5fb0f7f73162

  • SSDEEP

    3072:FjB3UkpquSNj39ZwjqgeUl1MvZv79m/wKtGlKPgbY+CJyUKLXOLwbMPMZdpIH:tB3UkpquSNzLwxeWsZj9WuGTyUGOcbM/

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\44bef2e9777216494d72005804aeb0db565d467ca68c1cb34be5e984f5768c71.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2880
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\44bef2e9777216494d72005804aeb0db565d467ca68c1cb34be5e984f5768c71.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2528
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2288
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2312
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2852
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2332
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2332 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2824

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    92b0b4d166a861ffa17cf037dffc90ce

    SHA1

    67704ffde8c4d5c3b33c76dba6a7dc275bb3923a

    SHA256

    084e8c032f5cd9e89227ec714258f668462a4894ba859c0b59035b583d74cc7d

    SHA512

    da1516f067affd0ce3ecf6f50c4ff8ef1d286c89b7e9c6c49febf9155e7480cbb56472a509d43f2ed995d15664a33537a26a89fe04ebf1b2e4e3de6e345cda1d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    27a2ce87d914cba4ae487ad0f153af05

    SHA1

    c7371d6c2d08b7acc1976ce27b53b76e0eff3b42

    SHA256

    a7189d91d232296ec1b392d5ab9c8109d5098e521e3e74d68701b6fc90119eb2

    SHA512

    66a4c36cb178ae95d6ba41b5765a327c52192fce66056f74656f75981c1bee3c66de4112d0d060586c5f6d5b296444949e61d0fdeaeae206490f341b5690e01b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2137177b6531668887f9b2d8347babd5

    SHA1

    0ae84da6c3900bb617dbddd817ec215811f483a4

    SHA256

    7bf98cd6cd2f1515ed846b0957c85cae51bedffa419ce896ae2df07fb1a27b84

    SHA512

    b56560a0042a658e56e6ce24d126720c2a2f10c990dc18886b693e597d40116575157b24b577ab1406196cf1cf86f22df66e3a265d5284703a48141ac1978592

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f7991e2f2341a6dbbc1416a1d9e2faf4

    SHA1

    5e0e906dcc699ac5ca355e216833883643656bb5

    SHA256

    0f62bb69d13955358820f130c62983bfa5a417bb4d11ca3fdc5b6de065f48732

    SHA512

    fa3e9e45fd377590f62124524e35ec543faeaf514d57a81b426edd9a2cbe5b91b6fd2eaf38cb513611c14447baae1fc4189758061e94065c13428862189e04a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a01aa62c96a79bad14894631e226dc59

    SHA1

    d02ba36353dec08b1aae1da8dd451c28e4a57092

    SHA256

    11a616c5ff8ab607de52d9f15d063c3d6492ae7695001b1de742d3b8971b554c

    SHA512

    4eec3ed397016b04101c7cf4160578f6fd80f439f10f9dd503ee38d589b848865180e36b71e69bfa044b8cdd890e44ed97f17d9589357300da9059745cd5c659

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ca2288932193613123242a57fd3ef51d

    SHA1

    25d7402b04cf4fc1d06f2321086d2de93cfdd9da

    SHA256

    72f50f169d869c5621311c703365d4843929389203d8b6b1250c0302462360ea

    SHA512

    2e0be78fb1d3e9a856bed20ae59c3dfcb23a8a22b47ff9f61e879393b583cd377f599c5ec38ace050999e5c27e6f829eb680d2bb3a1df5274cbdfde5a0f2fe65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    273c6409e345f994bc772e73125fc708

    SHA1

    754832143f5e5eb9840c175273f3286deb15f13d

    SHA256

    dbe9c486969a76026a61ae9d02842f6445f35772e5396414d84f801f4e944160

    SHA512

    4916944c2fedb87260e86670828b2887438cfaa5b3ca15be2610902066161d7dd508b25b514d352f407ce86a3411133a9d38ba0e15d392c1f468aaf078736619

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dd01a968bb014bbfb78bd2d677c4a17b

    SHA1

    5206cb9595b4f12666800858585ce8a17e20af25

    SHA256

    346371369e4781bc411cd80eb9e63dfbf890d6e8f97b133a1532ffc95da20424

    SHA512

    fe2cbae18a51b6ba845f7275a8fcc9d0da05801aa9dbacc734c38c6f5b593ab4b6c2780a26ee41eb4b09649cf2fd8dfe610d8b3655969453f6754c516f455767

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    464bd07bd077cdf1f9f1e0cafd134cfe

