Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

eeca377719...31.dll

windows7-x64

10

eeca377719...31.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10/12/2024, 20:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eeca377719e171593ed8eece134f4234b543df567c0d3a4b4361674d705f4631.dll

  • Size

    181KB

  • MD5

    f557cab2d058fc7f0ea1dff90917bbb9

  • SHA1

    6f8830cdee2d3d17acb82daeee31f28a678e7ca4

  • SHA256

    eeca377719e171593ed8eece134f4234b543df567c0d3a4b4361674d705f4631

  • SHA512

    53fc5edeb140a8900dc399ea7df4c719e9941ec7832856bd4bcc929cf955062d66edb8b343585a8961221c4a2cc8018d56c24b7d329914a225e6633506eaa053

  • SSDEEP

    3072:nhvKdimeyIEZ1dCJumZF7eOmgyNwV1Hhr768BHQg7bv//MFwFPtj+5X4BIH8:gzemdCJfZ0lNK1Hh36YHVvPMFWe8

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\eeca377719e171593ed8eece134f4234b543df567c0d3a4b4361674d705f4631.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1324
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\eeca377719e171593ed8eece134f4234b543df567c0d3a4b4361674d705f4631.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2536
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:340
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2692
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2252
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2816
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        3⤵
        • Program crash
        PID:2400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3e305f8aba4de18e13e92e82d8875aa1

    SHA1

    d8217be0b9504c768639eb8b281e2f8d208055e9

    SHA256

    73c90548c88669ae28590f0a8ce6945448324974d9af20f66216f6ba608977e4

    SHA512

    4ceb8ab3a8a1398ef631f020a15ad1b8994dadf6a2e2babac1a8946b24271459a1e96e72d85c47efb51ca823efb41b002543c4e04cad085eb959ca1f2de40b03

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a42d72ca0d678a9c3a53893f0dad4dfb

    SHA1

    4f7b99295558b56407d20938649dafa164033114

    SHA256

    ef161bc05c0581a0bc17b72b9bcc69d26a4c6c4f84cbdefb1d2d864bf4d8b93f

    SHA512

    5d28998ebdfe5ef4a3c9b1b81439b754f1b16a534f5fbebcaa28e58eb2881a55ac698a2e5ee0fd36bd9d97828395ea9db383d93f12ccf99797ae0176575161ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c55e4ebb19cbe266623cd6633d2f92cb

    SHA1

    3130b69039e39368fd549c5c2eece98a697213a2

    SHA256

    4875f5043c9ec9ac4cf8cb431d8507e3ccdceb11cc7ff48a09bda7424777e445

    SHA512

    943fafb24e4296b088186e2e44a5209a5ab22d122d5e1224fb8a90a506a81ed5a63b3a017bfb0025a619cee85e05b8cb60a679d13cc19e935dbd54942dc7455c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de4813059f2f20a97ac81c7fd64ec799

    SHA1

    86cf022cad203c8b992bd56a8f25ab64679520a3

    SHA256

    9ad7a82cb8dfefbb562d38cbcd6aa89d31d6271956fd1b80c560cdc90a2239c5

    SHA512

    32fa4f3f5d3c8e089f1d89600ded7c64a8b0542af8b007a1f0a4ecd1b9a0bc93000565e315318ead2135c27e446c0abc6d6a003989ffaec6fd09a180c6ee041d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fad2c46c75f2e331ba392834dc398275

    SHA1

    eab6646851104f6e53c7dbf68a4bae3c70784851

    SHA256

    fa4d1a143e3dae75f0f6a1ae4bb8039f75abfc17e0737b21d8d2b954411db2cc

    SHA512

    e6ce4f7cb5a153f2719d212ed59b7d09cc2c318433c3809a0b0c2ae2b71774c7b6d6aaf83b02c98f1b9138b43aab9988932571e405ff9cbe1058d7afe5adefe0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1aa861d0b50b290c5c2838e6f0e95190

    SHA1

    7106a02fcfa1ef6fb051f512f6fe5c49205bb0cd

    SHA256

    3d86bebbdc417cfa202989edc22aca845ad32574651b85ae1ae09df104b01443

    SHA512

    7c51dd05a63bfb11e647e956dbd92521aa70e62332106d30fa9cc2001879fa42f211e01d8db524bc28793d257714f7289abd54232631945563304dc9f17c4e80

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    efa74a5ec36115430d197580df6df7c1

    SHA1

    22f05a8bbd932be54edbb203264fe1f25e3c5cb0

    SHA256

    29ebba1c78b77be71c51682223c256c1c122a5124b06ff5764bbe6685badb634

    SHA512

    4cd205c3cd1a9c3bd3327982ef4920722af3d5f06638dc43307e08f4f5663546345788a3f05671b5edf08be7771fb9e5ed48ad2b682b855586e2c2aea97c14db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc4c53cec8a22d6ace94ff9276e96db8

    SHA1

    6774c3d40674cf911cb0c2a6d34953d1d2fb8fa7

    SHA256

    b6fbd285582187f017e50e2e965a50a26ba6edb5b8b902f7767ff6bea5ad0535

    SHA512

    24c6a06ac09f7b78b0d3a8254d9d770e32bf78d6304e312381f3e96664ebb6fe3229833199a7365381db3cedee4d68731f42c84de1264c6d59325021291cd01d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0155d8c5a5a569ff270c313ad021bbf8

