Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

8c495089f1...8.html

windows7-x64

10

8c495089f1...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 00:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8c495089f14939cfb3bbd6954413800f_JaffaCakes118.html

  • Size

    347KB

  • MD5

    8c495089f14939cfb3bbd6954413800f

  • SHA1

    b7caac28054e7f67f4144faf7864be93f630a359

  • SHA256

    7af3963149bb6ac14e0de320a8f1da5f5a398014e706acf7bab11835fa58f493

  • SHA512

    1a766c26df8477ecd6b1d8033051fee01d1c8da0c4c0e3328c99467bb3ce81bb154610b62628f51d55fa3336ddc0fb0be79c478fb92adf5911e88fec61c7980e

  • SSDEEP

    6144:WsMYod+X3oI+YzOjzLsMYod+X3oI+Y5sMYod+X3oI+YQ:05d+X3B65d+X3f5d+X3+

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 7 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 44 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c495089f14939cfb3bbd6954413800f_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1040
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1040 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2944
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2588
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2644
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2504
        • C:\Users\Admin\AppData\Local\Temp\svchost.exe
          "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
          3⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2532
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            4⤵
              PID:2404
          • C:\Users\Admin\AppData\Local\Temp\svchost.exe
            "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
            3⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:2336
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe"
              4⤵
                PID:1244
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1040 CREDAT:275465 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2372
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1040 CREDAT:209932 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1252
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1040 CREDAT:734213 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1664

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2fa2b09d5bebae3490f97b5a02fdd006

          SHA1

          d365493f8ba817eafc3d0ac19f3ed8a446402085

          SHA256

          573bc361c043abefa864526e7c67bdc9b03369e81c3deae0d586c68fb37da859

          SHA512

          8d1fcd3a7721d7efdf87543d6a9869a1c3b06fc115c0602582736f564a24201bbf0f7b5288de950515ab40f36965963a83799227074ad4b54ef28f4164bbcf2a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9fa8f0f4de87e3a5130e85347bd1b78b

          SHA1

          a6ba4007b2a98b788cc7be3b99e8688a1b55d83d

          SHA256

          b727c9ae67168b2c3fdacef1e4735bd4898ad1a19b613794b2a2aa8ccf4c315c

          SHA512

          978c80ee8581c3c8aa1f0ccfcf08431211ea5d681f9d117bfc572440100d32262a2e22599b2331aac6d0db4e50ee58484b552da40bdbc25150f2b91b8bfc7e6b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5223e2b0c2fd17929e0d4671c5e3b47e

          SHA1

          ec8ce64d6926ba36b636c34398bbd9282e23f1cf

          SHA256

          9d1a3bb2653871ff5b23b88834d019a9a9377d1ef83e7375c679cbf2f6408edb

          SHA512

          c949ad955c9a2a87b8fc6869ab026306e214405437cddbe767f7f319d86e1554bf0e954e6df503703834fc70264c137e8d7f7cb238cf05f21b2f56b31ce7f7fe

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          876faafb3ecb98ab88dcb905334eb19c

          SHA1

          5bf5fbe40b33ba4709bcff80852f92eafb3e715a

          SHA256

          2faa0c07ca3e02454ed1fd111cfa4be2508be9561369ab0c0ea0088b4a3f73e8

          SHA512

          b4e078f9597b7965c5cd420533bb8b8b74775bc27e92a5a967fd0cd765c1a89405360fe809a0df937de719c28f0c7f790f45ee6619f78b78fc50b2735c02be89

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          fe83bb1d66f9caca678344eac77e0f23

          SHA1

          de609c05f7c277471c769b9d963e535eb439ae01

          SHA256

          64b9adaf8ff49683a41ab297e5a059ca10b24df0b840d5aa009bd2bbba2985b6

          SHA512

          2b05350b733549d117062199e28c2f21e29e28f897b9c1857bd838bfe6a248b38badd7e15b53e1451d8f6b1b74098ab199a9c1570958352ac055de1e44c2a367

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1f731d15343b87f30559f82d53664f4b

          SHA1

          6156c603135ac02e48de47d26d3a92052bbc3b69

          SHA256

          15109a1d926dd74cb86651fa2711dfc9dbb51769d59eb2aa78c6965f9f8b3c93

          SHA512

          06a44d33ddb61e38876e08fe4e5765d8a0829eb5135f3976200c6e0e193c277039e92020c68572bb790a68dc57001fdd7c529df90faf50a2d94b01d6afccbe55

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6fdfd2e82605f92933635fb97392bda0

          SHA1

          c9110f161b0a46ec947d10c8c658de984680123f

          SHA256

          019c9ddec8365181204cb10d490e82722b1728a851126dc5a25e36e4bcc1f6ac

          SHA512

          78116ae012d73953de19c76d247b0a5407efcac6eff296588618d0c25f01f21d3402fbf01cd62eb393eda791a0a11d40b3d2ed0559e6cf93c14f59006b3cd209

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          71709c63d6341049e93d75e0605d3657

          SHA1

          325b6a813cc3ad61d95351f515ffcc36bc8710eb

          SHA256

          895cd2dc7dbdcf706d933448351d630d61b40694fceb6366ab1f12fe4a1b09c8

          SHA512

          c1383f00eccc1ac07ca111fc13c033ab6cf3dfe5262b7d3577db7f64547be6b44c2866223214a3b3a6b48b920d0f8d77aebb1a4c63fab8963429e9ae3e383c43

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f9cddadf6b9340e099c159aab89f616c

          SHA1

          eae79c336c3e977c842bed4191c682b2acd5b8d6

          SHA256

          8e6318a3abad3362c900ff2362e14bd19e92d1477becb33738924ced4a1aa674

          SHA512

          91a86182c559a84e097714ef0f3c2d70a5d3864c64aca0943547ca9c11513256adb4862a50c96fa0e69d281166e44f34b19be98e24d12abe1b605698ed2d883a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ad9b665d4e5d42833343e2953b7e8dc8

          SHA1

          853cb71d86463674d1941282449ac1149336b997

          SHA256

          b9f27340c5306d1c0687856877098b94de26fbbdc6e559ae356c4fe0d18de116

          SHA512

          5c89bf03d4f47ec7a3484b08c79555c8cacb77d7abfbe19351d1876293e068748dac5860874028c339ab7e6064748d4580e6ada8e6c654fd61cde87070ed130e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab20D9.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar21CC.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • \Users\Admin\AppData\Local\Temp\svchost.exe
          Filesize

          55KB

          MD5

          42bacbdf56184c2fa5fe6770857e2c2d

          SHA1

          521a63ee9ce2f615eda692c382b16fc1b1d57cac

          SHA256

          d1a57e19ddb9892e423248cc8ff0c4b1211d22e1ccad6111fcac218290f246f0

          SHA512

          0ab916dd15278e51bccfd2ccedd80d942b0bddb9544cec3f73120780d4f7234ff7456530e1465caf3846616821d1b385b6ae58a5dff9ffe4d622902c24fd4b71

          Download Submit

        • memory/2336-29-0x0000000000250000-0x0000000000251000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2336-30-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2336-28-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2532-24-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2532-23-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2532-22-0x00000000001D0000-0x00000000001D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2588-7-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2588-8-0x0000000000230000-0x000000000023F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2644-17-0x00000000002C0000-0x00000000002C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2644-20-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2644-15-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download