Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

1fcc830365...c.html

windows7-x64

10

1fcc830365...c.html

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 23:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1fcc830365f9cdc8460129e69184323c.html

  • Size

    117KB

  • MD5

    1fcc830365f9cdc8460129e69184323c

  • SHA1

    bb1b6797bce15cd21416b24406943fb5ceb634bc

  • SHA256

    71750442d6493101add59806be34e5359c9a9fb4a642251b493a1dbfbed7e998

  • SHA512

    1ed9e88a91343ea6b9a4ba7cae35c1bfc3ff57955fc625a10bd098aeb9f9aa5985a76b06de551090a5f205158416c7cddba590756a3109bcc0e33a8cdc25cd10

  • SSDEEP

    1536:p7yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGCsQy:ZyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1fcc830365f9cdc8460129e69184323c.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3056
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2072
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2904
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2776
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:406535 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3024
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    1⤵
      PID:2576

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      88bd4bd7fed0e1f50167c7907a52a3f1

      SHA1

      c163237bb25e62168f30af35081f84998e8b0e46

      SHA256

      ae56a5fb9f94037f0ae0e1309da173c72a9d426753a5d229d628e04b33d48249

      SHA512

      027c0984d7e697a4c1de9b840addb9ab0f769c1cd39523bc5dde08c195ea782549984615d2c7a2f1f97fb62230454567b2b32e3df2ed6f4906f6fd9bfe28d836

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9738cfe5b2efcadfa4f1653462395a04

      SHA1

      967f840fb7e4a44af5c8b260fc520f321f204c7f

      SHA256

      b821e113bc242f51ef0c4c4cacc8178a42948e646043a065cccc9528657247b0

      SHA512

      e4b3d7e1d5736a323e1ecc51b8056b356890efac14205f8fc851be82d40e58a9902ccda69ff662689e296744d09f6251b19322882367e435d4fed3481ed409f9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d2912c836f498894257adf1ad8b6490f

      SHA1

      1884f42f2ac511016c7a2dfec60642b444950129

      SHA256

      c1f7520a6d24f6294b88a91e7ba181c5b5066709172e05ce2e68e534e5766535

      SHA512

      8ea8df6a266f840c32a1e1c7908c0b88b19182c49bf8859ff2f9adcffa7c0f6a24e07ea44b27a9ea4a2c852aea8a546ccf5d0bb132352b0a88ab30d8f5e9594e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      faec901e198c5509645a3854cc08b527

      SHA1

      0f85c8031e522b76fc9ed9e440f1ee6339c49c3d

      SHA256

      db16af0826d03240d8e2e12d983675d4285ddef6af5bbb2aff4e24bde8f833a9

      SHA512

      e1d017ba41017c960cf45b19d95b2de390ab9497235c4c17e09fb4259d64d8792cbc4f06934edc0525e07b37e03c8112e1e3dbf15a71a53bc8b746017904d0a8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8c99572f8f8f3ec53289a11abb4d8e27

      SHA1

      b68d939b03fb832c953d72521ab2aaf7472fdb92

      SHA256

      c9faf320d10915b9dd6aaa486f7d6888867d4dc064656648df5998ee8cdefdb4

      SHA512

      259ea909fac2c31df29d46bd72db22cc9a0de692c7b6e2e61553c57085c796557b0a39c7aa2f9061198e45df33461085a8b43748904c1d3b7652379d2bf9bc2e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      795407b9fbe52340e4c599adc40ea63f

      SHA1

      5b2272c19090ad2d603ca03790fbd9dde6570138

      SHA256

      855c8a1e985de5b9edee6b1cc61c1503fdf0a6f677ff8f409eb0e5852cceedda

      SHA512

      961f31c2f1526db27fecb8cabd08b3c6e4b66bec50566ec36fe7fadb9066e6bf54bc0cc9e5e6baad0b66456a9e294877cfbfe070a58a4a6ac4abcfd54fd15fad

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bdfc54cc4205c8211811041f4935289c

      SHA1

      7a632341dddad4c91eff083e3f3649e2454ce2d2

      SHA256

      2e897ccc9778dcf71740a82de0ba6664f37644a0ddae4f502c7936b0bb240283

      SHA512

      876cc0919f042734b64589ddf58f30b61bb25b585b53018e45853d3ee24888cea67862599568ff9bf5f86695938588c282a17a117af627a69690b7f22296b206

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4587635fa546dcea6d231777fb34235a

      SHA1

      45c1913e27b89c357bc4d5d302700f43fa54ecfa

      SHA256

      b53f53d7b3b42bd3a0778ded9f5e48550b36083e57b64560e58827626543de9a

      SHA512

      e54c6885799f53cb3305ce423510e288a023828c9c89ec72c9eb046351d5d91365fca30a5f4248872d6cd465df49838f4e588445beee32de000add39a47df811

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab38B0.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar38B3.tmp
      Filesize

      170KB

      MD5

      7aea59a35a157c7c6528f993d31778c9

      SHA1

      e841410e7999f9486a06ccb6e3caa61ac0778b9a

      SHA256

      afa1afd8d739a006b054c7896f29f05d2570a2e40e797584eec0d2383471c2e7

      SHA512

      e0fb17cde2fd7445aac3c2a89de06af0c79cf181b101bbebe97dc11bd061d1334ed55a81580727f8a9c7703114d6da5d26e08dbc9f8f4fd9b63363b9f5c35c1d

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2776-18-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2776-20-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2776-17-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2904-10-0x00000000002B0000-0x00000000002BF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2904-9-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2904-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download