Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

fe003d8b30...8.html

windows7-x64

10

fe003d8b30...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    19/12/2024, 02:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe003d8b30b19f73f29a653c7d3ad42f_JaffaCakes118.html

  • Size

    156KB

  • MD5

    fe003d8b30b19f73f29a653c7d3ad42f

  • SHA1

    f63868da05f156442b5832c0856a003dda7c073a

  • SHA256

    aec0520b4cf45b3e43c6b329804af5b8c30274d82feb1764f31fbca207d63474

  • SHA512

    802453ed2e3dd8385d67eb7bb01cbf98e75e4259c13c40916c12276d79080e81b8065b9cda43f180fcac5f96f57c5e0446c54282334543b82784018ec33bc253

  • SSDEEP

    1536:i3RT3RoIQly/UMm4yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3om:iZ3r44yfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fe003d8b30b19f73f29a653c7d3ad42f_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2572
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:676
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:288
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:580
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:275471 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1120

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c27d8efcf9994483d7fdd325e4018ef5

      SHA1

      2186d1d101482de378f39ce86d2f5f9bdbecb698

      SHA256

      d7e62e53ea8177ef9d7c05d3187a4dd2b0dee5250cd530bed88e9a628e64260e

      SHA512

      17aa5cc2fd83d37130e287c196f745e19dff85c2587e0807c749b50069b4655144a7d1b969017a71c00f9161db5954530a17115ee132f30d845c58dc2d57b552

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      13d4239bb6633f0029232bea6b6c3d05

      SHA1

      76a5635a1f0de2b587c8c9f5b2225dfc9f14eb8c

      SHA256

      70b70c7fcf0585aea08ab986ddcb5e25e2630cafa898794e1dfb99c235d6cd21

      SHA512

      f456caca3c3dde3a8ce847610303723d8c54be5156e500ec0d9f396c7bb949577220ebe3e11d5e076caa8e768da309af1ffa5f9cccc6f8deea0bcc7a71749a4c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bfc3e5be76ac41989c76637fa1e8dae5

      SHA1

      742919a3d6ba61dbc25a43f3cb9c6fa650f2c3b1

      SHA256

      fa5e24b369baa3cfb373c8d9aa17ca44b96f48ed37fc9d6e2f2f0fb6ed85620b

      SHA512

      aa2e1615b43c7d8b2f84558d1c875e1054d4c441473e8e29b2fc4264da20c7cf07a374e0d214ba6585c03d677ed0a1335b01457fbcde605fa584638f7cf21777

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      72622f2ef25ef3a069e122895ad301b3

      SHA1

      d73e30c908cb6bf518d8c8fb01f53c09932eafcd

      SHA256

      1f33d86875d0181fc57703a41ea18ec8ec1273d636f3bbcbc863bccd1ee91539

      SHA512

      1c2ab11466cef031f73de35465bf5005a2f118b5a0422cc1973787938e35a79980bc84e141f2b864b342bbac81604db303dee6f8f31d11e81856c25bf67c3947

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b6acd590324795778d0ddedba11c1c94

      SHA1

      dfddc1433cf61eb150dc5fd6709c87da52b899b1

      SHA256

      50e7bac978afed4f5a988bbf0e633d8bcf2bdf7cb257137ccc7f5d3d2184d58e

      SHA512

      16737dab75e09d6537abfd3bfa7a9b64306931c2a73495281a95c32b13889f0f9eca2be91feebbefb67931f77d8198ea5b64b2974c2f89f75bcddb5a5b2ea840

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cb01bafaedd75b7e1688da1467915bae

      SHA1

      3d3f04826fa1ba1ef654e14fd164c4eda853d585

      SHA256

      bf92efab13716519b58c594e2fa98eaf1dd9413e7e25f02266bcf8253d935459

      SHA512

      eb60b38b7795dcb959c81bccf226d50a0a072bab41bfc2976bc273af75692ecf74f3d86df8b0952cacb6c87530d458c6c43bf7bbe1025a4182c0adc897375900

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      142b2d4aebe6184d129434549b47e722

      SHA1

      14844a1b6664b8e23402c27e76340a9aa4d8c262

      SHA256

      8818562aedca721aa2ca9b6c2963c944742963d8655712e4895b7289df0d1a0d

      SHA512

      e6e15f2565c130fd11165510ea8bd693703a6500e3bc7968a141c39a53393b5f81164819300516719607ea332e1dd20d51c687e2fb97b2e071d45fe6faa4bcee

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2923cbb7671597efb524104dd42173db

      SHA1

      cb8cb8f69a5c20991f7b981869afddf07b43ab5a

      SHA256

      fc1e75be034ab5e9f9750da29e950ff250ddfe2c638cef23a3ed3cdb79446864

      SHA512

      e7f4ecd301f131639faeb7b8d7cef1c0e88c286f12e07b4d8fdac55725925216196437568d90642cad6c5c50ba85e072f9652805abba457e2f8772a9176f9315

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabC1CB.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarC29B.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/288-444-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/288-448-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/288-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/288-446-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/676-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/676-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/676-436-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download