Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

0989c5dbbd...56.dll

windows7-x64

10

0989c5dbbd...56.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    11/12/2024, 15:43 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0989c5dbbdccbb2e08fe7a29a62771f7f4e36813d59ddedc2d9af3342d5d7756.dll

  • Size

    150KB

  • MD5

    392f25e6871b4dc3f00bc031d36a8c15

  • SHA1

    17444eaddb2dd694c94413df1b18f9382778b770

  • SHA256

    0989c5dbbdccbb2e08fe7a29a62771f7f4e36813d59ddedc2d9af3342d5d7756

  • SHA512

    8851dce5aba3b10170d99e8de7d953dd81b78add5d583757f0d29fb0f8cf580ebed41feb6a77b9bd775e25e80a23ff4ecb5d4754868bbf0d583ccecacaeca592

  • SSDEEP

    3072:k7LTNzNup4hAQHnLP+VXmwxCtkNPG+XhZ0pi58GANtvgRoA:oLTfuCnj+VXmwxh8Eupi585NSb

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\0989c5dbbdccbb2e08fe7a29a62771f7f4e36813d59ddedc2d9af3342d5d7756.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\0989c5dbbdccbb2e08fe7a29a62771f7f4e36813d59ddedc2d9af3342d5d7756.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2376
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2484
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2952
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:3064
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3064 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2912

Network

  • flag-us
    DNS
    api.bing.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    api.bing.com
    IN A
    Response
    api.bing.com
    IN CNAME
    api-bing-com.e-0001.e-msedge.net
    api-bing-com.e-0001.e-msedge.net
    IN CNAME
    e-0001.e-msedge.net
    e-0001.e-msedge.net
    IN A
    13.107.5.80
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.8kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.8kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    831 B
     7.9kB
     10
    13
  • 8.8.8.8:53
    api.bing.com
    dns
    iexplore.exe
    58 B
     134 B
     1
    1

    DNS Request

    api.bing.com

    DNS Response

    13.107.5.80

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    08b1b16878eb87f6902d4e2535a02e6d

    SHA1

    4e5686d1f97e29e2dd9919f8f984ce3d682fcfff

    SHA256

    22f9fef6ff524aba3a45acc0d25acabe6fdd9f6c1bb6210f9201fe16907d9ea3

    SHA512

    3643ee3984ab777a54996ccaf9731cc4c964eadffc3cadd6f0fe57242d05c96d8e8a7f8e143dadc2a200bdbfe9cd8104853e594edb9060bcedff207100c5cafb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    77eaba50bdc42c19fbe6b7e8c24ad385

    SHA1

    69627464a18cd763944f4465f1751fc26b4995a2

    SHA256

    cd3eb69cff0e33f6e6eddbdf5ae0e0b393cb725313aaff658c7def5eb2942f8c

    SHA512

    f6b47b3e7009cc1efb0cac461d45e810e8c5ec518a0253afb6318c92fa097c0767a34a97a4dbe54345de96c38ec5b1f0fe37b0f2a5193705e650fe1cf7d2ea45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d50e5c71a61cf47ec0085e64b9d85d60

    SHA1

    ea6bd6a3c93c46280ca90508fe768c74f3f9d2da

    SHA256

    903ffd3b1b9c48e5f4c252739927768653df06b966159331aded330803bb9441

    SHA512

    ea3ac04b23edd9077bf237c467e9b6127b3592c11241ff62e7827a917886c8bd44fdec84bde1c643098f8149e3aa896ea90235ffc80f4fd2664dfb66a5aa9eb4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2dd551ddf7a8acb12c811136fa5a0c69

    SHA1

    d7e03887637b7c8a5ff34b6adbf4eee4e2365407

    SHA256

    238ceb4dc23917021e62710bd4c3f2c85b6dcb623b019773809dae2d9b9b2a9a

    SHA512

    0b6529e377b729a12573e6d32a3e2a2d5cb59889cb4d9b9567436efab151c5df761373135a3326371cc8e09e1d3a6376ead7d84c86c80cc965a8e849a9241e5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c836843e297dbd942d507576067d7080