    SHA1

    e232586099b733a03480e70d51b1545d7f534527

    SHA256

    7e5957f31a777b9240cca3374950c4718f0f100e75811cdbf4c062c6f2d5bb94

    SHA512

    eb0c3aa89454d2b99fd8215c575197d6317af81b8c88f754c012d130b5a5199554f47b4964a1a19f202cb7265951a4c65ffb723360aaeefbbb2a7f3b7164412f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e85cff788b39bd8d48de3f401f02dc7f

    SHA1

    a073caa47e99a2b562a8821984781407307c8cb0

    SHA256

    9d1c91f22488621a7b29557bdbdfb4ff1dc57a2b7e0291b702851b3aa34edff3

    SHA512

    37c0bcf55051c02cb0b9df2f09232dfbb590ed8afe53f0d20bc2080df2ecd604cd57c782b3ed05c2b170439732c8b6df5646f0038ea2d3d6f6cc9bd428874986

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dec5eb6afaa8f0ad21806718df7adc16

    SHA1

    a165eebcd471d9d2af92a37a64dd16713b544649

    SHA256

    35b8300032e0eaf5bc803453a56d310ea45798f96911cdd0649580d9f0815b67

    SHA512

    19f3f159dc480a10034c3f8f27989e0faf5ca64b1ba8c6340e99baaa095c5b74f1368b994352e15db5df05fb54d4be97036929fc25f257125b0699f403dda728

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c4f0d6aa11fa6955c6233aba0862b77a

    SHA1

    5009ad3e43381057becc4f6566e24b3b0d33fbcc

    SHA256

    86da955f5c3e222c1548e37c388b088787332025da8f33df6a347304967989a1

    SHA512

    cf3923f6d05e32d16605dddf6e95983775079561388bd3c770e0d447b49cda0af117cd352855f69efa63f0599bc16d2bc44ee5e3b3c75f275d039d156023b184

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    657b119fb076d307563d32ce8733973b

    SHA1

    6a5617dd54bd0a5a24182c96fcee4502838a4d9b

    SHA256

    07aa0591d182550de1cff192dc7ac084faebd5bb749646f484b93b19a6a21a0b

    SHA512

    ed8df2800bdb03d6a5bbc0ac14d0018a37652561533030912e68f9463f57b13ea44248c7d10fb2fb908079cade8168a3539bdfc1c450b9d3419887dc25036ca4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    83cde4889aea222f383f8ca1bd3a6fbb

    SHA1

    95005a638d99a0f35924f9f874e4471cfd499a60

    SHA256

    99ea1706aa8468b82e961c38969ca8e4beab7c96581791fd61cae0911da20a8b

    SHA512

    4d6a0bdb96978350bad5b79072ce6260e771ec3600981a3b380037a60a9136500ad2c8d80aeacbe62f2cea9bfac42887dc6de657ef31c930e0da3c7251dfe99a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3abc05b739b9378a2e6786abac90feb0

    SHA1

    f22317e75247170820f935213d385c571d11c07b

    SHA256

    cce42cf3b7d5595e2b7de0fddd14f390a17449683999a8062b6708a3a85f2e61

    SHA512

    45b82f884d91c4f568a631777da70309165abe48f84840c9002d110950b55c22abb2bc2a738a600b077cb6b4478385dc7128e7a5071521dc5ddb7f35246a9f67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a5959b8942829edc178acc44b22597b3

    SHA1

    caee82ebbbc3f6f642f9994f1d4e01d526365a05

    SHA256

    25729fac0be09093eb5564318a883a1a6ebb77af66e55c121679b3c633adab9c

    SHA512

    76b4fc51229c3da66b7eddad842f5ccee7c456780e6475512e076567e5a9eda992229e0cd71b4d96a0f8f2b8703a274e10adefdacf788509890a324705e86c56

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    887f3a3df1edde33521f0d291e2b2f74

    SHA1

    9d76c883815ac6d63b369fc778a56b26cb2df690

    SHA256

    f10feb7cc8066d8e2cbcdb581211f983938b52a5017ed4e275d195ee84a0c6a7

    SHA512

    5f9ce795108fe039589fddd7561128c877f42b4369fab3ec2f4358f68aa4cc073d2a50101df935e9813592034d270847cc6a12abbec66017e0cd1e9c699f9a23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c72dff2d5d9223a73c85c7d92b6272a4

    SHA1

    e47c7af1eb1154e27c23d78eeebd03e3aac78e14

    SHA256

    880d950c32c8e251d5b03645632c29d6ef0ec664a2943be40559e46e551a0ce5

    SHA512

    09f61a823bd4ffef4dc3acb3e3d006d5c2102341a8ec01501b3b1ccb4f5b2272f86d6691c74b83dc2efbdf21e78a13f482a270f7bd69ffe2436631acbfc1a51d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    98cd6603cc62a68fa089c4439e857c5d

