Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

fab0884d21...18.dll

windows7-x64

10

fab0884d21...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18/12/2024, 07:48 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fab0884d2195505ff7f09bd8d3722950_JaffaCakes118.dll

  • Size

    711KB

  • MD5

    fab0884d2195505ff7f09bd8d3722950

  • SHA1

    f8d887f4c6a26d149b5a24f4b99cffa0da21b9e9

  • SHA256

    d9298f07aac5622c157269d51694152eb01f4557d11629dcb0e694f38be6e4db

  • SHA512

    49d702346b2ecd166096e7ad786e429c8030518b865d1e1889c24e2af463321e0f0caee021a949dc135872617644909c47e3fb66adf6b16b50612c2c8127c97a

  • SSDEEP

    12288:hNIyZN4+Wv4PLq6Okrh9ZN/hs9DsdBPDn/WOGR:h9TPmirh9Zdh6m/WOI

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\fab0884d2195505ff7f09bd8d3722950_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\fab0884d2195505ff7f09bd8d3722950_JaffaCakes118.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2972
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2188
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2488
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2724
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2916
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1700
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 224
        3⤵
        • Program crash
        PID:2492

Network

  • flag-us
    DNS
    api.bing.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    api.bing.com
    IN A
    Response
    api.bing.com
    IN CNAME
    api-bing-com.e-0001.e-msedge.net
    api-bing-com.e-0001.e-msedge.net
    IN CNAME
    e-0001.e-msedge.net
    e-0001.e-msedge.net
    IN A
    13.107.5.80
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
     7.9kB
     10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
     7.9kB
     10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    779 B
     7.7kB
     9
    11
  • 8.8.8.8:53
    api.bing.com
    dns
    iexplore.exe
    58 B
     134 B
     1
    1

    DNS Request

    api.bing.com

    DNS Response

    13.107.5.80

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    688ed4caa12d4f81a68bbf5362be702b

    SHA1

    b85593ff8d59137cad269f397cd7ded4479b06ef

    SHA256

    7bcc945526c7355ebb7f48270c814fd208a0d19294d379123f46ea79c59998cd

    SHA512

    40006e31baad985e6a833de54b3a1f7e4a3f5b3b10c6c57aabf26f9e2492b611460af63e276a2d610ce93c3546d695e760223d4ada55d37302d6d89570e43667

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0458a75af3f6095996d57139e953afa6

    SHA1

    4678059ea0c2a1667414a158bacfd8c19d44aeb0

    SHA256

    7956e840082d90b59617b42ebe48398b2e3cf32b201333588353ba8a69b82fa2

    SHA512

    20af9f481a864ca938edb49bc985421259709d24602ec3311c4f681801d9a2f04e7333b917466e6861f19acceabb5f14e95e70b2111937b06c6640ea4a0a6077

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b38ac7681a73288197325c6bc80d720

    SHA1

    dcf42ddd72d0d53fc7f5de6e484a2aac9b0aa527

    SHA256

    a168f4e1f724baba36fdc7d88c3753af6ccefaeebe236d0b7e6f9369ed288178

    SHA512

    a36bf7899968630af02518114037c3187c009f1a8ff7964bfc192bddad9dd79dcbce342c110cc316860820ae3023fcd358b84029284867b03a4581776cf179d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d2696ed0284063979402a1f62cb0b825

    SHA1

    0d61d5a7c78aad5ca88d62ead7b99b6ce78103f9

    SHA256

    e1bac3987f249535d2bb545f7a833d8708525680273507d797f66c1a994acf9c

    SHA512

    b79ff2e2d332c5ab66631d58f780281bba26747ae308f8d7630b327243691f05652df463f1644d2f27aa978708b1a56b577953ab14442dbd24ef08d67dde32ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb5bff4ece74b4d84621212d9417b004

    SHA1

    be3275f7a05f7d6cb9eb70189e673824ce842451

    SHA256

    e3ffb28298c6ed8e322204ec1af21be38c8035a4b419f7409b1207d092b7a7f8

    SHA512

    9306c9c1ef059e0df2ed24c4bef6c9c544a2c8b99b055198606b83fcc36306029f9ec248f801d4ea1b0d53c42cf346b479ff5d8fc4b8e6940caf38273575de13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c3a74ccdd919cd70ccbc477a8e5a558d

