Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

d1849fb56b...18.exe

windows7-x64

10

d1849fb56b...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    67s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    07/09/2024, 08:36 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d1849fb56b04d9bbe0a2687bc28ed600_JaffaCakes118.exe

  • Size

    329KB

  • MD5

    d1849fb56b04d9bbe0a2687bc28ed600

  • SHA1

    76369f630d43e50c05a1871aadcdf8664af3643e

  • SHA256

    a19bbdb3d112b3fc94dcb3d21009bb0459fe9e61498ef07c2aee7cc7afaa7bb8

  • SHA512

    6531a8c53047439b79af3f9f53bca8b2dd1be6e50f25325fe921f4faa97bfeae61feb91ab2dc1f4584d3865c6f6f51a76c3bf4216b39747a503d28e06e59f3d8

  • SSDEEP

    3072:PrSFhxp7xHSc7qzPKb/0at9ayXAVJlz0rpl:ghxFxy8qeb/9zaw+zyp

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d1849fb56b04d9bbe0a2687bc28ed600_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d1849fb56b04d9bbe0a2687bc28ed600_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:964
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1996
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1996 CREDAT:340993 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2804
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:688
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:688 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2684

Network

  • flag-us
    DNS
    api.bing.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    api.bing.com
    IN A
    Response
    api.bing.com
    IN CNAME
    api-bing-com.e-0001.e-msedge.net
    api-bing-com.e-0001.e-msedge.net
    IN CNAME
    e-0001.e-msedge.net
    e-0001.e-msedge.net
    IN A
    13.107.5.80
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
     7.9kB
     10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
     7.9kB
     10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    779 B
     7.8kB
     9
    12
  • 8.8.8.8:53
    api.bing.com
    dns
    iexplore.exe
    58 B
     134 B
     1
    1

    DNS Request

    api.bing.com

    DNS Response

    13.107.5.80

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7bedf9c160b0b919aa9ab1601a42a96e

    SHA1

    02b19f75ad3b3034925507e67f44402d6f83de3d

    SHA256

    82a8fd222405a8ffb07abe8bdc714564d86da16aea34a49864bb3d32f6296b4d

    SHA512

    a6c36734df6d5f079f6de1fa99ac22c7b1f2555bd161bf0304651f44855f1f210a288a1df723488be23381226f9de7919fc4ab4188bfa4c55a000a43c86dca9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d7b05d5f844b518a0cf09c971f434818

    SHA1

    ee778c3b2d62d0173b9e01e01495af2100941fba

    SHA256

    a9c385e8ff205da84b8716c526eeabd46400c44166df185a3f1d27048a68b3d3

    SHA512

    70c71e866592e403ed84ef42342442e4c9a33ae5833f30f9200213cbb75a5cb35768eef9b9dc0dff89845dfb639cc175e4ea1b2ed577911b514dcd84fa1638e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    318bf166ab68b1e612b036aadb4d9b52

    SHA1

    88e46b0729603a0f705abdd4d87211b8104b7279

    SHA256

    1ce7dd0912edf6bff474ddb319804e772d443695f6e15bc59664358e662d6b40

    SHA512

    a57a39724d6825397848732ca1c98fd2dcc869f7b0e4552590778cf86388539e2aa7ecc6f65b35aa723441b2a9613330910ca74897e6c6be5436c56f15fa83ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    101871f86649651cbf5b9ba0f2e2c7af

    SHA1

    eb884b4d1eb56e86d5fd529e981a021914ec7da9

    SHA256

    3964cdc133766110af455d1141e621b2d4e3390588c80e58c7f763e4b1cb594c

    SHA512

    c9424d14ee34b4ec4018cf68e8698824172910a720971165744c5edded6c0328e21691807af9b69037a9c76041ab112f448e307ec1b634dd74f92d93dad33372

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5399c02e27550a4d564b68c7c8f45a3

    SHA1

    bc68530deb69e6e7bfbbe90563999250b9d881f0

    SHA256

    23bb76dd55ff3370b6804bad65d151957e9bf081ac560023a9c5d2372763a378

    SHA512

    1c863382562c01b042677810aac6dd15d346c55c349a17b9044e0482c9bca992d3f17aaabca597ec03d04cf05ee591e6c110d4bb489b71eb1919448a0da6bc47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc045a746364ae7ba55b18a67a08e129