    SHA1

    aa356177e8cb453a96093107f7d42f38219473dd

    SHA256

    45b4f9bc86814890b9e8585b73021ceaf6eea872ff5b2cd6e645eab8d3ab602f

    SHA512

    08770b5664d8226a17f707176681039bb3f878af569a63922cc821d9e68a242cdea283c50304cd977d2c2e5effc038c82d1eef9a8854c70bc6fc7246b95ef951

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a15f4f06ddf057860c9949e63645736a

    SHA1

    3a19b68866134ba7624c5e66175f1763970ee30e

    SHA256

    d77a8356b412268b02d949e02fcc70292b5b477150966efe0471ce0b8f4dd8c0

    SHA512

    235427999f7240b1452d248c76025c37faba1429c0529d13fbfb948a4962eeb4ab4e04c2fc6b337f713ae6e5e2b603f5baf5915a50f3a388e70b7fcc7a676f41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc4a352823efc99d5b87cb70ad709991

    SHA1

    1c3f174584aed88e9d0ec35bde0f5555ee6e0e99

    SHA256

    22ed9348d04c438f659dc7853e9b6b21f9589c4d697ff1fb9ae22a99ebf8e2a7

    SHA512

    a3caabc03d562cbeb39d63fc45bab92fcb5158e6c1de3691b671fae2b9a081c8c489ad47baeb8293a351b525a9bf854a717efd625fb578ecbeb8ecc44a2e56dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cdb01a321c2621da1a502ce6e236b411

    SHA1

    12f73b3613a87a3329dd012179e392d2a66713b9

    SHA256

    a07077135f7752a753ae5cded3a5890f339bf9010ac8465f583a3a9c2a37c423

    SHA512

    a7546ffda774068eb52607a44c2bf9811ba29169a9f09e9da46b0c5d59bc40ca099487f0d0dcc1c27379db24142b922e7c2f3eceb61e4ad8345325d3182a04e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ae31df5151bd7faedf0851de5e0e36f

    SHA1

    8fd2d99c63645382d854bc42d236b331f7b49792

    SHA256

    e6789381c8d419d2503e1b33f5d4a5ba45a107ec1761283316da617efa4c9c0c

    SHA512

    a010a1bfbb59beaf4896f10b5a0c6b0f43060dfce9fa60e1d117ddec6b5d2957f3cabb1ece3a3ba29d547be8d7c18d4346009fe935562755ff23a53f43abf6ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af1001132ec2224058dcdf53f930e89d

    SHA1

    6fde8b2629652a787a0343d5cee41267601a5b6d

    SHA256

    de7ee48f94b89c4a56ab36d11fc9d85b6e57c7a9343dfadcf10907ec837e6e29

    SHA512

    5bda4a19d891e5b8bce0d1879307ca8b462ac6f822df4b8a8fb34e769f14362bd578e8d86ab825fe21af2af156ece8e1a0f8dcbfc5e9f54dae229e7b5c6180ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b10b00947869b201c06b2cb472e01b88

    SHA1

    5097d86d442c1532a400c89eba97cba2d1196f0f

    SHA256

    00bfd13b3c8634d1a762fecda7769fc15c13b701a3849cc17638b69298229c72

    SHA512

    54b50f747fdcae8322e29c2a60c70701f1d499e0f007bae11c7dd59f3488b272269a6d1247db160450e3468dc9c4489fc28506171871d60a2f4d0229accb8ce6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5bfb0c4f5b492be50b38dd7ca27934c

    SHA1

    4dd7f259e018c2c1b67f48ac767694333b5bf939

    SHA256

    df1d1231c5693e91723b37d9c2d032358fca27dd6f1724aa871813cd2fc187f9

    SHA512

    84defbb6639064069ed84e79f2989c2bc6e374e14857af76d186696b2584c179eba9f07b5a2520c38a605c0ab158177fe93152859b06378a39b1140d50ee0bad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    87f52be804d28b5af2aa5b38f38f9eaf

    SHA1

    adcf6f838862a9e97161de0933dd5327ec539011

    SHA256

    da99d4b72ddf5f45b478baa139bda4f5736b1c26849fbc669fee842304fc837e

    SHA512

    b7c45b62f1198a5a969bd155ef01809992afd7d06ad50115f651d04889ca019692084bb351650bca449fde5fe125cb8733e7d1b2ba1c6e014f9c875f3929dbd5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d6dff5b69c66666a75954750d94f5b9

    SHA1

    5619aa35e9da4a3053329a197bf331514aa9dcdd

    SHA256

    915a5a464a47f49a77061523f48b798406536a6c46e64a05d77c7e19d6ef6810

    SHA512

    118251c0391db33c80b2e810d862bf08af27a9e7c264de4bc67d22dcb6312756adc3a60f802152427c38d3afb877539a4bfb4fb0a072cd40a5cb383fbd835753

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD05C.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD06F.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/340-17-0x00000000002E0000-0x000000000030E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/340-11-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/340-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2536-0-0x0000000010000000-0x000000001008A000-memory.dmp

    Filesize

    552KB

    Download

  • memory/2536-8-0x0000000000170000-0x000000000019E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2536-7-0x0000000010000000-0x000000001008A000-memory.dmp

    Filesize

    552KB

    Download

  • memory/2536-5-0x0000000010000000-0x000000001008A000-memory.dmp

    Filesize

    552KB

    Download

  • memory/2692-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2692-24-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2692-21-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2692-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download