Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

50f8b8ec9e...bd.exe

windows7-x64

10

50f8b8ec9e...bd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2024, 15:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    50f8b8ec9e9de355702d4ec09d43b8bd.exe

  • Size

    134KB

  • MD5

    50f8b8ec9e9de355702d4ec09d43b8bd

  • SHA1

    155e59059c1d50642d0e9a28fbdff8251e9fc34b

  • SHA256

    4a2e855d2a17dd5c7278bff65f092a3ba882dcd36a658f23d8adf9bad118e356

  • SHA512

    c42b0ff83eec60c52ab40c034bae8f8491d534c9434aadd0230a9ccec0a8a0a21413486eb5b9a837e2225ff464662b028a9e74ed2f3a63832df6c3998a672cdb

  • SSDEEP

    3072:ZwV4OgSzBmh04eZFkz3Rr0gwGj9Tf8STFiDHlHoBqPI:ZMzzILGFkzhr0pGj9o3HoAI

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\50f8b8ec9e9de355702d4ec09d43b8bd.exe
    "C:\Users\Admin\AppData\Local\Temp\50f8b8ec9e9de355702d4ec09d43b8bd.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2924
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2924 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2816
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2392
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1420

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6a18a65e7c8e15b7d3e3bb37e3527d6c

    SHA1

    fd2b459f342266591348276a658414b4330f3582

    SHA256

    b0357b4115cf3697154cb768afb62ac936437a44f0009e677ff6ced0e7e920f9

    SHA512

    ed8a82d5a417ee55adf76f1687f5a98709badb90f1460bd348b2b8098c5e6e163df997b9d1586eb37122d72e54e042e62af1af8cdbd004f4817fffd36ca724d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a9ecebdb79b07f0288aaf47e19ea2f26

    SHA1

    8ef2156259e97e25a7d38f2c98f878d539df1f2c

    SHA256

    2b905274bdc878971c731d87edd1927a0e5cb1cdd3b3170c98f9cbf72a81db2c

    SHA512

    20b9f079d7457caefb5ff1ccc7e00b2387473422b3bf1fb50e95bce8174e3b3357197a3b716e959c969e260b4640162f8bad2c472bb29ee98f3e735d3f3290e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    da0b6c1d70adbe9568fc34b5f3c2c387

    SHA1

    d00b4b01916c7aa55152a37247bfcd8b8a10daa2

    SHA256

    ffbfb6bb658ef2e3b47c30b1d0b59a189422f2b792fa8459c4ffcc23c19f1149

    SHA512

    6c1e14f457d1332186802f147c887f8d354a8961c342a6a29f41771060f9dac41185de318517c7ad422a6141659897401a79bd2e0bb7a3955db3a64a8e137cfc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c25c94108804b6427c659ff3bad5a43d

    SHA1

    94e23e17de71c9da838adbc52647f3a34ada0782

    SHA256

    38ad599c9a2793fa589c87797b859e15ed1a1e6bda975a03205bfc3981c3150a

    SHA512

    f07e33410ce3722aa7e18ebb6d2a595393d0c22b1dcef465c4bf37ca51ab41f4f508597196d9c80ec8ddf0be5f3420b1fe9ffa032d745dc61bddf4a0b9824d36

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e12355fce1a10300972132ee2e9b8d62

    SHA1

    448251dd458d70de6390f0b48b065ba0283beb2f

    SHA256

    93e35a65b88b0ade1d99389ea1ce3a5dd232db5f4bb92f1e99003c866eac49d1

    SHA512

    a7c808bc8b75727a93aa5fb672863b7f7c47accfde2520f32f6ffc0ec55618c5d3c1ca745e369254baf9084f754ee934d55270ef44d9cdfc13bee24175b4b7c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9e8be484bc10ff045f899a482ff45201

    SHA1

    d8e8690f22e953a5e8bbc3769a82e213ff9ae6e9

    SHA256

    08b9a39dbe4757d1e5375535f4a7449b1f8e50a340fc8846d6986d19be656f43

    SHA512

    5ec14c8492ee44ba5bc83f0e36acdd888679b79db0cae49ace53c0cc71f33a487278edcccaf20c31c35fae866915186bcfb745d8c299e674aaeaeedcc8b048c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d72f632901b534cdb4ec54d80f8a89f7

    SHA1

    4ed669c75c1be239eeb1c47996c704e6232622d9

    SHA256

    9500749872de77891fc50508c276f630ee8354965916ba0a435073350fc62b1f

    SHA512

    19e4c867d13ab4659a3b6479f8bb2ccb9ed4bdfa02a3d156e70b691481c33a8de373583e48a1af874455ea3161bc78fbbbbc4da669dc83e76403b49013100a8e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5A4AA321-AFCF-11EE-839C-EE9A2FAC8CC3}.dat
    Filesize

    5KB

    MD5

    78aa7eca7d47d34dccf6e97c441d9a77

    SHA1

    c08f151c1f22a3f8a77c6dc2c9c4768c6d21d469

    SHA256

    3dc23981af018377af2dbb9751e212584ce3294f00003aa0f7dd6f13bd00d2d9

    SHA512

    07b175bcebdaea0ec54530feb4a94f5ed31a58aab9bbe23cb913762f264ce25eff1d614a173e36eb3aa1ba68422b9126edd8d886222458caa6f4853741522f8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5A56C0B1-AFCF-11EE-839C-EE9A2FAC8CC3}.dat
    Filesize

    4KB

    MD5

    3f75ab073840279828660751327b87af

    SHA1

    0f1e898086a690472b1fd27e731d5de728f4462f

    SHA256

    8462d74c5be622a7664b166d05820ad43a5413e5f096d5d97a64c5f2cb524d1a

    SHA512

    dfcda80609ed2ba54e88c4188a8b7e3171e02f49973c00a59958134598d87c92312c781c5608f207397eba81c72d797d83a829a1b2753e531ba0c8542fb16fbc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6664.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6AF9.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2116-5-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2116-8-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2116-4-0x000000007703F000-0x0000000077040000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2116-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2116-2-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2116-3-0x0000000000320000-0x0000000000321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2116-0-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download