Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

815fc35328...8.html

windows7-x64

10

815fc35328...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29/05/2024, 17:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    815fc353286c3f59afdc4eec2f183b97_JaffaCakes118.html

  • Size

    347KB

  • MD5

    815fc353286c3f59afdc4eec2f183b97

  • SHA1

    14e82662dfb1eaefacacd118f4ef8963c130146d

  • SHA256

    0a554affe7ee37b12d63050f264b694f5fd3f69cce8757008a4dbcc1c1e6181e

  • SHA512

    5cb7bfea0cc95edc30d6123326bd88b233fbc2254ae3d42905210c216cf66b071cc1045751aac6bc01de08cb019319476945a10925b571ee909113372e2fe290

  • SSDEEP

    6144:tsMYod+X3oI+YCRsMYod+X3oI+Y5sMYod+X3oI+YQ:55d+X3w5d+X3f5d+X3+

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 7 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 44 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\815fc353286c3f59afdc4eec2f183b97_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2264
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2264 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2196
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2712
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2784
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2776
        • C:\Users\Admin\AppData\Local\Temp\svchost.exe
          "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
          3⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2752
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            4⤵
              PID:2536
          • C:\Users\Admin\AppData\Local\Temp\svchost.exe
            "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
            3⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:1660
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe"
              4⤵
                PID:2448
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2264 CREDAT:275464 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2080
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2264 CREDAT:5846018 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2160
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2264 CREDAT:5387267 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1636

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          252B

          MD5

          b5942ca633eab1dd1ec31471de619810

          SHA1

          9c61d61b425dc139be01a2df73bb2a7d6280cec8

          SHA256

          eb133c33be5216a063445fdb0795f8020386116f3eec539c19d6ef3ffe1610f1

          SHA512

          edd3564bf09f41cb09c19ff23e49304a62f8ec26027942f5e953078ff30258b58923c093f269750c6609988c056ed3a07554b0825dab43f0794172f15e8978f3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d3c870755d5a314bb94478a82549cf1f

          SHA1

          a62d7cd31f8e0887e6cf7b8b98bc72ab9b3b40bf

          SHA256

          67c020d65011f450998c0022fea52355c8428deb31251b6d3a136626ba1e835d

          SHA512

          f9a270fa1e2c5dd586245247ebb95f8caf57587cf6879c25b38e698d4475edcba56c891b281bf7023f710934b9108a469ff51ded7bf4dde8dffbd0ff8f68f6b3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b5f15974befdf804c6a02db187271fb0

          SHA1

          c5f1044333bc7c4dd3e590f11383ab80cdd190ea

          SHA256

          125361a30c19e4cfda0367a95c67d891ede20bda9282f285388159034264a13c

          SHA512

          cc17627f6e642af476ebd53227bb3c18676f0561c0aa278f0fdd82581a232ff839030059b4db23efcf27d5f10747c54e2ebf3c5174894abf7805a98b5ec17ca5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a66bd8eb737c8aa223d4869c5334e5b9

          SHA1

          7c819baf53e957c7db999d1c001c7e32c3860d02

          SHA256

          7fb1a02de58bde049f5113b4b153411390618e5ca9dedeaaad42a3fc86e8869a

          SHA512

          0c071a99381eee5de5a7df276843a81efa781db6349b0bb2052d17b33abc489d1da36fa4241e21710470008bd317a0aad913e07e0f1b722f04f06b1a9aa9142e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          91ca8bd58e31043408dfacb6d5f683e1

          SHA1

          25f61e6d73f96ce9c51fd4e4d99089e75c9fc972

          SHA256

          4a1f0e84749cfd5efca52687eb04835a237651e2be5e90abab56006e76ac8a63

          SHA512

          48a0b5d330a916cefa1541c01ddad61cff729205f5a3ab77a4c6530d7330160f501d95ef5b920946190c9d3599fb811b59a778436de3bf72b8cb6f0dee08ef44

