Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

dd4bc83f67...18.exe

windows7-x64

10

dd4bc83f67...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dd4bc83f67df469c0360a156e35e3575_JaffaCakes118

  • Size

    120KB

  • Sample

    240913-agfewatamp

  • MD5

    dd4bc83f67df469c0360a156e35e3575

  • SHA1

    46bb84f8e7868760bf9b1326e37560d5995a4a5e

  • SHA256

    19a4800588b1bb48a84982b7688903a299891556a412c780ae5de2a0eba29645

  • SHA512

    6b587dfe534f6e66e3d54b2edbf0481007ca91612dc2ea65c2a4ff21f5b0a90a47954b24e93a2a98636e056d6f4da91c136cabb8c4f9e0df5c51615728b46811

  • SSDEEP

    768:/QxkwifBsIqHpcrkMEYEhA7P4RhAtmaZFb79U9MKAjBEig6/1k21m3uHRdMNDj2Y:/8kwilTEhU4HDa1KkjWXUa21mc/Mue9

Score
10/10
ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      dd4bc83f67df469c0360a156e35e3575_JaffaCakes118

    • Size

      120KB

    • MD5

      dd4bc83f67df469c0360a156e35e3575

    • SHA1

      46bb84f8e7868760bf9b1326e37560d5995a4a5e

    • SHA256

      19a4800588b1bb48a84982b7688903a299891556a412c780ae5de2a0eba29645

    • SHA512

      6b587dfe534f6e66e3d54b2edbf0481007ca91612dc2ea65c2a4ff21f5b0a90a47954b24e93a2a98636e056d6f4da91c136cabb8c4f9e0df5c51615728b46811

    • SSDEEP

      768:/QxkwifBsIqHpcrkMEYEhA7P4RhAtmaZFb79U9MKAjBEig6/1k21m3uHRdMNDj2Y:/8kwilTEhU4HDa1KkjWXUa21mc/Mue9

    Score
    10/10
    ramnitbankerdiscoverypersistencespywarestealertrojanupxworm

    • Modifies WinLogon for persistence

      persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks