Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

658bde2c75...8.html

windows7-x64

10

658bde2c75...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    136s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    22/05/2024, 01:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    658bde2c756fdc072a856734dfe6ea60_JaffaCakes118.html

  • Size

    154KB

  • MD5

    658bde2c756fdc072a856734dfe6ea60

  • SHA1

    609c9739c4b7426d0b3d2a7d1d65c000fc6e0471

  • SHA256

    b6fc52afc653d010fffd7bf02fe0d869cb4fe30eacecb08da8b41865dbac4d73

  • SHA512

    f63f3413495caac12dd0a2c260b50a187e7aea7344ff5bea6bb352e5229989251267ab05182021751bee52e9aa9cc54ffda514abbe2e53e635c1e692d4a396bf

  • SSDEEP

    3072:iVs2gd60TyfkMY+BES09JXAnyrZalI+YQ:i2B32sMYod+X3oI+YQ

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\658bde2c756fdc072a856734dfe6ea60_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2344
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2344 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2320
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2584
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2460
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2388
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2344 CREDAT:406537 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1600

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      252B

      MD5

      0aa3b6987913bc85b34e139dc021f031

      SHA1

      beded73edc69d701c9c553b31e2cd7f35ffa9a4d

      SHA256

      a4b5507bbb4f7f31566c32125cf95f183f6f2f94e094cd8c28005f3d3dd2afe7

      SHA512

      b4b079588c837f6bf91bf5ed350524bbd78eda2bcd8c84b1d3f4aaedbd2ac26e610e7a7b71caec38c49085763cbe4be3b5b38a4033097a787e40df63aa6e5149

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      41da1a376062e8796e6019495f7cf8db

      SHA1

      633e47264f7b59e499c50ee913f7d0013a630029

      SHA256

      71eb62a1a5253b593745d4a174901f146ae30a34a27d346baf7f2aea66fe5bdf

      SHA512

      a696418432b570bc53658b1167dd13ac13cecf08e9a485b071b7eda2f0d17be89ccb1413bf5244bb9db64c7914ff22406b8611496f27ada7c3d641b2376fafd0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1a5c12b6f4f4da8cd542adb5d3ea99f3

      SHA1

      03c5c9b09e4463bc6b6dc83c0a1acb5bae7f0d0c

      SHA256

      8405d50a5bb483d84b70f82a5a221abc51da3faedf38cf9adaaab6cabc1a9c23

      SHA512

      2b1ac86660bbfe8ab9338713cb618c4e676993c579e3c9c27f8ae3a7680a067b5642ff822b6ad0463e299e91f6b19f12c9bb3a985869f3f663631ad5a06569de

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      33accad7c3e5bb47f6aab6c064a876f1

      SHA1

      254fe04d3d00f92bc640e5de78c1c92a3dac8e00

      SHA256

      62bb1d934c1d3a37936aa514b16db3a2fead05d6033e45fbfce840f516c01493

      SHA512

      5b8fe1ed8b4ef234f8ecec6eb079c941494a6beaf8afa745017fbc086a5955b686de0d501f478572fa637d72759b39d810bd01aa5a73c37fd476afab3f72d8f6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      19cae09c8afd40ead9cfff89b5e93be9

      SHA1

      1cf973d06c05da0eeb60617a09d81105317704ce

      SHA256

      1385d08bce2ddf558069b5d96f6af1a34285508ca6635a589873f37fd9f25fe0

      SHA512

      61a63a7b80ae78bb0094a9952abfdb88eab496fabbe878b897257eb57ed7f51acdb04b6e94a782b075b17fb60c69ca4fbbc054e7abd654c5d91f534f9d2295d6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c1c0f96de97287851258dae459c3ccab

      SHA1

      d6d26cbc7ddf391740d282228ceaa505d2f26757

      SHA256

      912fcc928257df7193cfb3b6e46d252bc96b1c8ce33e59aa83829aa02525f4bc

      SHA512

      b25164891181bb7d564319df44aee76ca49022da5186439607b6652512f68878640ee55dbcd7da52718fbab24a002ed89d18970bf36cba8e9f2d03bea1c500f7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      33a33e5991cd0df69b879a0b0b7cf4b0

      SHA1

      1f63b32448460dbb63dcf2b4fc5b2e27e01717e7

      SHA256

      c028b989a1b35d970e047746a9b1c2fb9579783d1b214e6566496ae71ce98ff1

      SHA512

      4606df52c09966c1f9f2fd992821aa26f7148d6a43eccbd4f79e10f8ba2fd801ae286c4ad7869b954e30da3f8e287c2bfd77c7fe9c27635283556ed606c2adf8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6b08e89b4ee5281ad24063456cd0bfa7

      SHA1

      b80166837571e13617dc505aff577092643074b6

      SHA256

      90d6361e415185d2c806a02d26c38e22393df98b82b284035dd25c7e860ffea5

      SHA512

      f5b0a6e93bb8720bd400f8f05d2891f89651c71e24b99805d941b58dea74b79b51e8e4da696d23f3dba361f950ad940a4d8a3f7e2cdaa19cc0e9cd873ab3b36e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      567a9f8972c7be429d1e042b56029d9d

      SHA1

      503f192554b268ae7f6d27556cf80665e2083f5f

      SHA256

      3b5d245b989c968ad821a5a1c684afb5f2d433b4e1f254a8bf75f5ef044093f8

      SHA512

      e56a86adce126d60915c72e2ce525b68bd92e9895f362a37edc60e688781de5457a92d51add5d97ec9f93b6087a5e37bc49a47b2546688af05b3bd85b1763236

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e017b106894c455f9db866f1105e3d86

      SHA1

      49d9ca5865bd0bcff6efcc02b3f47a7e7fb4c37d

      SHA256

      5a4caed70f73a9f7361e5dab0c52ef1b1be9ef16491b2ea5c560dc3ca34f8b70

      SHA512

      da438abe0a584c22dba0268919594cb78332111de9c6db0d4b46852f19f40a38593e8e2ef032f10f22a7e08066db904d70b9ae4692d5b24027436066d4fce647

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      74f51db7281a06a70a3059fc6579343d

      SHA1

      d426ecbff2057938b9d95ab150da7345fad1504b

      SHA256

      a783c2d4956eb985889b5a6c7488f1766f57b366bf5f52dd9e6aa2dc30e77ea3

      SHA512

      3d0a28d0fa516e7ca1229b8d64937c093e93da98db7482a432644e0286bee37c4cfb90cc237995840113da8655cbf2e6037829b6049f0003b41cd2fdbe0893c5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      82bc8ed1d518326c990ea969527a9c49

      SHA1

      49ef9d04341587e425819602be7274cc26887e19

      SHA256

      1a93d646b28edd3f833a752fe6745cacc01638bc1b337c6f333350ca55adab62

      SHA512

      bde9be08a1df0d0397ce942269e2245b962846e55323abdb5ee2d924bc5b27bd2cddee150628ee377e4d987f02483fe13237509fa4cf1d0609c41eef3c7d6ffa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
      Filesize

      4KB

      MD5

      da597791be3b6e732f0bc8b20e38ee62

      SHA1

      1125c45d285c360542027d7554a5c442288974de

      SHA256

      5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

      SHA512

      d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar7A4.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2460-583-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2460-587-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2460-585-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2584-576-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2584-577-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download