Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

e354a26bcf...8.html

windows7-x64

10

e354a26bcf...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    134s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/12/2024, 21:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e354a26bcf8ce4f8731575b93fee158f_JaffaCakes118.html

  • Size

    157KB

  • MD5

    e354a26bcf8ce4f8731575b93fee158f

  • SHA1

    046ee70b074028f2c8036f85bb001654504c0c66

  • SHA256

    410916b2536ec3c25dd1226cd16f641d3b5b1794716be590774ac274e5c99ded

  • SHA512

    28a5e3e7989d612e0c6361e37651c83304a7838b9d8b90823863902619c5672a07fc24a0b3593ef2b475e6015c9cb0f4556717f8ece2145921d09ce2cc0c793a

  • SSDEEP

    1536:iLRTt2u52F+FVjByLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJA:ildpByfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e354a26bcf8ce4f8731575b93fee158f_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2980
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2380
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1524
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1556
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2128
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:472080 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1684

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8086d00a80ac9d92c4e6f21f4a841d0b

      SHA1

      586e572d344e95945b204a81870f980d5385b7a3

      SHA256

      01d384f1c102e442e30f306c070df0b4a9f36a8a0c864767fb1e5937cbd324f5

      SHA512

      241dbb1ea765acade646982587d973bfe47686a4515386478cfa6e016b8fa481f4246378a2952472d0d28c2a831b3047e21871648ee79a433636deea4cc3e2ef

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4aa9369062283682239fd51bfb78e8ce

      SHA1

      b29c152b24b84ff6eac5d060d0cac7f6195b3ece

      SHA256

      ce443a2428c35661bdc1683b70be8a484afe654ce5371af894f7f4ff7a9904b3

      SHA512

      ebfc928abf417ac3b75489268dd8c84eefd3813dc7f562992bf307e1d8e9cbdf99ad98f0b129f3fff6da3c7ef4a290165f88a6481215625c6f60bc6973ba9f3f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b64eecac6466b3b554177524c3221421

      SHA1

      aac40b6cc41696f803a0a5806d3b6cc99f403296

      SHA256

      d0f8af4d19b49f24ae26c81945de19fcd62d4d276be9dc6071406161193370fe

      SHA512

      545f2534a1f14245c13181da72e9b1401e5304b1998e3269d86c4d3e3a4fc3735e1d216bc8a29e78ae28e6d5a3a8bd7a5393e8761e6c6797c256f7efa9ec180e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      229c4a19e115142d718d4c76f97e6a89

      SHA1

      b699c883395e4d6b5acd207d7d3b2764cec62c33

      SHA256

      165ae353799d9764d4a158d358ca6342d7c227992a77768b6b304ef9e19fe18c

      SHA512

      6b5a06e250274d0bbbc6e2b5c7babd5c9d58f554a37ed764b04908f011b3889b9d15cf835ec1af5eaa1894fc0d914d012cb6451df4b97f706940c23bc0d40875

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      34af90f8815b291142555ab4d1d29c04

      SHA1

      512d5d9cc6742ba46fe472f459852355556aa001

      SHA256

      77e76c1510567bb2dd37d4693e73099c3510d0d9d48963cbdb63c765b9f3a9a6

      SHA512

      de9883a7b3c02d1629fff468996db7583cb2008fe028fe06d6760b9b014ee1819245d91efe85e0192d60000c9f995dbe6f44ab4abb817e40d4cfb8dca31230c8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dfbd0214790acf39667a2f1d85c3521c

      SHA1

      10f4d0a7ffdfac15d5a7862eee08fc8493869356

      SHA256

      583b235d6ad4eb0129fa86a403eb967c7e2e5235b39b41415e91a9bebddc295b

      SHA512

      13fe0140b4acccae946278f6a66e267de9400fd85a1b696bddc68930c15cd2cbe069ef8ccab90331ab7066b481af5c8a7f30586e005c33e42efec54123d7a519

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2118fa2e9a91bc9a5cc1b4c5be3d0e9c

      SHA1

      a64a5d6f3870a16b75559b7f00f6235fb0a74166

      SHA256

      835fd5b78bc4b1225652a3432a4fd9d16ada3fa89927879be5b3d5ad3ec1e3a4

      SHA512

      2eb5480e3ea2ae6e5d846f8fe50bf0f007e89c3f7d71a203632262b697704f4d211c6f6a72a81f27b9fd4a360536268075db86d7a3121944bceda639ea062724

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      204761598185e0b210c17048ef46f41c

      SHA1

      ed1e86b9199e1ee0a4c3384d9a2f78e337428d19

      SHA256

      112694a6aeef42360194484f0b6a720ea798deef79e652017868578fb6f42fd6

      SHA512

      83fcfee9835c10f0f8bfcaefc7e79ddb30728c4f7b417eb70176f36a6f90be06a142bff19d865606676b58d05997aa4696caaf18068cc1944cdb1400924ee9f4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f0c27de71b8ebddedc5985872a9e6b73

      SHA1

      2ff0344bc79461658bc325645196d8b33b35939d

      SHA256

      9ef00a0e5d9b3808b75dc84b7491107cc1aa6fc580390c11223a96cfc360e87e

      SHA512

      b8accad5223e5c3ef066b9c3a8c0a2fa7efac6ecaf92a6cab86f68e88c4fe3b3e27018668bcbb18e92e5ce1c6d5c7f61995b46d3930afd11f53a5fd50008c177

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6a4b5517842bc7b2e860e6c146558ac8

      SHA1

      6d1c0e3560f4fd104dc2ec34c2312eb88e864ebe

      SHA256

      76559b870f7b6c6fc8c876a090f203f559d9dc44a8902cdf328f8e0fe8b39cf3

      SHA512

      7bba47555d61f1b7e09064c0cc880f6c47b847b2d012a9f0a797224d2787c4118d55354a3aec4dae08f648371721c87db9e0edbac9d1a3ff902c86b560831038

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bb9b8cff8c528de7fe385d1858ee3979

      SHA1

      bfbccaad2a96d42ac0183c14e13c9096030270bd

      SHA256

      d13f8cfdd624df7d6f52c82bfd7a82adb54fb66abb87eb4518666c7370c07fb2

      SHA512

      9604c55e319d72df778d4fbb045f7760b997fdb7361a7fcb0609a1c07066f7aaf7bc3a017cc0812275570b8c1a3699c086a5539e826f8c3dec16beba2bcab36f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabC506.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarC96C.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/1524-441-0x0000000000270000-0x000000000029E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1524-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1524-436-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/1524-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1556-446-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1556-448-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1556-881-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download