Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

c39e4ecea6...88.exe

windows7-x64

10

c39e4ecea6...88.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    66s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/12/2024, 06:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c39e4ecea681f448917d8406b95306857cf0a64cbdca9179fe4ae376b8a59f88.exe

  • Size

    221KB

  • MD5

    374e234421641c28254644ab16f0966a

  • SHA1

    e595d0eec4c864387da6e1007f8e3c5b82bce0a1

  • SHA256

    c39e4ecea681f448917d8406b95306857cf0a64cbdca9179fe4ae376b8a59f88

  • SHA512

    e8d5ebf793f9fb83fa90478af1dfd4e32996d0797abb9075d0503b0c0ec21ab8d25a84118df2d24826940a4fa4655d9a206fb972274244251f4fcb396a8fdb9f

  • SSDEEP

    1536:vOC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfB+:vwV4OgSzBmh04eZFkz3Rr0gwGj9Tf8V

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 50 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c39e4ecea681f448917d8406b95306857cf0a64cbdca9179fe4ae376b8a59f88.exe
    "C:\Users\Admin\AppData\Local\Temp\c39e4ecea681f448917d8406b95306857cf0a64cbdca9179fe4ae376b8a59f88.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2492
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2360
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:340993 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2652
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1988
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1988 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e837b79b83b7b7b36a4d7c7db8b96e79

    SHA1

    9f5f367f3d96ea030c95eedf374f71832e4666c7

    SHA256

    5ff5bd85b31753ddaf7bc52844e4d2a068bd9902881d8365da665c40530cae43

    SHA512

    dd09d55ad07e7e69dada85a6be8d75cfc7f27ee15be4515ffa524afce6b0db13c6e3d482371203f9bcc26317af8df199a32130ace2a24d7244eed3ac5cb706b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b8b600b4214aeaf0a5f99d1314a5b29

    SHA1

    f8970ba937606a6f29e54f8b1ab43a9bc7e095fd

    SHA256

    6f063d27f9b449ffb6bef35d90e608781665f0bf84245eac15878447c08e793b

    SHA512

    1d8ebd03ad0c099232b92dd7a27079fd2b90fa6092ce6b3271ede2fdaab3f6aeef6fd3843c0cafe7cfec91e3a86db8e51633add78ecdaa23b46feefc88d72b67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c13babe49fc4f74f8aca71bef4896f97

    SHA1

    6eb15eafc222eee394621ea1d56bfe30c04f3d25

    SHA256

    d0f92c5de4deab75bcacbd3568de8f5a84d2fd55aed7c4f9840b22a180d463a1

    SHA512

    a7b8e3639e20b9c7a4ee3863a0fbfa86e7643c8ca99a7fd50788ddbade34d2dfe72f9531eeda528c6346cbf02f29a8d55fd407a2706fd8001503a95e02d6ce29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e59b68403318c3392e48f097f2214daa

    SHA1

    d963464df20737e310fa8698b03c5a7953e57ba2

    SHA256

    35d1d15d9958a6f18479c89f3ca03df02d17875b87e20650340291a2c6f7d70c

    SHA512

    84e8dfde47ead52ecd29a4574e015c5664fc80a9bf192486021e35cbbc3fb7e7e3851e2dfee1b9bfe1a6e2add84f57b48dee10e01144db208bc65390179ef85c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    88926fd2ac44ae043b315a0b8b228bbb

    SHA1

    053660b46b3bafd526c058dbad001daeb5ca019a

    SHA256

    97e95f5b04712ee46896f278805d9840992c2c4b198a0ef1719811f310d21686

    SHA512

    083469d7162d709a4b2e8392dcc71eb08391c9a058697b6aecf6b40fa1658707dadbcaf8d85ec9786fe3c85d09e44bc59986eddc9c5214c844f0b1c6ac7757b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3b829b39e95a19034a79a37d631538d

    SHA1

    e9534a4d16df292e85ca9dba19e702e841968b7a

    SHA256

    a1a6e0cc5ef80eebd5ffd1de26297a236f72c4374bbc8fd68241bfd372b7f88b

    SHA512

    103dce6108b378adf7ae375c8b228a8f08742a6efb5c4691d3a11a3b9166c15f87379b6ba020cfb25ab26aa4c5b6cc7cbf484ce63f9c983a777f39828291a724

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11e7ff448a9a516e98ab9ed77c0bd1fc

    SHA1

    d2d74a505c8684bd4d47b98f9db50672bf59379d

    SHA256

    767d8f57c4237b64d9935fbf483a34c6db6ea28ac1f32f2234f8e0491629cb26

    SHA512

    3765b3c1aeed0b085b727f713bd048259c8e5f61fc940e7c0c70b89abfd3beff687906aee6b12a40c6b64c292cd2e97a2ca60bbd540a45c67deb0863d43c09b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    69d6cc41a893f19ec3cfa29c57da3313

    SHA1

    e0f20e5a051f96d229b678263ae9e302624c74cb

    SHA256

    117a775897160d43de583233090fbd5b99c8e487f2bb6d068405da7868984c69

    SHA512

    2426d63805956f52423154534f42ad675d9e801e85729d1bf351d744c7e8fcfaad454ddab30c530133f036c33052d35523bc17d30e2ef9f948d8063a0aef5aba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0f5030a66efce9e4222b14c3723168e

    SHA1

    52d86e12aaae2249d4fe7de53688973c3833e1a0

    SHA256

    0ededc10b660acfcbaf5748f791481194b437e867627e883ad5f8b35e979be6f

    SHA512

    e69867d1f7cd341755f345c73652c8d6595d4c84dde770550c757df9f4b532e768f190d7d7dc2c14daacca468541162dd3bb6690c2f889da8ab3fb68dbe4e6ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ff075e8fa963091ee4c9a9de4146cc5