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4a93097d91fb104b90290d1a59b33da6

          SHA1

          676cefee81138141bd50a9639a2522091768181a

          SHA256

          62bacc03d72baadbd5bae8be941203b45266deaf130532b3ef696639b7d15bd4

          SHA512

          375fa2a181326df2ab9ccb55033a7780d765eb57c306b9283b4558183c5bfc97a27ddf564370fe2656ae32be475389c5b102f6cda0e571f3a9d2a178322c5f48

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          0a1f453ae3937682267e13baa69eee4f

          SHA1

          848a431f9fb1b9523ab4d30b44636741ff9ba389

          SHA256

          509a65d26a7c6ce37a8191bc2b4ee1b65fd7f0f8daaddab4717385e4b436470f

          SHA512

          e81726f4baf33f2b178bfbeccf654611a9042ebaf1119ef9a9d7c768c2f0c41fee436d480170613f1b914cc5530de2868decc6eb55ea6deb29bfd7d3b8e92a13

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ebe42802953d62618fc866bf29e3ce81

          SHA1

          267c4bb7eb1e670b9f200ab989c13802f7324332

          SHA256

          da1c8add8a20b636a2e13642265e1b0d052154b5acd337d1098872911aef8f14

          SHA512

          6428f3081bb46061f7c297fc5f8f8d0253f482056369b564c6fa2681ba30eb64248f62de3cdc90bdb3c78bfd34b665276392ed2b9a30db7b114ee95b3d2a66fc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9f14013f317c9fb3c1c92c492911dc9a

          SHA1

          76a6f7a15057699be6f879d4446e8ae6fdf2747c

          SHA256

          57f1e3a31e536e4f9e0c3aeb19989d38186876e3692d7d505a47404a0b4aa871

          SHA512

          c4bdc8b1dffd610a3f2d896946fa24e0888007d85e477652c679269d95e97e300434850f76b923c5b23681da8998ae9f0d50c0b81a2ae1ef5ce83f2b5c145ec6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e6046e3b59e9e5643938c2702c50c531

          SHA1

          e841167d43fb6d341a0c07fbff431e1379ef4e9c

          SHA256

          e4ce5dadea092b3178fad8c3b31b0e6fcb1ec05ad97bc184553d43161cff936f

          SHA512

          00607468f28d3df100504f89ec9374da5059fc494961b4be9952629f73f917e5b3dcfd5079a91ef347fd0851501a258991bb444aefcbef7e5a63aea7591381ad

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          242B

          MD5

          c6843c415bbb2e52c80118d008f70166

          SHA1

          46858c5393a6838c465eaf5da06ce7818ae18ede

          SHA256

          b10823c7259a8ee60b45f4beff11a9b56583265322b972f2de8b5986c2d6d3c3

          SHA512

          95d334d85662281d4fd1af67ed85dc41a755882c6703b493f8582f079f167f485e983b266ec9ca90194282130c4d30f588b9a146d9706581d332fbf26b982bb1

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabFC88.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarFDE4.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\svchost.exe
          Filesize

          55KB

          MD5

          42bacbdf56184c2fa5fe6770857e2c2d

          SHA1

          521a63ee9ce2f615eda692c382b16fc1b1d57cac

          SHA256

          d1a57e19ddb9892e423248cc8ff0c4b1211d22e1ccad6111fcac218290f246f0

          SHA512

          0ab916dd15278e51bccfd2ccedd80d942b0bddb9544cec3f73120780d4f7234ff7456530e1465caf3846616821d1b385b6ae58a5dff9ffe4d622902c24fd4b71

          Download Submit

        • memory/1660-30-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2712-15-0x0000000000260000-0x000000000028E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2712-6-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2712-9-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2712-8-0x0000000000230000-0x000000000023F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2752-23-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2752-27-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2752-25-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2752-24-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2784-20-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2784-18-0x00000000001D0000-0x00000000001D1000-memory.dmp

          Filesize

          4KB

          Download