Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

36da45a37d...18.dll

windows7-x64

10

36da45a37d...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2024, 21:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36da45a37d30043e157040e0725f1597_JaffaCakes118.dll

  • Size

    144KB

  • MD5

    36da45a37d30043e157040e0725f1597

  • SHA1

    160917680c9be5d847c74f56dd0f0b5fe5580950

  • SHA256

    f6d982448b1d7eadb9bf17ecae6c020583d1751ec41a7bdaa2d12cf2fa34f59c

  • SHA512

    ffd89ec891eb1b383f902fcda8dcf15588a06f382c8eea008b19f6b026975d54251f5e7a031df0f34b2c3aaf32e0d5c7c1044404608b9eab90b2919ad4583c32

  • SSDEEP

    3072:PibTTp78CclGbAqhMjW3Mfw534x3CtlGpuo:gT14TGAoMfTsHGj

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\36da45a37d30043e157040e0725f1597_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\36da45a37d30043e157040e0725f1597_JaffaCakes118.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2412
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2168
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2992
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2992 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2764
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2280
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2280 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2972
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 224
        3⤵
        • Program crash
        PID:2808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    063a8880fcad8c80fdaaedaf5278a174

    SHA1

    4042bf7ba4a461329744e2a25e186c89639f974b

    SHA256

    42c4e971b514985ba28dd5ca9e6e16afda3dfb93c537a994bac23d354e54d770

    SHA512

    a10f317cefa81ca0d126b39953987ea14d122c64b6bd6df139807223e4b650415ccfa81c58ca1939e08585682d33ec7f8f79f2a581b94b8384b6ae8aaf5e0f44

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf3343dc5028e00280d67f0e4c53c3f5

    SHA1

    33cf76fe3445c0f482b657e06394da3799882284

    SHA256

    0ca7a3ac574497672ddaed02a5d7667dca2acfa849048827a5d34236a3dfa598

    SHA512

    c3f3254237276a629ac634e028e722b23a3196acda97b37b0e6177b65e51a592e44f19104dc3df62d4ad0d0e4cb6e8e4eea0d12d203ceaa0ba4b7053c7c305b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    74728700bf4316d2b1f0d24cc4a982f7

    SHA1

    0ebf7db39e09914a08470a019091ee984a17e382

    SHA256

    d6eb114a0609a46e2cd7b616338efdad9c9ad7c3b408fe7c5181010648b1fab1

    SHA512

    1aea1d5b3fc90414af8692c7d76cdd4b46dbf883e5efe0e45de28085483b77e4797c9adc615d3d960b53266bc9371383b04b029019715e20d8c3a8f3c81671e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f455187941b12b7e73ba88724708c119

    SHA1

    b53bbb2299df5ba987005c2706c557715e523469

    SHA256

    63b95e19acb78fd469b91bb6076381cbae15bb8cbe5644064128173dde8d5c9e

    SHA512

    db98d6e0de611c40191c50eeb3539146035c4edde166d3e09d6d7ffb94aaf893767a1871295a2eac28b1abedaa529a65988ff5cf711d1d74d4144f2b48a7d0e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    17498ca259d166219d472d0e33eb873f

    SHA1

    ae4d6bd42053cfa57b9f266af6fa6b9cc04de000

    SHA256

    922263f76d740494b340716194192f3b3f1f77407063fa0dbaa7679eb3e7c9d0

    SHA512

    2e82ae3de0c3731072a3936c63fe3e7f769b2810ed5a56d017abb01ce1e184d7f603228ecf34cdbf2a44220f538b0c7c15db41ae6f6d94d18061c9ec2243d8ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    24321ffe6042ac29c99fa6aa5c280700

    SHA1

    634f8bce488279fcb3091f867b6572f8ddb5ac3a

    SHA256

    7263c933133cf47a5b81aac28129abca320b532f730e8a455a0d8000026e3566

    SHA512

    a01d851682965bc931a6a2ea2154a1e83c1db903d9dd4ad1af16bcace6332bc1bc44d605c1222fe39ac9d5b5cb8b459a2e358de03d16ca167629f503278ce935

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    219b66ebe57886263af0971f43220f9b

    SHA1

    d914e95bfc6f7bb436b2602ff3f736a64e321f3c

    SHA256

    fec986f72751b86a8a0c842b5886dca2e5aafec7c7b8185a89d7f895054d2b4a

    SHA512

    c02193fa0d6205f97dff930ba327c250245e7c920305b01aaae6c8bfee311829a9330885098c5b81a0ae40e15567801ac14a921d48e97499655fcb3045c4c2ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5413ddd4bad64eb17b2d23ffb4c0ceeb

    SHA1

    04f26b0df85b2d341a0db3265bf60319f539f135

    SHA256

    bd9b8dfce77a61889cef6e85b18b841588df898542720ab00dbf57bc0d50c779

    SHA512

    23bafbe0bf760e13ca3d67173375393617944d7f70b2152c2cc51be764cc1bd32fa9a5bf63d8c29aa11ec4a166d7a83f78e8d7b193049c4ae4f0e2acee8a5f03

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    26c1dd74c6d9c4a0c92347253aa059c6

