Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

035ed5fcdd...1d.dll

windows7-x64

10

035ed5fcdd...1d.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15/12/2024, 21:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    035ed5fcdd134622ded390da86e37ffac971905351523824cfb9944a3a71d81d.dll

  • Size

    1.4MB

  • MD5

    3b97ff9df423e25e55e619ab25aec98d

  • SHA1

    3abf7065c456f1f0f731492b085709e17b8bad37

  • SHA256

    035ed5fcdd134622ded390da86e37ffac971905351523824cfb9944a3a71d81d

  • SHA512

    409635d198d5732094dd1e7b99d0386f8fe9d9fe710cfc6b5565de3a42c24b6ca7196f63192a34ef59969f5c52cd010944cd713e0af0f6f1fc52c0c3315893f5

  • SSDEEP

    24576:SKit4aTOnCoUHbYbDzjJcvvNmIMlSE/p/SZjAygfc87LnwgT69gvmzmTWb:Bit7Onr8YVyNmdUEJSpkfvQgTsgvmB

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Modifies registry class 62 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\035ed5fcdd134622ded390da86e37ffac971905351523824cfb9944a3a71d81d.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2100
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\035ed5fcdd134622ded390da86e37ffac971905351523824cfb9944a3a71d81d.dll
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2384
      • C:\Windows\SysWOW64\regsvr32mgr.exe
        C:\Windows\SysWOW64\regsvr32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2408
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2420
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2804
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1656
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1656 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:3012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4735e6cff0bd309124e9c89bce86872c

    SHA1

    fc2731cb992bc049a942015b90e3a399e11fa88c

    SHA256

    0a95a83e1972ca8ed7c74cc8c984af7c258491bb1ef8edf6f2cee4f0a30bdf65

    SHA512

    2ffb9c0e52c4b762319851318d00f6c22c80a139d121257cfb82f43812d91e2682ccf7ee4742851e13e5065977c5b1faaf1d86b6e6f524ca9d413520a26f6d9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c7d1bdb8c018500a2c40ff61b1d463e

    SHA1

    f7d9e50bfad61d72dbf8b9de53b6429b4934deac

    SHA256

    a7f6497a508ba5ba6a5ffcd67c91c7eae0f73326671f22f9195cd8dde406f9c2

    SHA512

    6c86248f62221a6cb6fb1f3a9cce8663725e923881c18d622edec84933bed9dda1d8d1c77ec34c2f6843b974931d53734fe0a6aa6b0296219d181e3d6a24a2a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd26ab4d31b87d4db9549f16e3136162

    SHA1

    5bbd864f9efc7b16f0f65cb80add345aa730d7fb

    SHA256

    e759fc427c2ce546a1f673e611f940d40efaba5fe39527037bae3b6ecc37c052

    SHA512

    c0dc9a1b92789b8d446de319c9db9869232788fc2f4c31286e9b78c237d81bbf441cd44ff8d0f1b9bbda996f91cfac481d3e7281b22967b12ac8fc90a27fd863

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aef029c7975eb08e9b51d3ae79316210

    SHA1

    aa0eba52b39e58bf162090f2a9bdc838df80f042

    SHA256

    3f9381231bdc3bc3714c56ba79ce06bd96396d4b81ba0df37f310bfcf59bddd4

    SHA512

    290620a5b546df887bcb40fb49b0b1f11705497b3c4e7af867a80e0fa5cba5f2cfbc0c3f46272d543336e153bd30882072edb441d5f88a6dcfae563e06d7edfc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    388c6522d41dcd1bf6299a4c3529323d

    SHA1

    518c753b39ef9ee352e4c4064f5e73962da082c6

    SHA256

    4455159ca0f58fa768be6307fe05250dd98533cd27325db93043be37d17858aa

    SHA512

    6985157dad03eec0a3c495aaabe7a790ce9828813431ec6b523276b925ffdc1e1496ccc79a9ac7f512d887d035435793ad626fc41f88269d41d8256a2f94b806

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    22a6d3937e50a2bd51fbf2a244b24a2c

