Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

f550982f3a...8.html

windows7-x64

10

f550982f3a...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    15/12/2024, 18:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f550982f3a27aed90f3faaa25835f9f5_JaffaCakes118.html

  • Size

    142KB

  • MD5

    f550982f3a27aed90f3faaa25835f9f5

  • SHA1

    ae452e6f01979b95ac700a46afe0b85349e0f5bc

  • SHA256

    a5bb310539a59c245f197f8a720ce2630fa9a778f50175b35b0059f71c4e3dcb

  • SHA512

    2fe0cc72b0f9d348104e8ca6e815d50d7d05a022eeaf07c1557156e3d8c381ea761ee1f2cf9d92b2d05ff5ecba47e9cc12f21f745dc5303cd867905a564cc915

  • SSDEEP

    1536:N2UkcqUZ4z6N85rP9yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3p:tkz9yfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f550982f3a27aed90f3faaa25835f9f5_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2272
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2272 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2324
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2904
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3056
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:3012
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2272 CREDAT:603142 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2664

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C1B8D87CA29E93F2FEEB2834BE22FBB2
      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      59ebd112e9b0eb12b1d8ca94901c47af

      SHA1

      6b57f40ae3c9fbddb5c7a8e5850d9125c58dcd39

      SHA256

      2a345d09db48006b6c74e1f30f739e42f0c21403953f028e75d72db17f96cb60

      SHA512

      fe5fed6dd0d95dc52a0cfd7dce6d9c6b2dc1e350bdb5f02851241340292e0b8964fcb3ed808f399da5d737dfb18578ce10894672401f3b119989e03934006fd4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      533fcdb05d4d27eb8bec83a063eab965

      SHA1

      f14d1e41b0720f0825f2bf4b8f17b379284a14a8

      SHA256

      c8f272d51fe156ab2bd5401498ad66ad668e75f9f0323124c726648825d81d68

      SHA512

      c258217dba886d9b2581970ffb7a7ce08ca01213ce2243b323b23c4dbce115e3d3e937ac733860d2b2812c378a09e252ab8a76d7ea3fcff4ef0e539c8290e01e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      68a169d2f1d6fd51a97296cac3df4c6c

      SHA1

      cdce5afc08804134b430e03fa27e1f21af146270

      SHA256

      c1948c3c02a3e059b1d68bbbafdfa20917845bf71c0afcc0a3d6c13df85b5468

      SHA512

      bfd90db2a00dbaeeb11d0769346ea2dfa950f920999485fd0b071e26e6fdc608589d6ee54f1a04f6ea328d8a76e9594e6cb7c7bbc43f896e8e2f73349d03bb20

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2512c95b529fad823f697481b192d7b7

      SHA1

      e9969845939cafeab779b6093d8e70c3b2e410f0

      SHA256

      b3169e60e9eea18360779828d11442c8600f3771b824af4a66376557cb0e0384

      SHA512

      d2e5435a5079b54bde830d611aea7faafd6121c467aa226fd9dae5f577af8159b442efa6188d7dde249bf6f523f751deac00f9958600cc218658df19a6a7a7a1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e2b4737f309554543feb267c40b6bfd2

      SHA1

      7a3e7add91d8220c4ad985dfd57c1dd2fae281f2

      SHA256

      8a453eb7d8655d557b385cdf4d33f7d3a582436696f2ca5a50066377a537ac79

      SHA512

      cb8b0d56bc7182a6396691d7c9aaa94804275456a7a57c2927a105b964577a5dce0abde300da62abc820599d867e6662aa1465f27a4e4fd607051ff9ba5ada1c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ac4b370c3de978a7bab2d8ae5c4c8e0b

      SHA1

      bec503a85b105d18640ffc63abf7c0e3955cfaca

      SHA256

      3d62ec3713fcada709cc58e2260068da4811a0b141dc1a64a444c2c794c587bb

      SHA512

      b8978d6c473edbb71ccb31006d2a22fc2093fac9891e58dca10a33f68b23836c25d8672b6a0f89d69dd0d2385c4aaca478cdcea5ae9673b8eb4da72e6d4f3a9a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      223ce10886a36020b6ad0e220735e90d