    SHA1

    93818819b8ab94e0edcb077d9103700896e14496

    SHA256

    29f2baa2e78aef5a96205d5c129b817927bfa49034a385ec42bcac4070869ac3

    SHA512

    0d8fb8fe7b793c58c7227a7c919fea6c12f61df23997e6ee2a6baa1a500a96b8d01698f9d186ab294ed75e3abed66aa26b69b6c63851ac0296cb3392311e2e25

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    715ac4b61c769c6141fa9a5bf8028527

    SHA1

    08a02f37f120263515b44d9aab95f58aa8966ce1

    SHA256

    2a4548f2b74d48618a440966e629266608d5ea731818d071fb3b0e93209fd665

    SHA512

    fdaf78824631b7f9d119ceb075cc3c680704f3325a8996df5576afc445cd1663e4950100165fc20d265ec460f191c134bce1ced457a1a444168e5885ec848c40

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    273d5109cf9a9205ef5263467673ee95

    SHA1

    b3b37a0b0d4a9ff1a757fd0eaa086e57cb56a7e9

    SHA256

    a77a51a94732b80762a6fa7c7e06507ae3914b6d586f80db78a4f3f4360bca6b

    SHA512

    63843e32acec5249a3f636331e84137b07bd8c353e94a8710abcdfd161c2879be8a31fed8d3fc4e0fa278722be9a7e71593d90ff0ffbbe3ae19ba722aa82356a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6cdb4a27cf30270aff476592ad5258dd

    SHA1

    af66c02911f1ce307abce4a61682b9b5ef3a72f5

    SHA256

    55f51b2c0c8989b3e1cb6f52110a74fe7df6abafed8cf7d8ac19522a35c43e5a

    SHA512

    9f03e56e2956bdf014cbf699ddf2879b61fb775dcd512160aa8616150c20af80db2b713ad1d6fbccebe38154cbf2be494050e9787a919381f3b5af2fd8abfa52

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a0e593b0320c81af6be351cba8a8ac84

    SHA1

    0f43ffa149f36b0eb42c9f923af5f88b8971eb94

    SHA256

    ada7f2dca7ec6c861fec8dfc24a7d89d1ef124113ff011b425eed7a22bb61a77

    SHA512

    a5e0b0939286933d5660221bf0627f91f278be15483985f8724e60c71e04cd2d86e432c3a4888e373320329a19a3cfb71deb9d8df77ae8fcb0e26f6ae70b5427

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c6068fc22b3e84ce3b18b30523664cc

    SHA1

    aabf59fbe12aee756b20ad7044ba1fbfcc7a346b

    SHA256

    3345d04bd8d4d6eb5b2ee00f23d4057db2adcb7ae256ada435ee0236a5d46c7b

    SHA512

    3c4c8693ca10f8293cce5ca41bc5408ee6b110a5441337363c15cde723262b3b01e651d5e34ddfb2c4e36be78311c5e6f1fe79c4d3cc63acf0c7a3452d900d1f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    543af49e241ea0698ac7a9910ef5bc79

    SHA1

    1dc4d65cdab1437b4e0bc2eefc95fd9681f0662a

    SHA256

    a086a9034ab8624a78fdf63b3fee3dcc9d55ffd10054063f6e5f1bfafecb5911

    SHA512

    45833ac1fe55df795b9323113503007ba4cbf4a746d0111be3f5a7a3233d9316f3bf4c02bd0d0375313416c9bc994aafa6b71df87fe8050202414a7c023320b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6e799745f7b8bda10195cce4f19a7fa

    SHA1

    26822d3e2a4569cb9f593eebed3f8b19dff0c360

    SHA256

    22630d2548f16dc4087c95d28aaa52a7b21efb62a64f822835bb1368c205af1e

    SHA512

    bb47ec160fe79e230696a4353c10719378c7a37d0c7d2b2ff124fc42b3ec8897e97f945dfe39f8538b1af94f9fc4532a88dd896cb77793531c32e99d275bc410

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4aa085ebd749d00267d5002850645c2b

    SHA1

    4c773c0016d25a1e40a613042db285f058ca5dab

    SHA256

    abf69eed0d3224caa7dd4a617e82a137170cca6e525a43beaffb972dc345d309

    SHA512

    34527792e0835741e13629a611b71f148989a388e20a8d5618732085a6bd82dfa9a58072c91e45bff608a022d78a52bd68cc3e033e48141802b40475a646a5c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b9e511773760eef07629103312659607

