Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

86cf61ee08...8.html

windows7-x64

10

86cf61ee08...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    31/05/2024, 11:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    86cf61ee080a5403b6fe24d46c29d5f0_JaffaCakes118.html

  • Size

    158KB

  • MD5

    86cf61ee080a5403b6fe24d46c29d5f0

  • SHA1

    cbef4a07b3dac753a6e7dca1c389a13f082cfed8

  • SHA256

    e5f0c9bb565ddad9029ae326e1f2e3c6fb21646f5ada0fa658d70bffb49f5aaa

  • SHA512

    8fc89701c59d671e82c2dadafe6f218f1f52223798b17a49c5b4b07aede934855828ffd7893658ad6d078dc3a333312e90d5bc4779d6f229c027789f3e0f9a55

  • SSDEEP

    1536:ivRTY8ZsdktGWyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:iBOxWyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\86cf61ee080a5403b6fe24d46c29d5f0_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2072
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1180
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1612
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1424
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275469 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1644

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ce03120efb2ace54bf6f1c4a270d342c

      SHA1

      600af1cb5a1dd941e2c32606326184dd4f4fb29f

      SHA256

      66c914ed15b19d09d081eabf492128fe1385a9ff6e0724664f815dfd87a94534

      SHA512

      08b2141433f9ff2435c797f882deed14e977eb6fe9e6eadba5d0f8994dc206dc5dcf6c732a63c90c686e903f3191f9dedf27a1425044ce8455df9b6c625dcea3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      02e0a66d818bcbd0f6fb220bcd5acd65

      SHA1

      892daf190a9950571aec6959da6c8a336b8ebb9d

      SHA256

      7446dc498cc71d0f53e05bbded96a9567aafc2117c66d3718463de2667347af5

      SHA512

      a25e838cb94b31001e2923bba1b466165aef6ec33da880bc86010b7a5b5aa91863a0f1cd9dead937e09dcb22c279ccb289371aae907e088741dceaa346bceec2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bda19b065a836b0d2d1283092532c980

      SHA1

      c9f275dc779bef83c156515def0f1315be25d043

      SHA256

      32daa8be92797472876dec43fad19f03354f3ee6d783a1fe12ee759ac5a0fd2e

      SHA512

      1400ad3a3601b957d9d8f59d5eddaeeeeafbff913f71bd935d860acb06729b4f046ec5771237c133a9ee5986487d46885a28bef537a2d193f8753836a54e3cf4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      abbf668bb8277ea0a2f31e58907c38f2

      SHA1

      4537f783700aa29ec8a03c6904287d37e5d515b1

      SHA256

      8e7a7d80946833f3a4b5998d39902f61f443558bd34746d2d3817848e59418a7

      SHA512

      8b0d469e823bc2728ed956533e531ced3884550e0ff42cd868bce47ea1612c3a41d9030c1994b7a11618206ef41fd66fd138f425c3dcc9c1ad02f9bce58521f6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f1bb8c0592bb8ddc8bc6af4f1207002b

      SHA1

      d5efa77b568736d0c487e7ab755044f2e5c7eccc

      SHA256

      5fb25463c3199418c0c5de662be20e812a9d97e26b034d38f103247a4eec1cac

      SHA512

      c699c10fbd09dab6b8f6881aa950a1afaffb62d2b1a26c996c0a242a5c7bd260e6dc5ba058e91798aa52e5ca950f57b8b1c32456c1702464992c83137b81a36c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      16982b206fba963c87b82457d03bea0b

      SHA1

      199d04cc9353511462a0de622efc36a73698d94d

      SHA256

      8ce6ee93e7e974425e2e660e0a824559c11721c3c8dbacc7e88f928c0b745dde

      SHA512

      ed24c0336a3254e5cb54668be6ec511b75c9745afb5bd4cb5394c22c3c0b3248f71bda0691507594b342d7ffcade38c0a2bde2600793f49ee51cb1699f0bef9a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      441851631bf75a501f670088ca9364c9

      SHA1

      fc90612c03583a7b5523672c9c6b2727a548e2ec

      SHA256

      1cb953b3f814cb9d694220e62bd667cece9e6d86373edb79439600460d1f759a

      SHA512

      364258de9654d3fd7c86e73635fc6508f99d4df863ac59ed4e4d983a6c1b3f35b269c4ea57d8c3918afa4bf0ba5a3f601b107e8bd603e77540ad20aa684a5352

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a134afb36a5e8f7f7f38e327e27ed5f7

      SHA1

      90971123699ef2f393f6225f32f9d180ff8da000

      SHA256

      8b3ea77b8875ffb744a47049a2f240f7ed9d3d6929db9f754b129895165942f2

      SHA512

      8d437e5d7a08dfdea5e9b8e98d7eefe677523a40eed6b80516a87bc7b9ed6a1e866edfa6570b2a2dd664cc84c4733be361160d1bdf4589c94c573803392ad759

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      60d7bb4fcf2f96cba1bd8ce3cf5ce76f

      SHA1

      647867cddfca9b11b1f69374c94d6c887cbec187

      SHA256

      d81b40e828c46893f5d6521930a6a40331a86bb68a49e561d5c91dc0549c1794

      SHA512

      b338709f9987c23cd425d2e88ed99feafb7022524924fff8f2215875ebafb86db7e36b951b03ea8944b572424ba4a4f4b192ee661209e5e8e14b99612c962a50

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1b082e67009293589108f57e154e4847

      SHA1

      0f8b797979d155db844408bf7d0d1a6bccb78960

      SHA256

      213d378e2562b39d35f7704cb9b97b7eb091b70d5983571ddb80cadab8d6385d

      SHA512

      ef005ca94f4ede4a93fe11df391a99a3c9a2ff8bdbdbb7221db26d0826731331f86861241d542002614887a8adb62cd52404ff85839999e7b446077beed876b6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab1383.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar14A3.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/1180-482-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1612-490-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1612-492-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1612-488-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download