Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

794217d1fb...f2.exe

windows7-x64

10

794217d1fb...f2.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    135s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    27/01/2024, 04:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    794217d1fb7268a4259e989a1916b0f2.exe

  • Size

    223KB

  • MD5

    794217d1fb7268a4259e989a1916b0f2

  • SHA1

    82be954bcae8b3aa950fe1b472eb36b17c06d161

  • SHA256

    8a7068fec7496c0fceab869d573239214c6c57ac013f16e28ef83202f2e88ae8

  • SHA512

    ea90b6555649c64c67044a0bbf34d2177a4bedc13d567f13d4f92dbfc8f6571394dc05790567ce345e2ac17af977d3cd5f673ee65580123886d271ac9b414891

  • SSDEEP

    3072:ok59fo2r2f0oJDib8iLws7ngPwAGKEGCXaNu0XREZ8Uns6tYEYRp:ok7o2r2fj2P8sbgYAGKkXmu0dbbL

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\794217d1fb7268a4259e989a1916b0f2.exe
    "C:\Users\Admin\AppData\Local\Temp\794217d1fb7268a4259e989a1916b0f2.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2092
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2092 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3012
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2660
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    96e527ff30ae526f921283b902be2da0

    SHA1

    d17b410f6ec767fff4690a7cab596bde59c2df9c

    SHA256

    e6265803121f0c8b847f36b3a5706458006432d349abb07679ef44334ae64b2c

    SHA512

    99485921bc0b5bc482eaf629092183261b499e845dcdd8e07eab51feb373e193f92641cf1f71996d9639abe6ef1cf251eb3ad925b1e542f7c831e781ee57c490

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c335d9f4cd30e5ea82a37417326b9ba6

    SHA1

    091328c93a0bcf266cf26ba48bb4551af9d0c36e

    SHA256

    d3680be92195de3549477b91bd0151930ebf66f433d3e1773e72d49ac17a1fb9

    SHA512

    d11247aa2c5e1a0e05d56fe59ca6a16a12ce0660b8734fcf8610ade657ffd2c5bb2014df87a2f3c41b434b536a113513a5328dc64a01c38d4e20aa2cf0ad34bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1f200e68ce481ca4a659765bd3ad0d8b

    SHA1

    3f0c682a4406da7656ad23ac12a62fe81d6e36e3

    SHA256

    9d04d31beee8ea341a5d3128cd937483f86ed517b1979bd2eb715988319636d4

    SHA512

    33a73a2db5a9b8f507af590c7337ed493e1eb05bd3b95a886841a322aba2650d573562862dba6dabcb3bfca98f30ecf6bfc349de373f47ab15dc33f6b2b3ab5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    184412ced9271e0b20a798b93ad6d463

    SHA1

    0fd1300e49df5b71d3db3c41f249ed3d77044d75

    SHA256

    86bdea59ca2e6decd4a58163b41e342d018a3760ff62744584ed8d38ce86a47b

    SHA512

    740a7055ec46d17ac0a07965ac1089c2927ca547bec2b19769dab83c6856ed00674429680e72073f30a9d63e932315615f7187833dd7f6089978af45947c84a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dd3344ca88f2db33f0de2ffd0c581417

    SHA1

    f5f1b466f7e33b5a7e60db13b822aa31c124625a

    SHA256

    d2e7f339e1d25cad1451052d1d7db550c2ae8d9fd07e94260beac51968032d0f

    SHA512

    5631bcffc85c62623b052ebde2441c59e48792db7255e5fbd26601db6398051f9846a75640b0d367e33d418e4cf15792f6bb99199f79c887eada507228e44921

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eb2ea7a1fb2bd0314fa8341a1649d81a

    SHA1

    ccf83c1aa98a45ff2ab4b92ed31ff81831cf7d68

    SHA256

    e17bc10cd21bd2910c9db2c57950a125c7d7e88c7cc64c4f03d6c70b703e7523

    SHA512

    c2b403b6b167888084872d05b49ced74fd8801766dd2bcb530cc87844c4a4b3a56c35b54dbb1fa6578ab340ca4f8917a482e4499c36b7c6b6f4e596ff3ca07c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    163cdbff3d8989e3894ad93b936643b2

    SHA1

    8c9b22e92008b5ae9c1da9dcda07de472889d285

    SHA256

    49b5613dc26c2403d6936410329e528fb9687194b5f0f1583f0b9a6ba9a939b9

    SHA512

    840b064b1b097c2ea2ca45bf613676b596df2b37a5c540691cd594da08d23890d9f406c6ec7c4ff17937af2e35c059a234a99316278bfca606bfaea77f991e02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c4a3c77aa296b0f60800b784e8d97b97

    SHA1

    3cd806af7d403d16a59ce13ce7b26e14aa5a787d

    SHA256

    8718563c9117a09bb07a1c91ed1a5169b3ecbc0d0a3102c0454a5a8107ff9a7e

    SHA512

    b22cb91a7aa1c85fc09e0db3aa031462dbcff1a62560161b71395598af298eab6e61d1ef9b445c3f9629830a177c086db188343536b9028e5d391131bd55a37d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    de7b2fa48beefb7af16e5ba4ee92c325

    SHA1

    4e34adc7c7f1532b1474b7bc78ab20e06185ca6e

    SHA256

    39c2420ffb6cc9ee70c6edbbcc3b4aa45b3367ab5a8380824ee5ddf0e771708b

    SHA512

    75a75d7e8cff471d3b1cd6b1d8db5d36ddddfaa953649e6a05f5d1262e911ddb0aca6b3aef40be359a476c82199171fe592228707619a4a28ccc78c47093421e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b5f897314b10aaa1eaa8acc4f3e0b4d3

