Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

794217d1fb...f2.exe

windows7-x64

10

794217d1fb...f2.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    135s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    27/01/2024, 04:19 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    794217d1fb7268a4259e989a1916b0f2.exe

  • Size

    223KB

  • MD5

    794217d1fb7268a4259e989a1916b0f2

  • SHA1

    82be954bcae8b3aa950fe1b472eb36b17c06d161

  • SHA256

    8a7068fec7496c0fceab869d573239214c6c57ac013f16e28ef83202f2e88ae8

  • SHA512

    ea90b6555649c64c67044a0bbf34d2177a4bedc13d567f13d4f92dbfc8f6571394dc05790567ce345e2ac17af977d3cd5f673ee65580123886d271ac9b414891

  • SSDEEP

    3072:ok59fo2r2f0oJDib8iLws7ngPwAGKEGCXaNu0XREZ8Uns6tYEYRp:ok7o2r2fj2P8sbgYAGKkXmu0dbbL

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\794217d1fb7268a4259e989a1916b0f2.exe
    "C:\Users\Admin\AppData\Local\Temp\794217d1fb7268a4259e989a1916b0f2.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2092
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2092 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3012
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2660
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2716

Network

  • flag-us
    DNS
    api.bing.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    api.bing.com
    IN A
    Response
    api.bing.com
    IN CNAME
    api-bing-com.e-0001.e-msedge.net
    api-bing-com.e-0001.e-msedge.net
    IN CNAME
    e-0001.e-msedge.net
    e-0001.e-msedge.net
    IN A
    13.107.5.80
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.6kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.6kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    785 B
     7.7kB
     9
    13
  • 8.8.8.8:53
    api.bing.com
    dns
    iexplore.exe
    58 B
     134 B
     1
    1

    DNS Request

    api.bing.com

    DNS Response

    13.107.5.80

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    96e527ff30ae526f921283b902be2da0

    SHA1

    d17b410f6ec767fff4690a7cab596bde59c2df9c

    SHA256

    e6265803121f0c8b847f36b3a5706458006432d349abb07679ef44334ae64b2c

    SHA512

    99485921bc0b5bc482eaf629092183261b499e845dcdd8e07eab51feb373e193f92641cf1f71996d9639abe6ef1cf251eb3ad925b1e542f7c831e781ee57c490

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c335d9f4cd30e5ea82a37417326b9ba6

    SHA1

    091328c93a0bcf266cf26ba48bb4551af9d0c36e

    SHA256

    d3680be92195de3549477b91bd0151930ebf66f433d3e1773e72d49ac17a1fb9

    SHA512

    d11247aa2c5e1a0e05d56fe59ca6a16a12ce0660b8734fcf8610ade657ffd2c5bb2014df87a2f3c41b434b536a113513a5328dc64a01c38d4e20aa2cf0ad34bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1f200e68ce481ca4a659765bd3ad0d8b

    SHA1

    3f0c682a4406da7656ad23ac12a62fe81d6e36e3

    SHA256

    9d04d31beee8ea341a5d3128cd937483f86ed517b1979bd2eb715988319636d4

    SHA512

    33a73a2db5a9b8f507af590c7337ed493e1eb05bd3b95a886841a322aba2650d573562862dba6dabcb3bfca98f30ecf6bfc349de373f47ab15dc33f6b2b3ab5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    184412ced9271e0b20a798b93ad6d463

    SHA1

    0fd1300e49df5b71d3db3c41f249ed3d77044d75

    SHA256

    86bdea59ca2e6decd4a58163b41e342d018a3760ff62744584ed8d38ce86a47b

    SHA512

    740a7055ec46d17ac0a07965ac1089c2927ca547bec2b19769dab83c6856ed00674429680e72073f30a9d63e932315615f7187833dd7f6089978af45947c84a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dd3344ca88f2db33f0de2ffd0c581417

