Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

d0f056be32...eN.dll

windows7-x64

10

d0f056be32...eN.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    68s
  • max time network
    69s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/12/2024, 11:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d0f056be3290af0febce109e970a2cc63e44ccc3f0ceb6dab471a46e9319ca9eN.dll

  • Size

    464KB

  • MD5

    cc85455a126a3f54e161e1ad8d4a7e50

  • SHA1

    bf1098f7b4f1b9a821a950a65bc33e420b4e7fdd

  • SHA256

    d0f056be3290af0febce109e970a2cc63e44ccc3f0ceb6dab471a46e9319ca9e

  • SHA512

    a92ac9c134a0d0dbf55216f4217068d99fc97f6a1896a4369f77d7656bb88c5f420659a460a84c72c72e79d3a5d03752e035c388419da64b6ae08d9c72e2d910

  • SSDEEP

    12288:azA5lZhy6RpB/6eXMVVLrkwTzCunpKI13YEqW2X+1:azA5HhRPSeX2VHkuzRnpz1oHu

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d0f056be3290af0febce109e970a2cc63e44ccc3f0ceb6dab471a46e9319ca9eN.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d0f056be3290af0febce109e970a2cc63e44ccc3f0ceb6dab471a46e9319ca9eN.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3040
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2696
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2756
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2892
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2892 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    256648f808c8728c6f2ed61a32b179aa

    SHA1

    fbbf021fcf5e1768eaf451ba94c5afd879842730

    SHA256

    1a597b5746a1026da71717a2fff1d7c107f7cee47c1524ba88093cac63d5dbb5

    SHA512

    c67e2c94e04e7c75c57e6fe38cf204a3373271b9b4be2cf1bd62e1616873c7da91a995b106a92025be400671d5dc71298eddbd16f1bdd49a621e2d3fe8bc0283

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf3c15c05da2ae1cc7a52074ca711f43

    SHA1

    a813fe08cbd1ab05db41c3b32141b9dd7d43cf0c

    SHA256

    20efc020d669baaa4f14b6d5f3fbbdc862dd2b775768145751d0e3e1a3884e68

    SHA512

    7ecb52029a10d2a5f350baef950fde632164ac2a1a135cf8a117ff191efc2752446baeb8ec67737994f02d7782ff2d5b162b8f54385c5122dac4e7a3fbfd993f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d114f3e689e755774e385c0c3b5bbf7a

    SHA1

    cd0e84fe519b40d8954b4bdd589606a403884916

    SHA256

    6580ba5a8791be2f62b9eea6af299797af4627aace1e3e7f7f5586c37eb0a5d3

    SHA512

    c6598fe6354ec390730f080e0ccc9c65d9ccff2751ff53d5c8b0ab674979387a9fc6a5caba56f45cae835d9b839641216d08460a4673d7711a3f69cd4cb8f3d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b7bfe6eec9825f27eb0d7be1b8652913

    SHA1

    187960944cf434173ed662dbd51ddecfd7020739

    SHA256

    d860ea5c7112eb661d4f86c2a694020b50f7a62771423af5af101c6c30bc9f3a

    SHA512

    5153dfe09c5a1f7c8b13f124996c6634b9afcb3f0b1c2e64fe34c5c1fe4bca63dfda15379717953bcdff880ea4a9266ffb75516cdc74bf00395268aba455d7d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ce2875c6be56c6325f1ef1ec1ee719f

    SHA1

    3545a7ebefda556fce584d598ad99016045f5474

    SHA256

    00cb11358c0a46715e59485625663bde8b21d798eebb275c23db2b19d96bf67e

    SHA512

    b9e4eced989351ccea2865be0c7b2e708e74ae9a6732eaa1d6e3d66c8f06a04e32ff0f5108710f18c666ebc00e319368bab7f036d22c5da7ff9deb1034ca91c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9f54be9971b3638a51207a77ef5b6874

    SHA1

    d9ebce963337996db4b4004098892828d5de6309

    SHA256

    d19079bf60f42fa15c596dfb65cdd5fc07b02959bdfa489606745b0674cf2bbc

    SHA512

    3d0bc7cb0fb84d3c22f41115a8149324ec02f46a28dda63f5c033ab77110fbe8db726bcc8e4ca5972bdccca5317c81bedbdc2d82afe50584ff852b7fb15b1743

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d342d1583865f03cd4dbe01c2afe4795

    SHA1

    93f5e455a8f41c6aee384dae935612e814209214

    SHA256

    209541c42db03d9b448c451ab9a42b624bcb635fcb7cf843e19e7a5fb66147f9

    SHA512

    a7f9d208d8b1ff3d0acb1a64f6a8d5dd5ec5d4f176a2882e75d860081959c1647f959c9c2d63e84ddeb6e592714eb5bbfc2bf02057bf2f5ec1e8364761939730

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    50212882dbb5039102bd9e80fd00d8c3

    SHA1

    10ee70dc1bbe674bbc27ca63714436af6d2064ba

    SHA256

    c695a454fe3d2d528d26abef78868f88676b0871392e00d304724e94e133fdde

    SHA512

    459aacc47e5df0d349f0a1d4ee90daee1302b93b4ee8cc9582392c82436bc863429a2dcf46ad8211d4b7ed711f93d42ff9cba702869b016a0653c2a7405202e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b3ed78e098a926764d65ed74694fac5