    SHA1

    54ff0ac89cb882a02cbbe36f157e8957e1dc86d4

    SHA256

    93ec1e5d92a7929ca611f4541407924dc11aa82be7689dbf208f12ff7252cd7c

    SHA512

    67caa71b3cb79fd6b2e52374b11e30945b8503ac4ca9765c01bfb50a1ab61f41bd2dadc0b4a8f3581406678896b76385026537eeb28d96f0389cb6095d8c9219

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a15654c0a45a1b74f9adc6ab46263c4c

    SHA1

    34f6349a5aba8718f474281694e0fb43a5ffc5ca

    SHA256

    da2b85adc57bbb5e93e1a6a5cb68aadd48d7d5c8476c4b5ddba4ca22fb89dc70

    SHA512

    4d9f79c3f6c2e330fbf3378ffca35532bbbb0332369de82f4b5f4b38c424aa16490700afbe6d3a929cdeece6701c2424dbdf17db1618ceb97563cce1ea65b93a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72081a38849f5eee7f862096bb755d77

    SHA1

    cc087cf210455123edcaf73a78d8262c3fdfb214

    SHA256

    67403840dbde33021d71880ba54025d5a51581ef67e746ef4d132368f28393af

    SHA512

    1519c62f7231044282b0d17aa41abaee634cd4a73380715ffa01b6f28d5e870df26693631b0931258b350589960ddf244fcac9941b26f8cd49df1c204f3b4ca2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a24e16b35a29aabe4985bca5e85634b

    SHA1

    2dcf1b4aa3ae9d23812a2b255164dc7547dd28c8

    SHA256

    5052fdee3ef1209a65ecd1d408dad85fde5f649ad9ebe3bdccaf09f13868fe66

    SHA512

    d8cdd265d622c29f55cc03af4641e557d52a3eef92e0d738553e2a3944933bacef6042034511a1b3bbf048f598dce0f3a54e947df602ca36e333e5b95337c65c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9c3c83492454416da79597ebebd1cf9

    SHA1

    dbf08695b228ebea322f2c5e9dcd0271937dabfa

    SHA256

    bf19a462cb84fda18d632b028aaf100b980ad2dbbd5151846ffbb078994a1429

    SHA512

    7d21a8847b2169d35db91b68e5dc3e1295c713a401a7d74d8de3a64abdb2f031e312e986e2995d7c344032029b7cd5915198cc070c1b918fd6e0735c0aa63db2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    628a2308d5a3d87bed3c2121bb947252

    SHA1

    332440055062426fd2dce7198dd500748d7e91de

    SHA256

    c93478eb204c1b0b9d3ff19845ff212042ad1497adcc25b6305af131acb7c4cf

    SHA512

    3f4603277e897b165b8e257d917c676c36d0c7ac660f91ad4cdab01a92c0aa89181673bc00a78dc26ec6007e8cbcdc9dc4fff623f13c357b4f0faa59947d0276

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1ec3b5b7eb2aa11217e850147ac8c4be

    SHA1

    5152e14358a8e270845b50fc065347f97d1486e2

    SHA256

    3398bce28384875b5be5824e848df1d80237dcea05203cad8ce3aa1c469e86b7

    SHA512

    9dd9b2fc7448d4cb99bcdae760c534a19a10cfcde0cf70bfabf613996e5943c2140cb1dce26ada24c1a1556b6ca8b0658e6923b953b4e721bddd01c75ffdcb31

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6dc233f238933071d3eb2d976666aa00

    SHA1

    91cde9d15e001e634ca69a58b72a906715e9b8db

    SHA256

    7f827a8030a4a7d141e869cdb5f2798105819f1b1a2ff9c0a38b50ceedc4fa8f

    SHA512

    2e85b0ba773cfd8dbf19d5b91ba9c96ffa2747062f5109e20082840dea4737a9ee527af200e61cfae442aea27f0cdb9fa47672da4a60deb79ef8ada7b77369ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    55b4052bdb311dc323cf39539560292a

