Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

c39e4ecea6...88.exe

windows7-x64

10

c39e4ecea6...88.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    66s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/12/2024, 06:04 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c39e4ecea681f448917d8406b95306857cf0a64cbdca9179fe4ae376b8a59f88.exe

  • Size

    221KB

  • MD5

    374e234421641c28254644ab16f0966a

  • SHA1

    e595d0eec4c864387da6e1007f8e3c5b82bce0a1

  • SHA256

    c39e4ecea681f448917d8406b95306857cf0a64cbdca9179fe4ae376b8a59f88

  • SHA512

    e8d5ebf793f9fb83fa90478af1dfd4e32996d0797abb9075d0503b0c0ec21ab8d25a84118df2d24826940a4fa4655d9a206fb972274244251f4fcb396a8fdb9f

  • SSDEEP

    1536:vOC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfB+:vwV4OgSzBmh04eZFkz3Rr0gwGj9Tf8V

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 50 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c39e4ecea681f448917d8406b95306857cf0a64cbdca9179fe4ae376b8a59f88.exe
    "C:\Users\Admin\AppData\Local\Temp\c39e4ecea681f448917d8406b95306857cf0a64cbdca9179fe4ae376b8a59f88.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2492
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2360
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:340993 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2652
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1988
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1988 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2848

Network

  • flag-us
    DNS
    api.bing.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    api.bing.com
    IN A
    Response
    api.bing.com
    IN CNAME
    api-bing-com.e-0001.e-msedge.net
    api-bing-com.e-0001.e-msedge.net
    IN CNAME
    e-0001.e-msedge.net
    e-0001.e-msedge.net
    IN A
    13.107.5.80
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.8kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.8kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    779 B
     7.8kB
     9
    12
  • 8.8.8.8:53
    api.bing.com
    dns
    iexplore.exe
    58 B
     134 B
     1
    1

    DNS Request

    api.bing.com

    DNS Response

    13.107.5.80

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e837b79b83b7b7b36a4d7c7db8b96e79

    SHA1

    9f5f367f3d96ea030c95eedf374f71832e4666c7

    SHA256

    5ff5bd85b31753ddaf7bc52844e4d2a068bd9902881d8365da665c40530cae43

    SHA512

    dd09d55ad07e7e69dada85a6be8d75cfc7f27ee15be4515ffa524afce6b0db13c6e3d482371203f9bcc26317af8df199a32130ace2a24d7244eed3ac5cb706b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b8b600b4214aeaf0a5f99d1314a5b29

    SHA1

    f8970ba937606a6f29e54f8b1ab43a9bc7e095fd

    SHA256

    6f063d27f9b449ffb6bef35d90e608781665f0bf84245eac15878447c08e793b

    SHA512

    1d8ebd03ad0c099232b92dd7a27079fd2b90fa6092ce6b3271ede2fdaab3f6aeef6fd3843c0cafe7cfec91e3a86db8e51633add78ecdaa23b46feefc88d72b67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c13babe49fc4f74f8aca71bef4896f97

    SHA1

    6eb15eafc222eee394621ea1d56bfe30c04f3d25

    SHA256

    d0f92c5de4deab75bcacbd3568de8f5a84d2fd55aed7c4f9840b22a180d463a1

    SHA512

    a7b8e3639e20b9c7a4ee3863a0fbfa86e7643c8ca99a7fd50788ddbade34d2dfe72f9531eeda528c6346cbf02f29a8d55fd407a2706fd8001503a95e02d6ce29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e59b68403318c3392e48f097f2214daa

    SHA1

    d963464df20737e310fa8698b03c5a7953e57ba2

    SHA256

    35d1d15d9958a6f18479c89f3ca03df02d17875b87e20650340291a2c6f7d70c

    SHA512

    84e8dfde47ead52ecd29a4574e015c5664fc80a9bf192486021e35cbbc3fb7e7e3851e2dfee1b9bfe1a6e2add84f57b48dee10e01144db208bc65390179ef85c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    88926fd2ac44ae043b315a0b8b228bbb