    SHA1

    b6247ed295226ffdf43dd689e4787e96750d156d

    SHA256

    d7f9108e98a820260ab889fb85a01106680030d318cfb9ee08dfa1b8e528e4ee

    SHA512

    4035b360abbea625337c020f09535ab936b041eacd4af1fc51ca76d7cbb030324d6f52cbebb8774c4c69722bca5c279deffdc61dc82e9cd5c278389e5ca81c0b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95e6bd48a8bd273d5fe2937ea3700360

    SHA1

    11672daed855e817326b990df18e7d1680bb01d0

    SHA256

    775ecab00173539be283e67d963ff1065c77ee2da462c0a946354ebb6df97759

    SHA512

    52b64846797458ab9631f6161dc7f005f8e6584e537a84d341385c6ffb2c866630e9a7bdb0a53a692cf508239737c59ca57a9a9cdded32a14c6da928931a3a19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2c4702426b8482c74f13a8ee023f25f

    SHA1

    67eabfaa35f4a5acf2f4c5d1583b13f57aa97e35

    SHA256

    bb0df6df5c8b22ac320f4c405fc563df589c20171126cd4a0f11a975079ed9fa

    SHA512

    39dcaa5e27f5da5783095c18af964aa4441d8a97050fd6b5b9126eaee0c2a042a97288f34f3066ff78286ee5bf620f49f2e475e48709cff12358f12f0ba8ad16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    126b20765ea18be661f642c46402ea55

    SHA1

    1314a6e9364d6b6352d431221ef2a6b57a24aa33

    SHA256

    4c4f02d0bbfffd6b11b08d10db4ed827c79732f1bd0e80b945cb0195139b5d76

    SHA512

    0fc1b7da4a8c7986757932045bc46b7727a35718d7b05350f451decdbe94974be88fb91893ffc029427e11887c662073adbec989313b9a46913ccfb28712fa9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18b8b2438386de5d8f4a6a9e27c2097a

    SHA1

    43908974eec75c3b61acbd149e75f23867ee6463

    SHA256

    0dbf2b86710405a44a2412a0e033c1ae995f5407a5a276e83471aa018a5c33cb

    SHA512

    2c76b4b3ee07bae2909d89a514cff38d4fa53b2ebb762e63382dc02f9a920b7c14482450f08d882156fcace20442d6f86eaedacd2dd21e21ba850e222955bc66

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bfe83777b710021e86ea1e004c7f54ca

    SHA1

    0bfd32da240fb1bc23a23caf30c0c06fd15879fa

    SHA256

    c4335e67b22b85d456e2607d384672215cb8c053d9f7103136f2d0ac2d163a77

    SHA512

    9c12777e429ae644344077a694c4c0d5c7e20b820b871cf61557948ae2bff29d5b6485b22a0fe2dd7205fbd18410715ccfe41355fe658da6fa96856bf82db32a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8732e5c2a8840f2905a83c5d8b294ffd

    SHA1

    cdd4163a88e5cd9b817c14a780067962ddaa0d49

    SHA256

    5e86970950603f8c92b2e868865c5ab5a332d50e741e7e43e4c67b739124c868

    SHA512

    ab698bd544a964a1fc195429aeaffe2c47e27d66f1271bfd7f00ef277fb1b82f851eb9c12122645b7162c2b1a23ef303de93b5216861e3d045e446d42a6ac7e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cf06d69f19b16a76f150646ba41ab9bd

    SHA1

    046e66022f56cd9e7e15217fb53f65197132e21e

    SHA256

    2c87d02090899833f968a804c782054334c3aa256b740b7e1fe551b27b63c232

    SHA512

    93b0330a7953b2c825568ba56bff41406fde53abf4b2c2d767a6de0cdc5627d1f1b8cb808a440f79156a8d63d697529818c8e0bc797a8dfc8de8204a1f141de8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c73269e04238f335c87d1133964178f9