      SHA1

      87d7e94cdeaa5d11526ed714c2756e1561ace406

      SHA256

      887b602d1f62c8cfc975580518b72dc77424a35aa45687f8898a2ddee3d1120e

      SHA512

      5a2f818d807171d85ede64425dbce10853a7ce380726e8441d50731442cd9b8f2019f73e2cd05dc3d7f59b06fbc775a2e2e37b5e8d9fada5671a2a5b847ef9fb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1be0da7d996a24ca5ed445f3b360bd86

      SHA1

      1bb2521e9de1c5473ec088f0896f41b9dac8604a

      SHA256

      d95a3457f3bdd64833a5a12f7d718184556486d173fbe9c684ce7e6a2bc2eaa7

      SHA512

      ca0fbf108414cbb515eb46dcd51930f5ae40039e4c51ef7100733bdf8eb4ad7b8fd039a9efcc6e951e0b516e9a7023f5fd4f3292968d221c11dd4c1e99ae3523

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      70de5f708f60e205be0971b891d361d8

      SHA1

      5ffbf225dbc07c0c8ddeade94ab17538700ca282

      SHA256

      69fa4103583e4b7c7c64b96b1fe6aab3e74fcb5a45538fa6ed7e9888a4da1966

      SHA512

      300e16f31aa5d5ba229200aaff3c53283c44f8b8a0b8872b561a7b0d3f80151d0b1aa88e3bc2c6f5643172626bb3e0c658a7684a8f864c23be49688dcd4e4f58

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1a8f4ac25b79e215b37909695455efa4

      SHA1

      c652881f8a59ff52c86c9b9efc92798d06a57331

      SHA256

      73286b053152a35f6d4573564e8d3df96cbb0903483f1cfb2fd2ff15a90c8ebc

      SHA512

      eb2563a4be6bc68ce3c2ff211ee33f00c2d7d4ae4819dfe1fece8b8d9b60687019f9be674cf57f68289115a5bdc81845c510621f4d6a471944a224e66ba9f74c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C1B8D87CA29E93F2FEEB2834BE22FBB2
      Filesize

      250B

      MD5

      7142e660006c033ca4f36320bec2029f

      SHA1

      f5566f656a6e783167533fae3c5dcb0a5f36190c

      SHA256

      2286cca989c4fff16cf1993e38c93012f5081f186c5b51ed0ab40ce5437242f5

      SHA512

      7871878b6b8efbde13b48633ad79cbbebf3cd47477c5680604e6aab70f9a559e409bb2d9494d20c3b70c3d6de7a9e9dc7ed77bc99bd3a435a471347c5e1ddd0c

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6G4X5UFP\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6G4X5UFP\generictext20120522[1].css
      Filesize

      25KB

      MD5

      370f60e5098ffb135dfa75b05e251a17

      SHA1

      7904108777c390b46ecdd49ca0674da36045fd6a

      SHA256

      d0d53c37c1f145818b960d347fb35e14a2f56215d6788e28ff9cddeca6c89897

      SHA512

      c295e2da0e948e6b299e772ef9002e706c203d4f8713673ff5232e7fc5404c86cb1360dbdbdfeebc25061e52d84b52a16276e5a50f7992352e46d4101dbbe713

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BQ20K5D\dnserrordiagoff[2]
      Filesize

      1KB

      MD5

      47f581b112d58eda23ea8b2e08cf0ff0

      SHA1

      6ec1df5eaec1439573aef0fb96dabfc953305e5b

      SHA256

      b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928

      SHA512

      187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GP4P3HF\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab3AA2.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar3AD4.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2904-19-0x0000000000240000-0x000000000026E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2904-15-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2904-13-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2904-12-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/3056-28-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/3056-30-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/3056-27-0x00000000002C0000-0x00000000002C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3056-23-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/3056-25-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/3056-26-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download