Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

b446e37b52...0e.exe

windows7-x64

10

b446e37b52...0e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 02:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b446e37b527a4fffd8d9eec94a221f0e.exe

  • Size

    2.5MB

  • MD5

    b446e37b527a4fffd8d9eec94a221f0e

  • SHA1

    e82ba07d879af9072eb034cfe204b12d4f6e5de6

  • SHA256

    971b7d00e89d22171896189f44d898401620ebf46e343c2102b306a5e3cd4d85

  • SHA512

    8e35e5bd80a68f27f3b527083de6342f8abf6fc608e0bb7ffedca8400c5f7306bce5e3457053f9918f4ef87984586725f75386f99ed09662a02e99496f1707fe

  • SSDEEP

    49152:0r52aGByXObdJaHN67eZOWnsUC5MKsz9/MQ+3I3QwK:e5x+bdJaHxZOWnsE9/oz

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b446e37b527a4fffd8d9eec94a221f0e.exe
    "C:\Users\Admin\AppData\Local\Temp\b446e37b527a4fffd8d9eec94a221f0e.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4124
    • C:\Users\Admin\AppData\Local\Temp\b446e37b527a4fffd8d9eec94a221f0emgr.exe
      C:\Users\Admin\AppData\Local\Temp\b446e37b527a4fffd8d9eec94a221f0emgr.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3468
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 484
        3⤵
        • Program crash
        PID:1440
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3468 -ip 3468
    1⤵
      PID:4820

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\b446e37b527a4fffd8d9eec94a221f0emgr.exe
      Filesize

      157KB

      MD5

      2ad7467eeceedd64b8bd4f6e04c3cd49

      SHA1

      d6c5d9878dc49ae9b531d61283609e207154a921

      SHA256

      2aab17b2f18dfb70cd737b27b1a438ad8878889070a6e025b3684483054f60c9

      SHA512

      7a647d4a8de90d11cd5afb82ace8354869af0893f28afcf9491d1d4de421315d9a394a5d3462d88c0eff6c5a7a4ed41897d8d0498b59b4b7428ddbb61786be2a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~TM3364.tmp
      Filesize

      1.6MB

      MD5

      4f3387277ccbd6d1f21ac5c07fe4ca68

      SHA1

      e16506f662dc92023bf82def1d621497c8ab5890

      SHA256

      767a3fc4a7a6818cdc3f0b99aaa95db694f6bcde719d2057a88b3d4df3d74fac

      SHA512

      9da199ac69e3c0d4e0c6307e0ab8178f12cc25cb2f14c3511f6b64e6e60a925c860f3263cb38353a97b55a71ef4d27f8cb7fa3cfc08e7c1a349fd8d209dfa219

      Download Submit

    • memory/3468-6-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

      Download

    • memory/3468-7-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

      Download

    • memory/3468-5-0x0000000000400000-0x0000000000432000-memory.dmp

      Filesize

      200KB

      Download

    • memory/4124-2-0x0000000000400000-0x0000000000683000-memory.dmp

      Filesize

      2.5MB

      Download