    SHA1

    f5f1b466f7e33b5a7e60db13b822aa31c124625a

    SHA256

    d2e7f339e1d25cad1451052d1d7db550c2ae8d9fd07e94260beac51968032d0f

    SHA512

    5631bcffc85c62623b052ebde2441c59e48792db7255e5fbd26601db6398051f9846a75640b0d367e33d418e4cf15792f6bb99199f79c887eada507228e44921

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eb2ea7a1fb2bd0314fa8341a1649d81a

    SHA1

    ccf83c1aa98a45ff2ab4b92ed31ff81831cf7d68

    SHA256

    e17bc10cd21bd2910c9db2c57950a125c7d7e88c7cc64c4f03d6c70b703e7523

    SHA512

    c2b403b6b167888084872d05b49ced74fd8801766dd2bcb530cc87844c4a4b3a56c35b54dbb1fa6578ab340ca4f8917a482e4499c36b7c6b6f4e596ff3ca07c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    163cdbff3d8989e3894ad93b936643b2

    SHA1

    8c9b22e92008b5ae9c1da9dcda07de472889d285

    SHA256

    49b5613dc26c2403d6936410329e528fb9687194b5f0f1583f0b9a6ba9a939b9

    SHA512

    840b064b1b097c2ea2ca45bf613676b596df2b37a5c540691cd594da08d23890d9f406c6ec7c4ff17937af2e35c059a234a99316278bfca606bfaea77f991e02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c4a3c77aa296b0f60800b784e8d97b97

    SHA1

    3cd806af7d403d16a59ce13ce7b26e14aa5a787d

    SHA256

    8718563c9117a09bb07a1c91ed1a5169b3ecbc0d0a3102c0454a5a8107ff9a7e

    SHA512

    b22cb91a7aa1c85fc09e0db3aa031462dbcff1a62560161b71395598af298eab6e61d1ef9b445c3f9629830a177c086db188343536b9028e5d391131bd55a37d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    de7b2fa48beefb7af16e5ba4ee92c325

    SHA1

    4e34adc7c7f1532b1474b7bc78ab20e06185ca6e

    SHA256

    39c2420ffb6cc9ee70c6edbbcc3b4aa45b3367ab5a8380824ee5ddf0e771708b

    SHA512

    75a75d7e8cff471d3b1cd6b1d8db5d36ddddfaa953649e6a05f5d1262e911ddb0aca6b3aef40be359a476c82199171fe592228707619a4a28ccc78c47093421e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b5f897314b10aaa1eaa8acc4f3e0b4d3

    SHA1

    e8fee2ff3ed7bf26424f149ca5f120d016e32694

    SHA256

    31e9dfd3363c4ac9c0eb7c3d724dfaf6a3667ce3439e88987a64965429aa19df

    SHA512

    9eb643c3444690ccaf7461762df7b255d5b89c8d6641caf9f8bcbe97ce7901a887438f6b7b6bf7c4aa47352ea154d66d456cfc97e3aa0cd54c00d291eb9d0c93

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    18a5e080436965643f08356dd901227d

    SHA1

    06c5ce74c8a43cad1b76358e46b3f2badd2b4157

    SHA256

    56ecc22ea6700108e7416bca15762fb4e1baaefc9f7c247927a7ac71483c4380

    SHA512

    c5854c866b74daa639163cc793442a9d87b759157bc63b7cc10e3ed3de2a0c122a110edcd582cff6a057a937c9a2b46efa6d44dd92954ab89a4908eaf265d447

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6aade008301966cd09c8bf3d4b63ddbb

    SHA1

    a8f8f7a9f477502a90e2e05ad4a27e8e660475be

    SHA256

    2cda3b67a4ee913242e4e94bafe7aed1e4dce685e1effa2997db44b2e4539283

    SHA512

    c5502b7acd158864641f7a5be432cafd075d51c14a3766c30e823ab5e396f12d13a3ed09f23157bb11ee02f5d70b9c18472438fcb8a94813b5805db72e998368

