Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

4011cb329a...8.html

windows7-x64

10

4011cb329a...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13/05/2024, 15:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4011cb329a06783a8d74b34fa22d37e1_JaffaCakes118.html

  • Size

    241KB

  • MD5

    4011cb329a06783a8d74b34fa22d37e1

  • SHA1

    663744ba34e345a5246664ed972e2f5b6bf6e169

  • SHA256

    44448d333949683b820232bcd4bb6877d3a4b09b744dbcda248d8ebf99cae86b

  • SHA512

    32bd36ff279f79282707305c572ffce564b35902b2cc6f8136f1977b6d33e241b00618a7ff7cbc1c48d86038d5fa7bd104a18f4d41ca83ef6389cc0987996b47

  • SSDEEP

    3072:n0rhB9CyHxX7Be7iAvtLPbAwuBNKifXTJQ:nMz9VxLY7iAVLTBQJlQ

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4011cb329a06783a8d74b34fa22d37e1_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2524
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2252
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2700
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
            PID:2760
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            4⤵
              PID:2812
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:209931 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2776
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:603141 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2196

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
        Filesize

        68KB

        MD5

        29f65ba8e88c063813cc50a4ea544e93

        SHA1

        05a7040d5c127e68c25d81cc51271ffb8bef3568

        SHA256

        1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

        SHA512

        e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        4e703a62497879d14ba1666c75d4f7fc

        SHA1

        e59e955f2ad66a1e51b508cf9e84645cb84e40ac

        SHA256

        f896290952d87cd8c0cc3496c6fe5d85dfde94599cf0d97c5d744e292ee94cd1

        SHA512

        3e0fb83832fcae061b9af03bda3e49e180f2940958d761e457747ba02cd63180f726a4fcfba775bcc0c055c5d56913621ab4f6d52bcce63b70222b90468f57d2

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        d1ca0fe0f30908d6a1c6267830badec0

        SHA1

        8ae1df4338faf45dfbceef28febb1e35f18a2c52

        SHA256

        e6617bc00fe55c1d845086f9d48c300932b048ee594283fbd16b75abfb49cda3

        SHA512

        6a595a52a4e3ad252c41a1b79a35f52f70d30f6c367e8aebb1aef7c382572ab0240c30abf92c5e0afa4f1c44d03eeeafd8004293f567b31c17d8a0f5b69977d1

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        48613c5adb3c4b2298a9840fafeb75b7

        SHA1

        68177f1139218f325ace5c6433f71655cb5b6541

        SHA256

        f7e39f5c51189e2fce25e6917665597b0fd1e20e84c14104bf0edd918b708bd7

        SHA512

        159dd6c2ff59857f755d01b6e300e9919bcce811d40e8edb07bd8e291bc639fb3bad088518222da4e4d43fd4ea81659e9b17925a33dffb85e654a2c6616c0135

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        57e169165b975d9c617d93e34c8ca905

        SHA1

        197cb046b780242299e8dfe7584cc82855dc0d54

        SHA256

        3418025c8ef74d7fca8e8e218ce5a85e409322e16fddc5326eeb8bc6f0a5150d

        SHA512

        7c6a249bc97b9e41ffc9bfa7ac24ff0dc8af5f763565fdba75b5d709152b68f781e5ffa9b8993694787f6b1a2b9ab0576b4a1394b166b7001fd25eef98e6cbd1

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        40bc2d2177fa93e3075add24a7e3791f

        SHA1

        e5392b0a52bad2aec306d025264374cc4b3139d4

        SHA256

        8ee57844fb55ac1c00634a0a080bd73b0a9c60140b80bbfe35f24c621d854b48

        SHA512

        efe8fce0d8a1f2ae37e29bc0a59f250a8e37ae7d165debabe97bcd04c28b909edb5aae202f65e6b92b0592cbde50d89125b5fd896a78a1bc4ba2fccd739f96d3

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        4db9ceeccefb0b960015e61bd370e5c9