    SHA1

    053660b46b3bafd526c058dbad001daeb5ca019a

    SHA256

    97e95f5b04712ee46896f278805d9840992c2c4b198a0ef1719811f310d21686

    SHA512

    083469d7162d709a4b2e8392dcc71eb08391c9a058697b6aecf6b40fa1658707dadbcaf8d85ec9786fe3c85d09e44bc59986eddc9c5214c844f0b1c6ac7757b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3b829b39e95a19034a79a37d631538d

    SHA1

    e9534a4d16df292e85ca9dba19e702e841968b7a

    SHA256

    a1a6e0cc5ef80eebd5ffd1de26297a236f72c4374bbc8fd68241bfd372b7f88b

    SHA512

    103dce6108b378adf7ae375c8b228a8f08742a6efb5c4691d3a11a3b9166c15f87379b6ba020cfb25ab26aa4c5b6cc7cbf484ce63f9c983a777f39828291a724

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11e7ff448a9a516e98ab9ed77c0bd1fc

    SHA1

    d2d74a505c8684bd4d47b98f9db50672bf59379d

    SHA256

    767d8f57c4237b64d9935fbf483a34c6db6ea28ac1f32f2234f8e0491629cb26

    SHA512

    3765b3c1aeed0b085b727f713bd048259c8e5f61fc940e7c0c70b89abfd3beff687906aee6b12a40c6b64c292cd2e97a2ca60bbd540a45c67deb0863d43c09b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    69d6cc41a893f19ec3cfa29c57da3313

    SHA1

    e0f20e5a051f96d229b678263ae9e302624c74cb

    SHA256

    117a775897160d43de583233090fbd5b99c8e487f2bb6d068405da7868984c69

    SHA512

    2426d63805956f52423154534f42ad675d9e801e85729d1bf351d744c7e8fcfaad454ddab30c530133f036c33052d35523bc17d30e2ef9f948d8063a0aef5aba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0f5030a66efce9e4222b14c3723168e

    SHA1

    52d86e12aaae2249d4fe7de53688973c3833e1a0

    SHA256

    0ededc10b660acfcbaf5748f791481194b437e867627e883ad5f8b35e979be6f

    SHA512

    e69867d1f7cd341755f345c73652c8d6595d4c84dde770550c757df9f4b532e768f190d7d7dc2c14daacca468541162dd3bb6690c2f889da8ab3fb68dbe4e6ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ff075e8fa963091ee4c9a9de4146cc5

    SHA1

    78a341219fa3dd0f72d5f3b2f81424c1de549349

    SHA256

    f37e17cc378eaea842a7bc6f4402e753f50380dae302445460fcb5df184b408b

    SHA512

    2723afdfba2cd908e28e3a28264ebcb7c4552a73c863d1076a5171350e007c699ff61a648a688046814924819da455f9e133a44e4c6eb5e9beb6fce46787cbf4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2d46a4d4822fa957dd4bd7dd05d0b75c

    SHA1

    355ba09447312b60ba8a47c21bf5b064e373b090

    SHA256

    32c74204035b1214d2dae1c10bbb094198489993fc3f7625123b940ef3ed1197

    SHA512

    b903f485284a7702a8ee4496c66bda0e7360d59ec80abbf7f93cc86513b7bba99fb5b2518d88233c4f00b6031d1019d1cda436382463fe6987b2a123351d620b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee67a580d77482aff3e26bbeb730d8ac

    SHA1

    c2bc9722ffd9a1e8331bca6546f9da32a381d646

    SHA256

    cdd1b046044b0a256ba35b3391c3e0185b012b6aa5f39b0e87436571d0e82278

    SHA512

    1603aa5c822645c93528ba2df560e024c74b3b937e519b800aa4ea1878e8e2b07398823d48d7ccb895a63816608e34b8205c483349a6ee002c683dcbd4a66353

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0662203ce062cc4d115beeb32d897620

