Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

d6747ef280...8.html

windows7-x64

10

d6747ef280...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    70s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/09/2024, 13:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d6747ef2806d3c0a17f91fb48c8133b8_JaffaCakes118.html

  • Size

    122KB

  • MD5

    d6747ef2806d3c0a17f91fb48c8133b8

  • SHA1

    4e4163ce543e1f70cae447b23499da5a79988fa8

  • SHA256

    e0d7fd6ff09cb0c1ab015f83a3106a506a282e84810b7ef7b8c186f3b0cbcff8

  • SHA512

    c3553791807019830fe58a0f9282c4347f772a28a3598d46c074ea162f8aa641b6455bfeca3af43e5c8c926cc27ed42b78035b56205e7eec1bcfa6064f0687b1

  • SSDEEP

    1536:S0aeTyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGL:S0HTyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d6747ef2806d3c0a17f91fb48c8133b8_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2768
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2740
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2864
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2640
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:209930 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2712

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6e94976fdc5d34e27f6a6f725e17d4ea

      SHA1

      e60490925d905499b3fbdfc9faf0a98c15aacae1

      SHA256

      eaa72bf693d965c7f6880ada9b642b75ad7360615058f13aae2acbf1dd2e9415

      SHA512

      ae68d3a993b4afe1854d38ded77f90b4db21a5041bf94632a680b3a10eca4d6d55506f55873b039f8d54f7cf8c80a63e14cc98b9d788cf03c607e5c2179afecb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1be38b3a805ada15512a9677debfd670

      SHA1

      dae13c35b51fba5a43e13ff5581d9e5ffe6963d5

      SHA256

      280c648d4029ae2c7085961fff8d48a08f3ba024ff2d80b7c5ee96d14419767d

      SHA512

      ccf4601ea82295dd66e75e24edf4dd916760459a12f98cd77179c7829e8eab80bf494138ed7a0935da2f9a9cf3250d2019bcf195cc7534b2a442eb443f9aee1e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1b9d3a43be8ef6e8d0c3de32e5388222

      SHA1

      02ccd17b056099cce02de811b1f83168a29b1f71

      SHA256

      e822aa456580df0179433b1ad2b68d21d72d1672ba953d0799601aa0ff957c11

      SHA512

      10c75ab8019a1ca55d86a5b15be51e16f106da395e75953611dc1994d184d724a334534e262691c5361b349424c3d9c619e35a49cb5b112cfa5b663d99187a14

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2ede59b6e048df78d5cebf434ea016f8

      SHA1

      99a6eb1fe3a93fea5615ffda429c4dd0db28d8f1

      SHA256

      fc877a7bfccee1ff1f958609afa54772cd778f113aab000cc903ce77017428d1

      SHA512

      8db27561d3c550a3a1da4fd0c1624745050f4b53eee1935030a3f19ec6fe19edf80609645953764a473c0d4bdd9f53c9aeda84a3ce36d0485f7216a71f2871ca

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c482a4430fe7185ffc07e2483b87d906

      SHA1

      cdefb639570eb1dfd20555d2178cea10b7055d55

      SHA256

      7506e6da2b1e2bd475cc3877fa15fe091dac917ab39c32661839b717f0583fda

      SHA512

      8a2fa0ec2c7f85452c11dd6a07b6a23874c1e89287f2e93230d5c398895840f7fbf642458115fe09eb4d80b7ba6cb70d54e2c57ddce472af39e4ccfa78a8d917

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fc5f6e2c31c3964804301c60e72871e6

      SHA1

      4186a637581d441d207fc0eaca381cd7aee5c903

      SHA256

      636507020d17abe1cf81fc46a839191c44c3ad34e66fbc27c7a8d4ab1a7d8e3a

      SHA512

      2dd445804c8fb89613ad5372c1cf2bd17c5f6d87de39291654c402ed0fb8c266b1638013f1b1759cde4cef4f4b28a4d4f0c42b04eb5793828fcd3558eec53f92

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      79d362ca0e4988c0f86c2086a5a5500e

      SHA1

      592b3ce39072323c4d30f299279f252514195d90

      SHA256

      8e25cda5dfce205fa7e1c22a92e27c3464df84aabc695feb21725aff1912e71b

      SHA512

      03f4365d1dad245b1f38e3efbf2b37a1fce835a4e434d1ea9c91865664d2e31f5c89c28535c4645da406e7d2e8441d95ebe806839538dd6025e17a4cbafabde1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2fdde795ce7e8a013a8cb23969e65b7b

      SHA1

      2933c5f90241194217a6f251a53dbed9963e73ab

      SHA256

      780808a4a74c3344ffaeed179d89a498a79c000654801d8b8af7cd599702135f

      SHA512

      02c016c4ddb8091cbf1e5830002ae8f2e313aae91074919b688e4006888763fdef3a1cc1b16c4480bfc9bdc0c68df8de0dc01bc5a7c4dd324dbeef80ca943881

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6049dcf825b7af488139dd24057d2214

      SHA1

      0d09a3d0d81475f17b25dedd4b0421d80caa5737

      SHA256

      2d3af326f46a579cef29689124251300119650343d988b902bf9026141f34ee6

      SHA512

      f67056fd06acbc607d822b17ec4d6fd588f994cba6f07dfb366f742632f0f8140c1f033d196f2f435dbcdfb96f7dc0c03f68f3bc0e368a52d371c172e000a44e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab6F95.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar7055.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2740-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2740-9-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2740-7-0x00000000003B0000-0x00000000003BF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2864-20-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2864-18-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2864-17-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download