    SHA1

    a806ff59479eb457d529da284788440ae6ce0f94

    SHA256

    c63730d2d639bad061e182524a6a9619e9619d8f88bd946f8df258f7b882dc81

    SHA512

    50f443173232c3613c17479036a0bc45cae21c11c060c1678b78f9e977289df9fb3d04d2289db435c02fd42ccdd0427556ee3243b19210a77057814ab7871448

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{627A46F1-8562-11EE-A055-5E9DF4B4F3C9}.dat
    Filesize

    3KB

    MD5

    b20aa701b05d839293483bfb5fb4fee6

    SHA1

    5beb8cc38e13b96b6ea84e4263b3f72b76b90e2a

    SHA256

    04cd57beab807d80415a24ab584d909ae7afe843e7518aaf6d8f0708c4e69ce1

    SHA512

    c0ef31fbfad4fa7f25eab561115037750c33b95d8b7490dd7b01dddc68d9a2379cca7bb5f232edbaa4c65e26d64a287c70922a0f29366281f606cf80d05a44f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{627CA851-8562-11EE-A055-5E9DF4B4F3C9}.dat
    Filesize

    3KB

    MD5

    f23161d0a2fcef953791991b87bb6e97

    SHA1

    d3ec1aad8a321e714ca415f8cfc9dd0a23051726

    SHA256

    a2dbb806751b72978e6cd09524f80b77b189e60ee6872c9ea82ad42542d7814e

    SHA512

    bb2e940e3ec29f895c9acc3f7071aef7266df6a9a44ad1e98d02e3d706c40d462925a400d2288dcd1095f50a503f5db663885d69043a904e5ff8f87dda0aed5e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4DC4.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4E84.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit

  • C:\Windows\SysWOW64\rundll32mgr.exe
    Filesize

    105KB

    MD5

    dfb5daabb95dcfad1a5faf9ab1437076

    SHA1

    4a199569a9b52911bee7fb19ab80570cc5ff9ed1

    SHA256

    54282ec29d4993ed6e9972122cfbb70bba4898a21d527bd9e72a166d7ec2fdc0

    SHA512

    5d31c34403ab5f8db4a6d84f2b5579d4ea18673914b626d78e458a648ac20ddd8e342818e807331036d7bb064f596a02b9737acac42fbead29260343a30717e8

    Download Submit

  • C:\Windows\SysWOW64\rundll32mgr.exe
    Filesize

    105KB

    MD5

    dfb5daabb95dcfad1a5faf9ab1437076

    SHA1

    4a199569a9b52911bee7fb19ab80570cc5ff9ed1

    SHA256

    54282ec29d4993ed6e9972122cfbb70bba4898a21d527bd9e72a166d7ec2fdc0

    SHA512

    5d31c34403ab5f8db4a6d84f2b5579d4ea18673914b626d78e458a648ac20ddd8e342818e807331036d7bb064f596a02b9737acac42fbead29260343a30717e8

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    105KB

    MD5

    dfb5daabb95dcfad1a5faf9ab1437076

    SHA1

    4a199569a9b52911bee7fb19ab80570cc5ff9ed1

    SHA256

    54282ec29d4993ed6e9972122cfbb70bba4898a21d527bd9e72a166d7ec2fdc0

    SHA512

    5d31c34403ab5f8db4a6d84f2b5579d4ea18673914b626d78e458a648ac20ddd8e342818e807331036d7bb064f596a02b9737acac42fbead29260343a30717e8

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    105KB

    MD5

    dfb5daabb95dcfad1a5faf9ab1437076

    SHA1

    4a199569a9b52911bee7fb19ab80570cc5ff9ed1

    SHA256

    54282ec29d4993ed6e9972122cfbb70bba4898a21d527bd9e72a166d7ec2fdc0

    SHA512

    5d31c34403ab5f8db4a6d84f2b5579d4ea18673914b626d78e458a648ac20ddd8e342818e807331036d7bb064f596a02b9737acac42fbead29260343a30717e8

    Download Submit

  • memory/2288-16-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2288-15-0x000000007754F000-0x0000000077550000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2288-14-0x00000000003D0000-0x00000000003D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2288-18-0x000000007754F000-0x0000000077550000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2288-17-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2288-12-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2288-13-0x00000000003B0000-0x00000000003B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2288-21-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2528-1-0x0000000074B70000-0x0000000074BA4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2528-5-0x0000000000150000-0x00000000001AB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2528-3-0x0000000074B70000-0x0000000074BA4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2528-2-0x0000000074B30000-0x0000000074B64000-memory.dmp

    Filesize

    208KB

    Download