    SHA1

    c587a4a33d9460f89556f481efd47bf71e4a4994

    SHA256

    7889fa35cb917db47d5f3a6e1be531b72ae865df28388350f78b868039322567

    SHA512

    86a3b2a6d3dd5278580a861d7870829d4d3a4397849d02004bbb2b0a2273384421d7d20457813954a068c3570ea04a9006bd8c798984908520eb9b717589ddc2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    38e5d2df1b417a29ec9152765d72c6fd

    SHA1

    0310530c6308e4d79a66b602d6d794da8393cf5a

    SHA256

    558107a341746f9c615d46bc536a730f7f00e9cb0f083a61556c3b6b28b6fa94

    SHA512

    10f99881dd53f94dfcf42a50f82497445c5786c3b6695c52a75f735d4130734fec52d3dee9fbb39386d096d1557f7ff525bd0d99b70573e05826cfc8b05aeee4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fbf99ecc83fe38f51548b6f23a69bafd

    SHA1

    ffed31a110e3dbb3433794deaec5063502e27514

    SHA256

    c1ee04e94ec4409ea62a29ca8267b68feac3d30885eef94fd9c8de3e3d15e4bb

    SHA512

    b9e5b43db32cd77b040d91df648327ff1bb6a35483d3d781fdb200b58f96e009298d20c8ba88c1ece782c4ca71db9f74a251aefee3a2ce9127f4c61ed350f35f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c00cdf9438bd8496f5aa0dd129279c1b

    SHA1

    9f9b1e349aa04e5a1dc327e10d4e7095d0fd0be4

    SHA256

    fba31429b573f62911fc9615664d1731be2d4891ee2dce64c70d0db9d786563b

    SHA512

    7351f16aca1277e99bab2304cf896176aa687808466bababb72ea0ad2420ce4df769306843185b8508530f8ddd517ebee4302232b9ef4d1a4b0662bf05995085

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45dc7b7896886158179d783ac5699caa

    SHA1

    31b0d3c420385675ef9a988f2f295a72a405509c

    SHA256

    f7433f08350115e7f2d7b645f55fd2fa21b1cb9ba94f60df9fe1f950b3a2d552

    SHA512

    927dd6f3d96ee66895b3caf60110912a4f4a206458e3656d72fdf1b795366c454beba5bd57194e79bb4725fa260fc5317dd429020526cff5d50042307f01c09a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f605b2210abb2a58652415f08e1eb43e

    SHA1

    02b4ea240e56d1f12a9cdf379159b0fb44a1861b

    SHA256

    3ec6e437531c9c9c883e49dcfaf23948e4ac7a20b4e2f0843cd4fdd39ce72721

    SHA512

    4fd3cf0390357ae17781600360b6a39badfe651948adefe1a6db94261f097d5a7e3f97ebb937f769bdad9474c266e0106967f96590122b239bd211b83969495b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f20b52c91d62ba7e47c92dfc0989e8cc

    SHA1

    effe3500f46c0a2031bd5c6b64139dcc3faf0403

    SHA256

    7fa8c43d1611885f095c95e50653d7a593b7ac2840bee77f84a2e11d162199c8

    SHA512

    7105397296759b3fcada968d2be6272e32df5a179f5567d209dbe33440074127e1edd5c3788a1bd704507801be609e2d1b480036d285dbca7cee0646d3ab6bcb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b4f1565149f7bb6f91afd4f74943e15

    SHA1

    0f1561dab1f37a5c3fd3d42f318747fade4d2976

    SHA256

    bafcf541c942d833aa0bf2c9fe546bafbf713c4cb8a2996e1569ceaa8ab4e452

    SHA512

    02dbcd01f445f846f2fa3c4fc6a1df7a8c9a651310fc04d3f32cfaab7c7d5cb1535d1e81267bf202ddd6fb361a11096276fdbd27b482d9a91081c7f1f36447fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    337b2e12ebe3f037b2f4e86ad72dd6d7

    SHA1

    ab5cd1d76ebb5d4cb5f7b8fbd15aad79f9887d18

    SHA256

    197cd239a12240e2a63685a071aefad5b8bfe0c192dfae6868d5027ef7b5dc8a

    SHA512

    aeeb84810709b43f2bf37fb4eb9049e04b13d2bd28b9b6ce26cd3adbc019639c32a4631385a759e162bd6881582d433e12113d5ded1542ba81d002292378d2e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a99ad1ad1ca7551e81bd317810fe45d

    SHA1

    84dfbe3c2620b65e201c312e724e7946cf986b2f

    SHA256

    59f39406912d4469362007c06c9f6ca2e749d9c8c3012b0702ed7abaeec0ef7c

    SHA512

    c2cb08fe5d0a101b8a7462f61adb68a26a73cf89dc2588b5a642e64b1f68e4cc947b7dcea05f201238547f373823df76a346ce8d59ea60cb21cd664f65665f31

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f041bc5cc0db8705606ed97dcdf33a21

    SHA1

    4296dd5e0161f054bccc60d3027a6dbae68cfe14

    SHA256

    3c9c82f13af1d8051c4a1f5147c84a39103de7e28c6218e0243d494c3947e35d

    SHA512

    9d73d0792e2a8911e25d6145e193069874d00b478bc365879732c6792caf0bea57bf14c05f6449289071b4e0f5ec459a7d57ef0a9cde6e619b51230cc596e02a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9BF4.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9C74.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2696-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2696-12-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2696-15-0x00000000005C0000-0x00000000005EE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2756-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2756-23-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2756-21-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3040-5-0x0000000074500000-0x000000007457B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/3040-1-0x00000000744F0000-0x000000007456B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/3040-9-0x0000000000110000-0x000000000013E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3040-7-0x0000000074480000-0x00000000744FB000-memory.dmp

    Filesize

    492KB

    Download