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    164bc8faec953dad0672f6127303be2e

    SHA1

    7add9f6e95d1b0d330c0d580988b202e76932488

    SHA256

    b4979118c179cd0730dd8fac2e49da9a5a05154f390f68c7456c657c4ab9851e

    SHA512

    5a8cda68092133e197197d065f00b9e8a85d4e5f263dfe9da1782d848b106d2f23cc64024285ae2fe8144891fd843b6e4dd7322a614df3dfa4735337ca7c393d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9d305bcb12e7e1668afb9777d8a73c6d

    SHA1

    c69c3c7f0cbca25c4a08e573dbb3a6f539e8c616

    SHA256

    ed16c43fe609815bf3a48525b73acb7fc9e44b52e67c31a4ccc09a8a9bc0980a

    SHA512

    d1f3172da33a334ef06a297e0c6e4657344a3ac864e56e98e0bf77ff6176624b149039206ba684ea2448deed4aee6b048bb3c917e251112f0d3cd2bcfbab461d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e3c1a8524bf2f2b40b740aad046f4a22

    SHA1

    4c2a3f6eaec7a238a536813da7889085fc8afa6e

    SHA256

    c9c89b9e561ebceb21bb18d116575a52826658b02bddd3bd3d580dbc8c620e2d

    SHA512

    19cc173797d9724b93a672a1c3482251c309dbe98ed908cfae2ba4bb3532b632d97f63a805edb688095d622530dcfd8346fc6ca55ecbb0b9b9a83eeb573248ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cbe06c36d54c42c84dbc8e1a6b154893

    SHA1

    cf06a7c5c4a7655c06488eb821560e38a131102d

    SHA256

    37c2b6c85b8c0a8da1183c1cad00bd0a9688c4ed0d39c46bf4e1444641183b27

    SHA512

    f9ff6e747983986f5ea29917837e6b640d914079f4ea2cacd43f1465517ce55c1e0d54e52c462540e886ae08e8b27260e57f82ee723ae49f72f3aa26fbb5b8c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e88637f5ffa5fbb4fbe94b154c624301

    SHA1

    e1b65d8db643a721ea56456d22c835a43f46cf82

    SHA256

    5096841c5280468d13fc4ac6ef97936bb0b0b46d7658449082497b0ebf4ff56b

    SHA512

    6e8a17bea8b413facc72138cec4c2eeb4a45a4e399d19648e5e5068522ab5290748e69fc6e488d1b97be5266d93fbc817e8edc752042d0a5c238138fbbef6fc6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{57D47B31-BCCB-11EE-A297-464D43A133DD}.dat
    Filesize

    3KB

    MD5

    e627aaf59d2bd5bbd30a0b157e3f4ef1

    SHA1

    7d824ac16aa2be132c87b256617c2e0368142746

    SHA256

    a8bc529080dd399fc57b8c20ed789a48ebca6312bc0cdb4bbc73c3d04b231efb

    SHA512

    483a38e11aba02cfdf8bb57802ea198acd5af1b522661acf59fe16d0bcdd0b3e0ba3be26bd1ad5ba42488858bfbd433b662ababaffa365fe51653c36188eaa12

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{57D6EC31-BCCB-11EE-A297-464D43A133DD}.dat
    Filesize

    5KB

    MD5

    95bbd3ec2209b8c0b7f4b56485999f31

    SHA1

    7aa6f903200aca16220ff456aa9a667d56bde785

    SHA256

    a3163a584405727825b3be798752832a5d6b02c1cd314e256497c1b11a9af265

    SHA512

    aa7da52a52a512d4d50f7419f065e7e5ff63857b40b912ba4bf0e81157205d19621ed3b120339c1587a14c73037f78e36640a2f29c908a7fa652974540985523

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5007.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5086.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2008-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2008-2-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2008-1-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2008-3-0x00000000772CF000-0x00000000772D0000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2008-4-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2008-7-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.