    SHA1

    e8fee2ff3ed7bf26424f149ca5f120d016e32694

    SHA256

    31e9dfd3363c4ac9c0eb7c3d724dfaf6a3667ce3439e88987a64965429aa19df

    SHA512

    9eb643c3444690ccaf7461762df7b255d5b89c8d6641caf9f8bcbe97ce7901a887438f6b7b6bf7c4aa47352ea154d66d456cfc97e3aa0cd54c00d291eb9d0c93

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    18a5e080436965643f08356dd901227d

    SHA1

    06c5ce74c8a43cad1b76358e46b3f2badd2b4157

    SHA256

    56ecc22ea6700108e7416bca15762fb4e1baaefc9f7c247927a7ac71483c4380

    SHA512

    c5854c866b74daa639163cc793442a9d87b759157bc63b7cc10e3ed3de2a0c122a110edcd582cff6a057a937c9a2b46efa6d44dd92954ab89a4908eaf265d447

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6aade008301966cd09c8bf3d4b63ddbb

    SHA1

    a8f8f7a9f477502a90e2e05ad4a27e8e660475be

    SHA256

    2cda3b67a4ee913242e4e94bafe7aed1e4dce685e1effa2997db44b2e4539283

    SHA512

    c5502b7acd158864641f7a5be432cafd075d51c14a3766c30e823ab5e396f12d13a3ed09f23157bb11ee02f5d70b9c18472438fcb8a94813b5805db72e998368

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    164bc8faec953dad0672f6127303be2e

    SHA1

    7add9f6e95d1b0d330c0d580988b202e76932488

    SHA256

    b4979118c179cd0730dd8fac2e49da9a5a05154f390f68c7456c657c4ab9851e

    SHA512

    5a8cda68092133e197197d065f00b9e8a85d4e5f263dfe9da1782d848b106d2f23cc64024285ae2fe8144891fd843b6e4dd7322a614df3dfa4735337ca7c393d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9d305bcb12e7e1668afb9777d8a73c6d

    SHA1

    c69c3c7f0cbca25c4a08e573dbb3a6f539e8c616

    SHA256

    ed16c43fe609815bf3a48525b73acb7fc9e44b52e67c31a4ccc09a8a9bc0980a

    SHA512

    d1f3172da33a334ef06a297e0c6e4657344a3ac864e56e98e0bf77ff6176624b149039206ba684ea2448deed4aee6b048bb3c917e251112f0d3cd2bcfbab461d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e3c1a8524bf2f2b40b740aad046f4a22

    SHA1

    4c2a3f6eaec7a238a536813da7889085fc8afa6e

    SHA256

    c9c89b9e561ebceb21bb18d116575a52826658b02bddd3bd3d580dbc8c620e2d

    SHA512

    19cc173797d9724b93a672a1c3482251c309dbe98ed908cfae2ba4bb3532b632d97f63a805edb688095d622530dcfd8346fc6ca55ecbb0b9b9a83eeb573248ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cbe06c36d54c42c84dbc8e1a6b154893

    SHA1

    cf06a7c5c4a7655c06488eb821560e38a131102d

    SHA256

    37c2b6c85b8c0a8da1183c1cad00bd0a9688c4ed0d39c46bf4e1444641183b27

    SHA512

    f9ff6e747983986f5ea29917837e6b640d914079f4ea2cacd43f1465517ce55c1e0d54e52c462540e886ae08e8b27260e57f82ee723ae49f72f3aa26fbb5b8c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e88637f5ffa5fbb4fbe94b154c624301

    SHA1

    e1b65d8db643a721ea56456d22c835a43f46cf82

    SHA256

    5096841c5280468d13fc4ac6ef97936bb0b0b46d7658449082497b0ebf4ff56b

    SHA512

    6e8a17bea8b413facc72138cec4c2eeb4a45a4e399d19648e5e5068522ab5290748e69fc6e488d1b97be5266d93fbc817e8edc752042d0a5c238138fbbef6fc6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{57D47B31-BCCB-11EE-A297-464D43A133DD}.dat
    Filesize

    3KB

    MD5

    e627aaf59d2bd5bbd30a0b157e3f4ef1

    SHA1

    7d824ac16aa2be132c87b256617c2e0368142746

    SHA256

    a8bc529080dd399fc57b8c20ed789a48ebca6312bc0cdb4bbc73c3d04b231efb

    SHA512

    483a38e11aba02cfdf8bb57802ea198acd5af1b522661acf59fe16d0bcdd0b3e0ba3be26bd1ad5ba42488858bfbd433b662ababaffa365fe51653c36188eaa12

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{57D6EC31-BCCB-11EE-A297-464D43A133DD}.dat
    Filesize

    5KB

    MD5

    95bbd3ec2209b8c0b7f4b56485999f31

    SHA1

    7aa6f903200aca16220ff456aa9a667d56bde785

    SHA256

    a3163a584405727825b3be798752832a5d6b02c1cd314e256497c1b11a9af265

    SHA512

    aa7da52a52a512d4d50f7419f065e7e5ff63857b40b912ba4bf0e81157205d19621ed3b120339c1587a14c73037f78e36640a2f29c908a7fa652974540985523

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5007.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5086.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2008-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2008-2-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2008-1-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2008-3-0x00000000772CF000-0x00000000772D0000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2008-4-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2008-7-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download