    SHA1

    78a341219fa3dd0f72d5f3b2f81424c1de549349

    SHA256

    f37e17cc378eaea842a7bc6f4402e753f50380dae302445460fcb5df184b408b

    SHA512

    2723afdfba2cd908e28e3a28264ebcb7c4552a73c863d1076a5171350e007c699ff61a648a688046814924819da455f9e133a44e4c6eb5e9beb6fce46787cbf4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2d46a4d4822fa957dd4bd7dd05d0b75c

    SHA1

    355ba09447312b60ba8a47c21bf5b064e373b090

    SHA256

    32c74204035b1214d2dae1c10bbb094198489993fc3f7625123b940ef3ed1197

    SHA512

    b903f485284a7702a8ee4496c66bda0e7360d59ec80abbf7f93cc86513b7bba99fb5b2518d88233c4f00b6031d1019d1cda436382463fe6987b2a123351d620b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee67a580d77482aff3e26bbeb730d8ac

    SHA1

    c2bc9722ffd9a1e8331bca6546f9da32a381d646

    SHA256

    cdd1b046044b0a256ba35b3391c3e0185b012b6aa5f39b0e87436571d0e82278

    SHA512

    1603aa5c822645c93528ba2df560e024c74b3b937e519b800aa4ea1878e8e2b07398823d48d7ccb895a63816608e34b8205c483349a6ee002c683dcbd4a66353

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0662203ce062cc4d115beeb32d897620

    SHA1

    b26ff085fff04a6cdb14f0e81a2012c26d6c8d48

    SHA256

    9dc284252651cc2ec44e40f453fedb55551688a1651765792cc575a04b0d6844

    SHA512

    91188727b3176650ff4bcf567b50b18505683929e7631dc13c1830d79d4cea7763709fde5c9eb4e075c18103b2a4f6d2ba6aed5f7067954a163a222e6533f6ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fae563e90e044729cab49f91afce4c5b

    SHA1

    98e9b2a15a59e9391f6cc4d62dbf5d3156703ed9

    SHA256

    02911d34bfd77aa2d6712b147cc42587c74db3138d247320d577ba8e054718ca

    SHA512

    e2e57f06a359e53f08a558e6c69cde29a1a6b4e129fb81cfd89ef8b8ae8c13a20aa79f0f03ccb32d5439118b6033290b939408d5070b8867c0937c506026846a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c010731372154b21289a1a679b7be34

    SHA1

    0d2bc31cb476f7c57daf942d4f43a8e65dab9794

    SHA256

    650421bde7d318326daabe21547dd1f6f80db58fb8edca5f09c00ae7fc1b6c3e

    SHA512

    96fe4a02df4b9609dee7cce306dd1d38234a80c77f4a445d9b4daa2481c5acf607172665342cca65ff856ee5e4290b79ba009f8c85e326c437038a98696d9304

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b5f6e70f6262a76026b52260c16ac14b

    SHA1

    14c758633af0b3fa935377abef504e0fd4713988

    SHA256

    0d1e5dfe760d71ab2e86a365e85377e254acba41665a2f6886e30717ae5af6c9

    SHA512

    0d93d93eb7af1c01994f77b1488ceabe3aabb3b1e0016fa994939e0b8e191e34266f4a70fc6f67d4c0e333e891186386103c4637a51be047c69707fb30617c31

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    98e325c4c1cb8ef0212ba414184aa64f

    SHA1

    1d9fbd66447088edb528bdedd5381bf639c2e68a

    SHA256

    0e1dd79c2bd9f733267ffde1b1cd3cb207fc7d0a41429b20a83aca3d00e3b3f4

    SHA512

    2d8642f12a38aa32e43bdd2d2a2bafbf5d761d98211c830466281318b86686a518e7b447fa5250ea731a84cce8a26795532283407d25011fdd79a8921e2f072c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da95e5dd6a346a8fe8fdb1817de6235c

    SHA1

    348bc35c6153bb5d13c04f242d76446563a7d209

    SHA256

    5d9a18a7b8cb2bf76f95cdcc2592a88354a562a8bdfb615fa26430fbe531afa5

    SHA512

    42c73d16680a456eec60cd81f3919ecdabdc4b548dc1d517e2e46cce998ef22c46a7bb2b20a2185a714ef14f8410842eb1351fa7bdedaa8e37907fca0305eac4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65ad30d1cfd2e4098b68f6f5aa2f9887

    SHA1

    bb2b981561992d4559ee26c2338a0c5f1aa2ca74

    SHA256

    fc26d775296bf62183d6ca166cd02aa54c35d42134139786cfd199269dfdbf12

    SHA512

    97dd2443bb1b2482ccc9590397f930739097b4bbb496099cb30b75cd9b398e0c164b06c6743fb15f6ae222d2f4dd6968b0bda62f1cfbc40a76e97d7d900924b2

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{208CFF71-BDCF-11EF-AB2E-FEF21B3B37D6}.dat
    Filesize

    5KB

    MD5

    636bb36299d665452005922e1d512ce2

    SHA1

    7cf4f8f64e7d572f0e9a5f583772f2f1cd56302d

    SHA256

    fa4e9f737802f8935bed290fd7927d2ef4ad9aec04195828c7e566e6abaf335d

    SHA512

    f712277ca5f9a1fa26210e987a14b7a29c72ed5a1a866c94a1425e3c61a891d490865b7a2802fb93a9ccc7a0b9a18039d5c3d313c57292e9adc29a4d1b2b81f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabBB95.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarBC53.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2492-2-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/2492-0-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/2492-1-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2492-4-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/2492-5-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2492-3-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2492-6-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/2492-8-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download