    SHA1

    b26ff085fff04a6cdb14f0e81a2012c26d6c8d48

    SHA256

    9dc284252651cc2ec44e40f453fedb55551688a1651765792cc575a04b0d6844

    SHA512

    91188727b3176650ff4bcf567b50b18505683929e7631dc13c1830d79d4cea7763709fde5c9eb4e075c18103b2a4f6d2ba6aed5f7067954a163a222e6533f6ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fae563e90e044729cab49f91afce4c5b

    SHA1

    98e9b2a15a59e9391f6cc4d62dbf5d3156703ed9

    SHA256

    02911d34bfd77aa2d6712b147cc42587c74db3138d247320d577ba8e054718ca

    SHA512

    e2e57f06a359e53f08a558e6c69cde29a1a6b4e129fb81cfd89ef8b8ae8c13a20aa79f0f03ccb32d5439118b6033290b939408d5070b8867c0937c506026846a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c010731372154b21289a1a679b7be34

    SHA1

    0d2bc31cb476f7c57daf942d4f43a8e65dab9794

    SHA256

    650421bde7d318326daabe21547dd1f6f80db58fb8edca5f09c00ae7fc1b6c3e

    SHA512

    96fe4a02df4b9609dee7cce306dd1d38234a80c77f4a445d9b4daa2481c5acf607172665342cca65ff856ee5e4290b79ba009f8c85e326c437038a98696d9304

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b5f6e70f6262a76026b52260c16ac14b

    SHA1

    14c758633af0b3fa935377abef504e0fd4713988

    SHA256

    0d1e5dfe760d71ab2e86a365e85377e254acba41665a2f6886e30717ae5af6c9

    SHA512

    0d93d93eb7af1c01994f77b1488ceabe3aabb3b1e0016fa994939e0b8e191e34266f4a70fc6f67d4c0e333e891186386103c4637a51be047c69707fb30617c31

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    98e325c4c1cb8ef0212ba414184aa64f

    SHA1

    1d9fbd66447088edb528bdedd5381bf639c2e68a

    SHA256

    0e1dd79c2bd9f733267ffde1b1cd3cb207fc7d0a41429b20a83aca3d00e3b3f4

    SHA512

    2d8642f12a38aa32e43bdd2d2a2bafbf5d761d98211c830466281318b86686a518e7b447fa5250ea731a84cce8a26795532283407d25011fdd79a8921e2f072c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da95e5dd6a346a8fe8fdb1817de6235c

    SHA1

    348bc35c6153bb5d13c04f242d76446563a7d209

    SHA256

    5d9a18a7b8cb2bf76f95cdcc2592a88354a562a8bdfb615fa26430fbe531afa5

    SHA512

    42c73d16680a456eec60cd81f3919ecdabdc4b548dc1d517e2e46cce998ef22c46a7bb2b20a2185a714ef14f8410842eb1351fa7bdedaa8e37907fca0305eac4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65ad30d1cfd2e4098b68f6f5aa2f9887

    SHA1

    bb2b981561992d4559ee26c2338a0c5f1aa2ca74

    SHA256

    fc26d775296bf62183d6ca166cd02aa54c35d42134139786cfd199269dfdbf12

    SHA512

    97dd2443bb1b2482ccc9590397f930739097b4bbb496099cb30b75cd9b398e0c164b06c6743fb15f6ae222d2f4dd6968b0bda62f1cfbc40a76e97d7d900924b2

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{208CFF71-BDCF-11EF-AB2E-FEF21B3B37D6}.dat
    Filesize

    5KB

    MD5

    636bb36299d665452005922e1d512ce2

    SHA1

    7cf4f8f64e7d572f0e9a5f583772f2f1cd56302d

    SHA256

    fa4e9f737802f8935bed290fd7927d2ef4ad9aec04195828c7e566e6abaf335d

    SHA512

    f712277ca5f9a1fa26210e987a14b7a29c72ed5a1a866c94a1425e3c61a891d490865b7a2802fb93a9ccc7a0b9a18039d5c3d313c57292e9adc29a4d1b2b81f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabBB95.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarBC53.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2492-2-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/2492-0-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/2492-1-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2492-4-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/2492-5-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2492-3-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2492-6-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/2492-8-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.