    SHA1

    9cd6e992fd99c178b2c3bc593980f6796cb36129

    SHA256

    e59055d45c63ff526542a2ae1ca55c3cd727d2ce5838f6ce4b1460da7a0812d0

    SHA512

    d1f72d5716eea40da2ee4bb465b8e9d5f08a1b818aa8634c8d5e7f609d221f2d1443c5ab0e32b54913039756d3cc88299f5c2a23c413319da789ed9cc7ac7f1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b29bf669eaa41cedac69c137b4f23c0

    SHA1

    163d6a0bf47f818928e7e96541530bd79e522a5e

    SHA256

    ab65eb3b8df3ffc868165bd11a19ff45d33649814416d615c5108a22cd19f00b

    SHA512

    591062c732c70de1708ca58fc8e570eb7da55d2f2d99aaf947b22cb589df495c49528181b0effb53aa3da733c77868bf1da3a81deb63d5f0cc808dfae9a84d5a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd9a5853e5e0cb943a6e474ed6c0cbb2

    SHA1

    761f3d675ed71a19ac795f0c9edb8e9a0e0629ae

    SHA256

    729fc5c94453bedfe9302645cdff7e3a200478f8d557a4fbab9f827100434c5e

    SHA512

    5a5620443fd9ea12d2a79ba516c4ac455c82d84497d7464b2d0441aa2d0443e44a7d805063284cace2551107129bb98c367a01d8961c96ab4e652b08e38e95e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12f32d3451408d3cbef02007778eeaaf

    SHA1

    eb455250e1afb4daab009328779e6b51e4da452c

    SHA256

    685f0b0da54ba74761469289eda26f81e2999106e6076138777f722ff6764d59

    SHA512

    49f30ce2ce9013899df66a9ae913fa2d2782554ca3ab671a49308d6ddf090109e1d509bbeaa3899d3241b486cb6f65be35db09655df1376543562f0639b8af03

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3303ce18e7d02dec326513d3b6021cb8

    SHA1

    f81db40239fcb19c0d0231c2412c77de0763b609

    SHA256

    4ebebff88b3312d4dfc8093b093a6802468e54700a792281566c813811921e45

    SHA512

    ed65e1c61afda61337215e94319b94d1d3027596459813a5a33eaacd8ba6f4215c9d0e72f2a09afa75a1868943f1c4bd34d202fab01c9d93cb0feb113f9d1ca6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8078b8e6dfaf4244bd3092d7d14a92e8

    SHA1

    4e0ccdfb8a111d19e0fefee0fa95f1f67f603f90

    SHA256

    3da5e5677709d97b90aaa7ad06ab0ee935a4beb3f6c6078bf9a0f98f884e3388

    SHA512

    d861affda802a601be48f3d4d8317b335f11630d480506cefaffcb1ce4e4bbcbd82ce53201ae3e0c1f37303997d3b3cebb09f254ae5ea4659c1ae5a35a9af3fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef5e76c1769197495855610106e1a5c1

    SHA1

    ac9c9edd684a774df2a7822da4ef89b969048194

    SHA256

    8c849a296162976ab9c267538b06200f1b83189b58da272a722f968c40f03c73

    SHA512

    e7404c1a81fd722b02a0494aa062b799712efba111ee3f3f5dc0b15755a462f429c41078114a611c60a26536bcddca9d06e5a9c53253bbc2d6014017bd03818d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3DB.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar60F.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2376-454-0x0000000000120000-0x0000000000126000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2376-25-0x0000000074C90000-0x0000000074CBA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2376-0-0x0000000074CC0000-0x0000000074CEA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2376-24-0x0000000074CC0000-0x0000000074CEA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2376-10-0x0000000000120000-0x000000000014E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2376-2-0x0000000074C90000-0x0000000074CBA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2376-4-0x0000000074C90000-0x0000000074CBA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2376-1-0x0000000074CC0000-0x0000000074CEA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2484-11-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2484-12-0x00000000001C0000-0x00000000001CF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2952-23-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2952-21-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2952-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.