Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

53b233c6c2...65.dll

windows7-x64

10

53b233c6c2...65.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    3s
  • max time network
    66s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/01/2024, 20:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    53b233c6c23409aa87d7982565849165.dll

  • Size

    166KB

  • MD5

    53b233c6c23409aa87d7982565849165

  • SHA1

    f3b0d0f6869a017892d7838d60fa9738d648d0e5

  • SHA256

    f2db305bb87e418623361ca81fc600864d14e270f3b23a4a0248b9ada86c1543

  • SHA512

    2f2fa21b020fcc3b9f76b2874c74b0a37cf4c7da96dab5111bc3fa481bd767bcd503a476998fc1d0daf5cb5b2b315124c71486ef33325279670eafd55fdb1ef0

  • SSDEEP

    3072:pTU56gVxj27NevROEuPvisOpkTv7L2GQ6uE:G4wRj+qYvW4uE

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • UPX packed file 12 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\53b233c6c23409aa87d7982565849165.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3452
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\53b233c6c23409aa87d7982565849165.dll
      2⤵
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:1512
      • C:\Windows\SysWOW64\regsvr32mgr.exe
        C:\Windows\SysWOW64\regsvr32mgr.exe
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:2196
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4788 -ip 4788
    1⤵
      PID:4392
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 204
      1⤵
      • Program crash
      PID:3844
    • C:\Windows\SysWOW64\svchost.exe
      C:\Windows\system32\svchost.exe
      1⤵
        PID:4788
      • C:\Program Files (x86)\Microsoft\WaterMark.exe
        "C:\Program Files (x86)\Microsoft\WaterMark.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:4292
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          2⤵
          • Modifies Internet Explorer settings
          PID:3044
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:17410 /prefetch:2
            3⤵
              PID:1204
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            2⤵
            • Modifies Internet Explorer settings
            PID:2796
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2796 CREDAT:17410 /prefetch:2
              3⤵
                PID:3644

          Network

          • flag-us
            DNS
            208.194.73.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            208.194.73.20.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            g.bing.com
            Remote address:
            8.8.8.8:53
            Request
            g.bing.com
            IN A
            Response
            g.bing.com
            IN CNAME
            g-bing-com.a-0001.a-msedge.net
            g-bing-com.a-0001.a-msedge.net
            IN CNAME
            dual-a-0001.a-msedge.net
            dual-a-0001.a-msedge.net
            IN A
            204.79.197.200
            dual-a-0001.a-msedge.net
            IN A
            13.107.21.200
          • flag-us
            DNS
            g.bing.com
            Remote address:
            8.8.8.8:53
            Request
            g.bing.com
            IN A
          • flag-us
            DNS
            g.bing.com
            Remote address:
            8.8.8.8:53
            Request
            g.bing.com
            IN A
          • flag-us
            DNS
            g.bing.com
            Remote address:
            8.8.8.8:53
            Request
            g.bing.com
            IN A
          • flag-us
            DNS
            82.117.19.2.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            82.117.19.2.in-addr.arpa
            IN PTR
            Response
            82.117.19.2.in-addr.arpa
            IN PTR
            a2-19-117-82deploystaticakamaitechnologiescom
          • flag-us
            DNS
            6.181.190.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            6.181.190.20.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            95.221.229.192.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            95.221.229.192.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            95.221.229.192.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            95.221.229.192.in-addr.arpa
            IN PTR
          • flag-us
            DNS
            api.bing.com
            Remote address:
            8.8.8.8:53
            Request
            api.bing.com
            IN A
            Response
            api.bing.com
            IN CNAME
            api-bing-com.e-0001.e-msedge.net
            api-bing-com.e-0001.e-msedge.net
            IN CNAME
            e-0001.e-msedge.net
            e-0001.e-msedge.net
            IN A
            13.107.5.80
          • flag-us
            DNS
            241.154.82.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            241.154.82.20.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            241.154.82.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            241.154.82.20.in-addr.arpa
            IN PTR
          • flag-us
            DNS
            241.154.82.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            241.154.82.20.in-addr.arpa
            IN PTR
          • flag-us
            DNS
            241.154.82.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            241.154.82.20.in-addr.arpa
            IN PTR
          • flag-us
            DNS
            26.35.223.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            26.35.223.20.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            26.35.223.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            26.35.223.20.in-addr.arpa
            IN PTR
          • flag-us
            DNS
            26.35.223.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            26.35.223.20.in-addr.arpa
            IN PTR
          • flag-us
            DNS
            11.6.37.23.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            11.6.37.23.in-addr.arpa
            IN PTR
            Response
            11.6.37.23.in-addr.arpa
            IN PTR
            a23-37-6-11deploystaticakamaitechnologiescom
          • flag-us
            DNS
            135.5.97.104.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            135.5.97.104.in-addr.arpa
            IN PTR
            Response
            135.5.97.104.in-addr.arpa
            IN PTR
            a104-97-5-135deploystaticakamaitechnologiescom
          • flag-us
            DNS
            119.110.54.20.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            119.110.54.20.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            161.19.199.152.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            161.19.199.152.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            240.221.184.93.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            240.221.184.93.in-addr.arpa
            IN PTR
            Response
          • flag-us
            DNS
            97.117.19.2.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            97.117.19.2.in-addr.arpa
            IN PTR
            Response
            97.117.19.2.in-addr.arpa
            IN PTR
            a2-19-117-97deploystaticakamaitechnologiescom
          • flag-us
            DNS
            42.218.122.92.in-addr.arpa
            Remote address:
            8.8.8.8:53
            Request
            42.218.122.92.in-addr.arpa
            IN PTR
            Response
            42.218.122.92.in-addr.arpa
            IN PTR
            a92-122-218-42deploystaticakamaitechnologiescom
          • 204.79.197.200:443
            g.bing.com
            tls
            2.5kB
             10.0kB
             24
            20
          • 8.8.8.8:53
            208.194.73.20.in-addr.arpa
            dns
            72 B
             158 B
             1
            1