    SHA1

    c3668ec4d3497243946ead9ec663abf1dd0ba33d

    SHA256

    bf0b1be451a500f1df7877da5d05c30cabbffdd2d50311f349debc8a20903e70

    SHA512

    a7f4319fc29d99c7d9f13baab94c8b834e7d3805e733500f57764d3a3189ac12d70bb0ed64ce10b21c08a48d87be586f129457018207cfaa7f163107769c4ec7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3225a9fc6aa7a780f47e982d05044662

    SHA1

    879961814fd804c84131206afad14205459dad09

    SHA256

    b74e5c7a699823b854023f52b6d33836d44a9f1c06310d0a7b79354788b459f0

    SHA512

    493b802e04dc2fc46125ab6986c7d324e75b1fe71bc4c316ca0a8d1a86f28232a3d91b5b565b181768c6acd60b6e701523b4200c4a2094fd0a01fa112f9b3dbe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e3825c0a3597dbde4cbcca42eaf7e3e

    SHA1

    d8f4ce0ec51b01fe5fdd1b09c13c6ed0acc9a483

    SHA256

    419cfb92ef407eba7afc22e7e399244beeb7c97b185be526b9390535846fc8bf

    SHA512

    d9b1a3d7b61e0d7c87957f0255caa9d456b22d71bc7f59fa8d0261626138d83ef4080cddb7129d140497da8c1427ea9b62267d2e942de212050002ee6dc84e73

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fa8fd57829fc4210c5101e844ffadc44

    SHA1

    2f135a5f3de36f630c0afd9935273c04d2cc7f2c

    SHA256

    6f259526dc8e0fb3d386838a9922f2a47201b634368295329262f0c9f64dd5c8

    SHA512

    6acfb46eec5abfa20d9f511932aa83e78ed076fc4d67fa46dd6f8381753bf87c2f566ca7d426327124107c0074d70997eb93873ce60a2a4cbaab2730ba49e713

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    567a0576d7e02c9e20da51ea7a57645c

    SHA1

    9bbd2ca25f762005cbe8a3fbd431fa40d0f21b55

    SHA256

    e8205b2509605659f61560737d9180c905b71cf2d070e31f815ea97a75e0fe9c

    SHA512

    c1b77348f231ddeae0df256e07a6598963a8a47c3933af94c32c403eae5aa415f1b60febf80068db71c57d1732c414b456208e08a4e7075de8399c80d8abdfdc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c19fe8a9fcb7a3167040b06dcd2d7a97

    SHA1

    73771ac3be4fc3a625590c1c7a66aa691e2b55ff

    SHA256

    c47c4bc95bcb76a5677d0d392ccf0912dd2f04353c4be8004dae4e0a6fc7dcd0

    SHA512

    2be2914622d3efa41b9fb94e2aeba178b94710fb771514f732b7ed375a65e5d9784240a907cfe43abf1f3d8eaaad2f4c7a603265d7450d8c7afc920e4be10181

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4395b014ebe10511ce31054e2b2b94ba

    SHA1

    786fd5a252e136e514ad1e95274afc708dd5939e

    SHA256

    640b0921cf4126765846ca064a2334e7863b742132b2c215dc0621032ffb43bc

    SHA512

    dbaa8a370c4da1fa38d456fb97409765e038b01b53f231fb8526e81f597e754f53c4d2bb2845c10e7adbd70d759728b7678b2b05f988af26584c9e3a3f33945e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0bd9c5d2bcfdcd3c00a30e3f86a2d6cb

    SHA1

    ea2d993ac43fa7fc3b8aea834a9386d32607fc61

    SHA256

    a194ea4721a5f9da92b228dc261502f96021e09248b04993604763806ac4e80d

    SHA512

    3d2e0f05bf8ad4eb708c5d5dbc5f6f8ac6d2816768fb433e14d59d4d1c3b2f9ba617d4858f75b8aa44d7e81312d7886cb95731fda6e9b57a16ca2ec672d6e0ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6b588385ff8b07feb33f3e87059b822

    SHA1

    9c86831182e7047ecdf545d4ae6ec3c88202c3f2

    SHA256

    e8dfe58dd4e349df7f7a4caa48ef4a8fd9d791e36d07797d2d11e9905e3a352b

    SHA512

    e52908e9e7f1ad5d2de81d5154f353096db1175d189e97068171a949edaab4c2ace07c63beac6da99db79148621bcdfdc03dbd84ab35fe84dac82d63f2d7f1ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43c0c9e9fca6087c55999ea7396b2716