        SHA1

        57fbe15f51a3594fb45f3c9be05bdeb9c9eb503d

        SHA256

        655e0eecea7462f21c769cc66bb6cd0ec167e8a08f96026c6cdaa187a7eb23e7

        SHA512

        783b30c434bda7b31fc35f9999afd9dc23e716b45f209c7d9bfcd666cf93959f7c5e621a95c5551ad992bcc42e62416be68f4ad19465d3ca558c72a0945dabc7

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        12a765ad341f545fb673c830c86718a4

        SHA1

        2e08e8538f459362f8a2c789d780da1b781fa7e7

        SHA256

        6a3cccb15f12995ae27990e24c528d92d92b31fabf5dfb11f95fb3704fd1722a

        SHA512

        9c7903126eda2cdc1b79d94c2153d80792bda46d20925a4b2bef3206d1da833a7449dee02152b1a346c2f96b7a39671a90b71075816fbc97267e09f84d769aa0

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        6ed5b6948b0054c4f04f6710821cf9db

        SHA1

        60b65552102ace5319abc258067f6549b5761490

        SHA256

        d9b82d7d61274c9f2738978147bc7faddd26d642f2c29b00a43f1f855ee2a759

        SHA512

        7a53ea8ad7d8300e8b85ffa672fa819c2960eab10d8d104a9c881fe4e4aa3078cbf5f83c1d8f928d765db23eb70d049a95d532b2ab5483e350a3297289467dc1

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        80d739e9a66ad54190ad3175b71d6241

        SHA1

        93a665ba74c9cb83ed2547c907f6dc315bb134ff

        SHA256

        63e8a6ca81acd088239f67791e93a76bc4f17a1cd1a4b6c0b59c9b714839a4d4

        SHA512

        0aaae8dd5b133adf50123afaba2489a3946dea5a675a5d18dbf6fbfafba8b973ddaaec495b000276dc3fc45884b09c2e3a501d9ca472f4b1d744a78e1ebfb4a6

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        7967ee729002d93f1cfd208d0c5c4adb

        SHA1

        e0271389cca0642b9e7569a09788c72e204350ff

        SHA256

        bb0d7a7e8d20fe54917ef6f87e5f626e690ebf71907b045ce38bc6ec69c64db6

        SHA512

        f9d3d371fb57ff92fce54595a289e01853142a8260628e261b7a935abf84c18259d122cf4a724be335726145a4ad6e5d32e028a8523bff90a15648fb88c6a3e5

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Cab3C0A.tmp
        Filesize

        65KB

        MD5

        ac05d27423a85adc1622c714f2cb6184

        SHA1

        b0fe2b1abddb97837ea0195be70ab2ff14d43198

        SHA256

        c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

        SHA512

        6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Tar3D39.tmp
        Filesize

        177KB

        MD5

        435a9ac180383f9fa094131b173a2f7b

        SHA1

        76944ea657a9db94f9a4bef38f88c46ed4166983

        SHA256

        67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

        SHA512

        1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\svchost.exe
        Filesize

        105KB

        MD5

        dfb5daabb95dcfad1a5faf9ab1437076

        SHA1

        4a199569a9b52911bee7fb19ab80570cc5ff9ed1

        SHA256

        54282ec29d4993ed6e9972122cfbb70bba4898a21d527bd9e72a166d7ec2fdc0

        SHA512

        5d31c34403ab5f8db4a6d84f2b5579d4ea18673914b626d78e458a648ac20ddd8e342818e807331036d7bb064f596a02b9737acac42fbead29260343a30717e8

        Download Submit

      • memory/2700-15-0x0000000000400000-0x000000000045B000-memory.dmp

        Filesize

        364KB

        Download

      • memory/2700-14-0x0000000000400000-0x000000000045B000-memory.dmp

        Filesize

        364KB

        Download

      • memory/2700-13-0x0000000000400000-0x000000000045B000-memory.dmp

        Filesize

        364KB

        Download

      • memory/2700-11-0x0000000000260000-0x0000000000261000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2700-12-0x0000000000270000-0x0000000000271000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2700-10-0x0000000000220000-0x0000000000221000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2700-9-0x0000000000400000-0x000000000045B000-memory.dmp

        Filesize

        364KB

        Download