    SHA1

    eeb7d50d30ce381b00db039a37a29e8f151c2022

    SHA256

    3588eed16b9bf8e91a98a112e4dd66b8529d9857050767dedac0c681444a372d

    SHA512

    b0bd4785638c2233d6e142046c3f50946a4516df914710f7cbbb50718ea5da26806de39215d9525e984baa21cd98aa8650ebc8c201e0f9311d33cf2968534963

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b979c61c5bbc0c793ba04e344c5bd101

    SHA1

    80d6cacadad0da4b3feee71fbde8663d2103ccbb

    SHA256

    f7cc26c3bbbeb87908eaeb9e386a8521519c4d1d0457c7067a8dcb23c678c43f

    SHA512

    12fff9eaaf214b456b1a458967c98115d7cc581e030ee5391f58b142f59d8d5d98f85aad90f388175973e6d0d5e5d2d9b35f6b70df3d0cb36867db051b8f7f59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c2034a82fa005cc3ebafa8494d79fff

    SHA1

    1a1526950acabc012e54f6c07d8ba966acc96f52

    SHA256

    1f81f13cd3e5038a0e616cf54d1074229ceeb370be185e1dbb02158a0bdb43b8

    SHA512

    f4a45863eaa95d29c089b467aa498bf7a62637ed317cb777dbedf65125f26f65d50f77abd0b913f1b293b561ef7d4e6d99c6c6e8db544c0ffc7d0ab897de2091

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c84d12bc79d024791cbf006776dcfaf7

    SHA1

    55c97e416075d535d43d3af382a0e7efbf2ae694

    SHA256

    944922021d17bc1fd22f27a59ff85851c53a0b21714aff134e92ddb07e14084e

    SHA512

    0e3eee7aa5804d032d2e021b10dfa844be33e5bd6fb2f8e91eacdc47a6d418dd12ff80a04ac795f63d4847132f6cbf6c4eac96b96657f22affd36ed9e4511985

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2d7754775ca7619a265b7047b127007e

    SHA1

    4f110680b039d32792c428f82685b8936b993dd0

    SHA256

    fa20e847b7ffdacc5e83b29ef53c4eeb9ac66d4885069cb7d9a8d851bceef1ea

    SHA512

    50c0cedebacd9e855cfcff1c5c253975f61fffeb84e758f4c28507f86218f30e87a93fe69569cb5e55a2716b2caea14b0937f269deba469fe32ffefb6d038371

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7E13E7A1-BD14-11EF-B1BD-EAF82BEC9AF0}.dat
    Filesize

    5KB

    MD5

    98dd1194b3d018ed86ecc28a0bbafff8

    SHA1

    51e5898130741e7f8d5ed3d3232691cf17af6b3d

    SHA256

    fbb297a987e001db4cd54a8821928e68f83ba05612480ad2e31eb1673b4bfdd4

    SHA512

    9ac6e4fd55ec1c00c20e0f928996df34a487993cc5cf25140eccad6edacb4eb8068d2a9d0be57632a3eb546097dccb604fa599a63de9fb4a01a0472bd3f90ebf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC969.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCA28.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    125KB

    MD5

    8765eff9ced671b9fba53a55aacba014

    SHA1

    e15c775cc7004a736d6fc7aca09c5d80cf7ff3de

    SHA256

    18157bf099f2f7861621864b7d63cc92077f5c20e9637ccf50f1821c37fa482d

    SHA512

    9f46bf25cabdfbfca6805d2c22369f949a6048c833d037d413dece708cd12bab32e17a21d875437c488ab9e9b5487a1f3865d4bb1ad8cc2dad94d211c18590f4

    Download Submit

  • memory/2188-11-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2188-19-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2188-12-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2188-13-0x0000000000320000-0x0000000000321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2188-16-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2188-17-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2188-14-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2188-15-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2972-448-0x0000000010000000-0x00000000100B8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/2972-9-0x0000000000180000-0x00000000001EC000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2972-10-0x0000000000180000-0x00000000001EC000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2972-1-0x0000000010000000-0x00000000100B8000-memory.dmp

    Filesize

    736KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.