    SHA1

    b3e62cdde0ba17687f4ac3444345187e8214e8db

    SHA256

    0a8b914bf03845b0260e9f4f0e5758693365c331df4c72252e19827ec968ce3a

    SHA512

    4506990b9600bd7c36aa9d16a20a9a57d0cb04d160c94e780c0ff4e5ac4e514ed27db0289c164e7a5a349cb6c4ede249cc7cd8dcb3a2c11a14602817a1ad85ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2f918df239757a6bec9f832caa4b2fb

    SHA1

    72696fd01280ed4d75a1257bf08025f30a9b82ee

    SHA256

    49072af2fb9967a3a62122104fdc65b433b9446340b4bfa7b342ad783610be32

    SHA512

    595b6d8276ceda1881508ccc732d68f2a162f2a79ca714499e19dda70f96403611e5ee08c299ca719b618f6b37fcbdebf443c6537b2cf7d2830accf2e383a3a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1758914bf45cb83a91bea80e0b7c3674

    SHA1

    9bae9d14efbec49dbb2d40f96f73fbacb10a2441

    SHA256

    c45b102993066bb1094eb5448f374f5716379eb30d740c3d246ca051e3ab5679

    SHA512

    abcece357a71304f3203eb874f8105357bc116f555a50bc735faab0f49c0f5fb32b4ac3dab0aa04f4599956b80f341daf1dba8f21456818a7776532d4502e93a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b37c2eadec47287d5ea53ebb703aa37

    SHA1

    28059103cefcc5974dfbe40ffa38d5cc9f3a3a20

    SHA256

    353f86cce0bf6e758749de0ae1a1b0e777e2b7ffb90b70f4a1858e917a466c14

    SHA512

    118e003dac92a9cce09c63da30276ddc0f3cbbe95f7b0103f761b7205fcf5e53eee6ec427bc140081149e581acf6a33fcc82e154855dc28149d3986eb8c9d76c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6dded085d74f5b43f21dfc87ef006083

    SHA1

    0389a17eadfc664ed8626819d3533088f0473cc0

    SHA256

    42c9fb61aa00cd05e736b1da01a26f87d8b3e7933937e16e93111c8c4224a49d

    SHA512

    31e45cae9baef0e33d8257695be499c2793e689a9c2527a0fd27987cec6a637300b7ac35906e29fa61c5978d434f9b2927237f5f7f4427733b8f0765841a2ff7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{21FEC851-BB2E-11EF-8CD3-5EE01BAFE073}.dat
    Filesize

    5KB

    MD5

    7af07f32852dbe1003c2bfbc36fb6431

    SHA1

    73bdbe2e680635bf0e1c90f927e6858a47b08fa9

    SHA256

    f73c8bb8e92bee1deb5901a0ea8a9c755ce3f77846b47d3bcd6b6c69ec63872a

    SHA512

    d00bee6b2e738e852f582dfdbbd9f2ac087a29f5e3ccb49bfc88ec3b6768736c9b89afbbeed1d9b53b5635b2de9d018b8f7a48abab77932448c55b12ff412990

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA8C0.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA95F.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\regsvr32mgr.exe
    Filesize

    105KB

    MD5

    dfb5daabb95dcfad1a5faf9ab1437076

    SHA1

    4a199569a9b52911bee7fb19ab80570cc5ff9ed1

    SHA256

    54282ec29d4993ed6e9972122cfbb70bba4898a21d527bd9e72a166d7ec2fdc0

    SHA512

    5d31c34403ab5f8db4a6d84f2b5579d4ea18673914b626d78e458a648ac20ddd8e342818e807331036d7bb064f596a02b9737acac42fbead29260343a30717e8

    Download Submit

  • memory/2384-7-0x0000000073F30000-0x00000000742EA000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2384-11-0x0000000000150000-0x00000000001AB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2384-9-0x0000000000150000-0x00000000001AB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2408-19-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2408-15-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2408-16-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2408-17-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2408-10-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2408-14-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2408-13-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2408-12-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download