    SHA1

    8a0c8dd6b61f990e47384b2b8b96e390a0ea5a22

    SHA256

    2b63db3ec9f70705ea37ad10a52cb41f216f0c99f8d53c63d2e604bbb8b50920

    SHA512

    7f99e141149d45fb657aabffba111549c597de4721031f6d7dab705030e592372579045e2399e64539dd0e9988a9bb40964c6aac2b42a4dab066b28c15d1a2ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fbf9fa363b5847704ae61e119675bf0c

    SHA1

    1b37320ac2f7870352b2f44438ac1b9bac578b4a

    SHA256

    c0bcdbe1c66ba8399281545b9a8aae872d42dff73956ebae8651ff91effe1f72

    SHA512

    9bfde9ea17790adfb3bb0a92fc73b2d73746e3a6718dab3b3c38c4f3741d5ed4957289439600daf1ac200a604866b591893016542961a5899ef6dfd8cabebf7e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d204e9455feeb70c4d694247fa3aed97

    SHA1

    8601d1018cfc0b01b80eb958a1062dbcd27151a3

    SHA256

    d98e53fceb1477def78eed3776001bfa8892d32015240a4b169fde4bb0a67426

    SHA512

    fae9f29f130fdb951656c354c3cfd071a1d0a21ea06b65775562358f48e718e9e8c99bd9bcb2b17e3d959d03a741816ea11f39d1e63dac13608e2d058cf8b8b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0f9d4c3c8468d91c928382759b4896ed

    SHA1

    1154574526694e402b14a644356a55d5529a25ef

    SHA256

    43f69ac43b6d3e81f4edfcb909d4192e7ac8e7cefcde3474ca324bc748b12671

    SHA512

    e1667814a07b8a67eb389d477f6ea6baca18ba67ce3e05247fba078fa425d774972d82c4f236b24e5474eb64f7c99798ded59721cea67e0089bdf51769558792

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ef86815047f2d339fa0c629f82d726f

    SHA1

    c23563eb00c7aa85226250b36e365477b06b4a8c

    SHA256

    6e69284cf46517f2579e264ff69868e29474e3b2811dc37a8d3c3bb5d66403f6

    SHA512

    43fe97cee1c31f3754a3fe5d535c38c0c00c6178437d6a90f1271b89c01d5bd5a3aa1cdc57d33c3953401ab26b5dacf117c9ddac98b80a9484dec3bf9a8f8fea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a5d1e2fe73f9b952b4721e39a95a990

    SHA1

    051ad865c573eb5dc339feac948f7fdf261b1c3f

    SHA256

    fa0aeaa8b1148f9abe6a3566bb0c8a1901360a4a98590a009189ee916e5b4ef6

    SHA512

    269db8a1d90b9bda2fdc9dcc081a033bd9d2ed4889cc01b9e30d0314afc96e6cc2a3f1f1bc6ef649df37370bba0c3ddfd69c298e67298b5e76de95e48c56b736

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63b01ae72690344f681c86460f0952a5

    SHA1

    cc4e1d08d5d63449dedda193cb6fc0bc1832a24f

    SHA256

    16f9c926a333289ef012bb9c0890d786bd552699c88397461cf8b547c1f70dd9

    SHA512

    ad1e084b637a2dea6b97ab146a564a9c531195828e951d01a32b78363d9c95fb722ae9a68809a12015c545065c873392ee7525d70896f7e58052f3c5ae68d428

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    08544d18600d2a3287110907388369d6

    SHA1

    a85bfb9d5e6a1e5e8869edf53e651c2f664a2351

    SHA256

    26581f7e13f09b6ea2a2ba8ef14e9acf34d5b8b1b487d9b808e66dad7b2f4bc5

    SHA512

    d2f8c6726c343dd9f831560d82bdbbe9f453479e69795e4a7bca4055e75d38b3ecf950c4e08f925176e962afa4cf8794cf40d5f3d51efc08c2e91354e360a271

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3356FE61-8816-11EF-B909-C60424AAF5E1}.dat
    Filesize

    5KB

    MD5

    8fb974a723aa253c69064631a4ed8c2b

    SHA1

    4a3ebe207cee0f87e6a3e12b2e6413b9c6722b67

    SHA256

    f4309afcfadbcef8bd0427d8556533513194cac99c60f6dfdb6dabb0f31734a5

    SHA512

    04aa2d3be1f3d7a71ffcaeb42d3d2ac74975c1247288efe7439bdb65f43f562bf42676e63e132eff3ec672b419fe58d4bc98373405c03f2471a212de4b8f0ae8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE3EA.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE43D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32mgr.exe
    Filesize

    105KB

    MD5

    9b49fec7e03c33277f188a2819b8d726

    SHA1

    a7b6b4a0ecbeab9075c3e36ec2586ce8debbbc4f

    SHA256

    9d3a78f72dbd7351a999d6fd6f60b0c6ba79bc4279a347fd590af94a0224afad

    SHA512

    049a0971913562ca8a134ac889d4750c71d89fe070fadcb06dfc49401f1b9b508275921e55f3f27a31f34d520e96784d4a50959fa1aab6bad878e9e5ea61755d

    Download Submit

  • memory/2168-12-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2168-14-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2168-13-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2168-15-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2168-10-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2168-11-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2168-17-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2412-9-0x00000000006F0000-0x000000000075E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2412-8-0x000000006D080000-0x000000006D0A4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2412-18-0x00000000006F0000-0x000000000075E000-memory.dmp

    Filesize

    440KB

    Download