Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

e07cb29a64...8.html

windows7-x64

10

e07cb29a64...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14/09/2024, 15:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e07cb29a64187d3fc18483f7c0ad1990_JaffaCakes118.html

  • Size

    126KB

  • MD5

    e07cb29a64187d3fc18483f7c0ad1990

  • SHA1

    4338c6574e4dba7abc9bb266f64fa6560553c952

  • SHA256

    48dd068e2bcd496598d1c67eeac3adc4b205da1bcabd933e976eb1cf55da10c7

  • SHA512

    5eb4f0e634ef2b13eff4c44239555e5dacae55225dff84f6f72e0f4b7a19704229043478ab6dd8b82a581a9bc05518f75c3b0810d86cf1782ecbab8106744ec9

  • SSDEEP

    1536:SIHeRbMiG4eGiEyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:SIHwsEyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e07cb29a64187d3fc18483f7c0ad1990_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2260
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2260 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1332
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2700
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2736
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2892
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2260 CREDAT:275464 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:588

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      959c7150e344441fc69f74d34d5ee972

      SHA1

      4688fb7b75cd15ff09c54eae5c4c24fdb7527533

      SHA256

      dccff6ce5ad8967cb6aa31376d9b82c3ee80c670dc09f8f3e61fe82c39dc8ba1

      SHA512

      dccc1d6108ab2caae27d4c46ead9a0d5ecd5b92e3f9c2fce49e8eef7a08cc35bbcaab2a2f77d12624dce6a4a7c8b988d3a168fca2403afdd25272069cd1d8c8a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      085726c42035b7e4d3e0ec3713ba975e

      SHA1

      7be7526f7e73a03fceb7b98a732b0f6d866b82fa

      SHA256

      549a5a906184497a4a921cfcae1f228d141432b4cecaaae79ab4ec3c67a88c40

      SHA512

      a7589a76e9a6457cbe7ca2250e82356f58cdc233ea91dd58617809a3e60f8b5cc8349552e7a0aeb92b8a0807ecdb1f0c2cef274e4a66a0fb97b97269fe613a84

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      10620e60170cf7424b4dcffdd3271900

      SHA1

      4b183986d7e9a2f37f97d8dcee211f2e4e007e8b

      SHA256

      161dae20fbc38bd473a5567f0decdc8d6b73bd4be49fa7243fa69d051b3d2ec6

      SHA512

      886107433407d9983ce621dc1208aad41d0eddf193da03c6b5562e376a5b56a4cec58327c1cb3441c82c50feca72ce67b2a74a84e1e0a7f96396476632107346

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9df7c79d46a92920963e2921987f03f7

      SHA1

      80aed15a41e8923e9acfbc393ce2bcb60895e99a

      SHA256

      bd6b30a79bdca940919ab71c599ff60d574020d08ffa472a2eeb061e48f72063

      SHA512

      c1b4be55a336dfceb30f3eb83442f437a9acb5b3f5c48a48282cc3c7cac3fae53808ce9e43ac34fc85f82bd1eec309f487942687877b14a172773aa64810a5cb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      34bdde3b2c8bf6b9acd2cb79b1108f1f

      SHA1

      cdec3da634ce92b3ab10fbf18c8eaf359984047c

      SHA256

      ae10a08859d6cd41a378e5cb255952a467c74b2bccaaceb6a1b0211d9f8ea64f

      SHA512

      47349c816051f9f3a88f0251dd5f2398f2a31459bcb9207a7e81e63df86faf8f73f1f09b2dcc3b5be73f21eb099bec883c0248041e1d3e854215f88a1ee8d22f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      55f21e511b16a359082b237318f53f88

      SHA1

      b4fabbbfa2960e9445c82f9a65cf24601bc6946a

      SHA256

      35aa73b03f7054b2f44e1abf1510168440434db76e6b3e9896fd0ebcb1d0fb16

      SHA512

      65490afb26314fe43c8b0f25cf95d328373ee8c41ddf37e7be182e57fc78fb8277c67a0d133904247b05b95f863241281628f667c4d76586af4764f1add0c46c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f97a0692e2595f52ad794065d9e01b44

      SHA1

      479b2a6b0cf19d927b00143cb33a5da11c14c269

      SHA256

      506904f6822bbfaa1cfe9607a6baae989c58f0da8541333b7cf79150d164ede1

      SHA512

      1686834bc752bb0a46af8aaab0c86cd52043cf49adeccf9cd067f85eaa63ce7321e5ab05610f163f0de92ffa03546014a6ada93654ae31fadb0112d6ef502813

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      443b2b893124ef1c8250d495461eb066

      SHA1

      422c44194a5eac208087a79470f5ad6517b67f38

      SHA256

      e01772bfc3d913d108c28c431f308f67b6d49417759a6cb4dfa418ecca6a9812

      SHA512

      677259b85b04a22b043b32ef60f0594ff25ede0d0ac54fe51815dff3c4d342baab58e8d4a5b1593f2c1133ae203d68f0870c9f8b1b47dbfa724a8125163bd5d8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1a09219902415e84c26ceb4bc41e335b

      SHA1

      566a96fe53f29afeb0bb334cf04825650a6f6e27

      SHA256

      e37202f041873331117622355b2842b24b1102efcac81cba011af915f2c51fb4

      SHA512

      fa65055e0f6709f9ae7928e1e3388022c9f2f85c6fb90f4fd14c5c7da46339ffaea8b3cc8a2c6a94a3d7ee85d62be9b45a50c78612dbe41fe46ebb9a067e3e81

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabC997.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarC9F8.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/2700-13-0x00000000002E0000-0x000000000030E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2700-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2700-9-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2700-10-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2736-20-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2736-18-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download