            DNS Request

            208.194.73.20.in-addr.arpa

          • 8.8.8.8:53
            g.bing.com
            dns
            224 B
             158 B
             4
            1

            DNS Request

            g.bing.com

            DNS Request

            g.bing.com

            DNS Request

            g.bing.com

            DNS Request

            g.bing.com

            DNS Response

            204.79.197.200
            13.107.21.200

          • 8.8.8.8:53
            82.117.19.2.in-addr.arpa
            dns
            70 B
             133 B
             1
            1

            DNS Request

            82.117.19.2.in-addr.arpa

          • 8.8.8.8:53
            6.181.190.20.in-addr.arpa
            dns
            71 B
             157 B
             1
            1

            DNS Request

            6.181.190.20.in-addr.arpa

          • 8.8.8.8:53
            95.221.229.192.in-addr.arpa
            dns
            146 B
             144 B
             2
            1

            DNS Request

            95.221.229.192.in-addr.arpa

            DNS Request

            95.221.229.192.in-addr.arpa

          • 8.8.8.8:53
            api.bing.com
            dns
            58 B
             134 B
             1
            1

            DNS Request

            api.bing.com

            DNS Response

            13.107.5.80

          • 8.8.8.8:53
            241.154.82.20.in-addr.arpa
            dns
            288 B
             158 B
             4
            1

            DNS Request

            241.154.82.20.in-addr.arpa

            DNS Request

            241.154.82.20.in-addr.arpa

            DNS Request

            241.154.82.20.in-addr.arpa

            DNS Request

            241.154.82.20.in-addr.arpa

          • 8.8.8.8:53
            26.35.223.20.in-addr.arpa
            dns
            213 B
             157 B
             3
            1

            DNS Request

            26.35.223.20.in-addr.arpa

            DNS Request

            26.35.223.20.in-addr.arpa

            DNS Request

            26.35.223.20.in-addr.arpa

          • 8.8.8.8:53
            11.6.37.23.in-addr.arpa
            dns
            69 B
             131 B
             1
            1

            DNS Request

            11.6.37.23.in-addr.arpa

          • 8.8.8.8:53
            135.5.97.104.in-addr.arpa
            dns
            71 B
             135 B
             1
            1

            DNS Request

            135.5.97.104.in-addr.arpa

          • 8.8.8.8:53
            119.110.54.20.in-addr.arpa
            dns
            72 B
             158 B
             1
            1

            DNS Request

            119.110.54.20.in-addr.arpa

          • 8.8.8.8:53
            161.19.199.152.in-addr.arpa
            dns
            73 B
             144 B
             1
            1

            DNS Request

            161.19.199.152.in-addr.arpa

          • 8.8.8.8:53
            240.221.184.93.in-addr.arpa
            dns
            73 B
             144 B
             1
            1

            DNS Request

            240.221.184.93.in-addr.arpa

          • 8.8.8.8:53
            97.117.19.2.in-addr.arpa
            dns
            70 B
             133 B
             1
            1

            DNS Request

            97.117.19.2.in-addr.arpa

          • 8.8.8.8:53
            42.218.122.92.in-addr.arpa
            dns
            72 B
             137 B
             1
            1

            DNS Request

            42.218.122.92.in-addr.arpa

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1512-0-0x0000000074AB0000-0x0000000074ADC000-memory.dmp

            Filesize

            176KB

            Download

          • memory/2196-5-0x0000000000400000-0x0000000000435000-memory.dmp

            Filesize

            212KB

            Download

          • memory/2196-7-0x0000000000400000-0x0000000000421000-memory.dmp

            Filesize

            132KB

            Download

          • memory/2196-9-0x0000000000400000-0x0000000000421000-memory.dmp

            Filesize

            132KB

            Download

          • memory/2196-6-0x0000000000400000-0x0000000000421000-memory.dmp

            Filesize

            132KB

            Download

          • memory/2196-12-0x0000000000400000-0x0000000000421000-memory.dmp

            Filesize

            132KB

            Download

          • memory/2196-11-0x0000000000400000-0x0000000000421000-memory.dmp

            Filesize

            132KB

            Download

          • memory/2196-15-0x0000000000400000-0x0000000000421000-memory.dmp

            Filesize

            132KB

            Download

          • memory/2196-14-0x00000000008C0000-0x00000000008C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2196-10-0x0000000000400000-0x0000000000421000-memory.dmp

            Filesize

            132KB

            Download

          • memory/2196-8-0x0000000000400000-0x0000000000421000-memory.dmp

            Filesize

            132KB

            Download

          • memory/4292-29-0x0000000000400000-0x0000000000421000-memory.dmp

            Filesize

            132KB

            Download

          • memory/4292-30-0x0000000000060000-0x0000000000061000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4292-32-0x0000000077102000-0x0000000077103000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4292-22-0x0000000000400000-0x0000000000435000-memory.dmp

            Filesize

            212KB

            Download

          • memory/4292-36-0x0000000000070000-0x0000000000071000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4292-35-0x0000000077102000-0x0000000077103000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4292-39-0x0000000000400000-0x0000000000421000-memory.dmp

            Filesize

            132KB

            Download

          • memory/4292-40-0x0000000000400000-0x0000000000421000-memory.dmp

            Filesize

            132KB

            Download

          • memory/4788-33-0x00000000004C0000-0x00000000004C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4788-34-0x00000000004E0000-0x00000000004E1000-memory.dmp

            Filesize

            4KB

            Download

          We care about your privacy.

          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.