    SHA1

    a520d425016442bf9b057c4a116af01912e0ff68

    SHA256

    3c90fc0be13b2f6e4670500a555fca7ec39beea1b6d1d22c0d710724455aebd7

    SHA512

    47b9fb2f9cd59d5efde6a2d458207567022d96f9c585c3ce674e0b2d259fb4d4546e02191602c2fd5b1fa69737d9f4294ff7c2fa2432715c88eaadff3cf1bf47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d350f97f1c0dca01b2bbae743832ad17

    SHA1

    6076ac4b714aad998b4a4d2c967110fa2d04b551

    SHA256

    3d395cd9650da733ba46a9e6a25342c279adaf4092a6f7c0876b31ff3f991e37

    SHA512

    ad216cdacf76b2feeb956f53de991b7e37e967f366d59b6a965ebab56314967b85340d52ae70451a939fbfec94101a80877ab72a2abb1198ce937e4ea5c545ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bb938ce9354b6aa3b64633e5079a00bd

    SHA1

    ea2c6496a8afb8d2e2ac6a27fde47821dfeb0bb9

    SHA256

    93349dff3aa73374f66c1a3d2e663bd62589d8be23346b3dc503b240b2e1b615

    SHA512

    c5f9d1ed7e7eca482330b0f092de581998b4f1e50c3c51c00c9553bc5a007c6885c9add05595d858e8dede2ad0fb4433dd50aba8144031d959035eef33733a69

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9645ca8383679e47702bfda7b08401b1

    SHA1

    0e039b5dfdc32695f59e6829fc498d4d8e54355b

    SHA256

    4e4793f62c475265aa6148a8c438ac04873c87387f03896521a2f9891dcc897b

    SHA512

    88b08239d3b002df43ed474a304800d57706f37f19916fbfbed9899dc8ad71fb5ea9de3fbfebb787b2620e99c1b8b5c6699d08191a5aa27989689c91e3ab3897

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    352a4367ad40040a9f666343c850def2

    SHA1

    8a8ede954c5ed736fb7d7cad1e13c1a71b77d328

    SHA256

    3c50f60b4e164ca5ef18a4c03621e750843524a5cc894152bc1496c9d3c22092

    SHA512

    d799b1428ed6f19d881d2e689764d8cb294d0ca1be900d492e7696b35e98bf6a62419538ab8bcc4dc1eccb4074bf55efed72fb50d5d0a4d349ab7f90a2b09d97

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a0a8d926cbb3d7bbf219dede9972750c

    SHA1

    018d91c31c160e0fe83c8f4dffe54781c365d383

    SHA256

    22e3a0fbb74f54ad5d11c434b6dd16da4d2c4b154a4bc86b3f9436d086d5b0b6

    SHA512

    ca7ec76c6d7fe3855d1da6a999f7e2eb186eb5c1fbe8caf5d3e08f6257983fd9d6eb6350f40be7e86c36b79ed3ed683ce5b9f6e8c09c185ab8b0d970906ba7fa

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{59A44AB1-6CF4-11EF-946E-F64010A3169C}.dat
    Filesize

    5KB

    MD5

    01079f42b24a77a3b37ea974b77ffeaa

    SHA1

    27d5a596af65d67afdaa37bc8ba7eb65ce88b67b

    SHA256

    e933328c81b58e1a94b66a930d757dcd5dbd222ae4a8e0d56a84461fa1a136ae

    SHA512

    b6892ab49af41221376ef37c2de42373bd0822b338c96095e05e637800b55353f6adc2099dfbbac128dfe4594200f5f69e468ea2aa2184c3d670ab2fdcee619b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE2F3.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE392.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/964-2-0x0000000000400000-0x000000000046D000-memory.dmp

    Filesize

    436KB

    Download

  • memory/964-0-0x0000000000400000-0x000000000046D000-memory.dmp

    Filesize

    436KB

    Download

  • memory/964-4-0x0000000000400000-0x000000000046D000-memory.dmp

    Filesize

    436KB

    Download

  • memory/964-5-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/964-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/964-3-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/964-6-0x0000000000400000-0x000000000046D000-memory.dmp

    Filesize

    436KB

    Download

  • memory/964-8-0x0000000000400000-0x000000000046D000-memory.dmp

    Filesize

    436KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.