Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

eb42d640fd...eN.dll

windows7-x64

10

eb42d640fd...eN.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    75s
  • max time network
    68s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/12/2024, 10:57 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eb42d640fd9705235e742c0f81f14065aefdaae8217639ba14486d6ab8eb6feeN.dll

  • Size

    200KB

  • MD5

    f79006ba2a3876ab9305195cc8d0c2f0

  • SHA1

    9d21ff94924ade4cfa131191a9a7024027e9beb1

  • SHA256

    eb42d640fd9705235e742c0f81f14065aefdaae8217639ba14486d6ab8eb6fee

  • SHA512

    daea132cf93e5e6ba419bb413613c35e24f324abb4ce5f403adbfe4a03d0deaa32db3848e2acc00b980d134c1cf9354fb151bfc4d713abe5066f55bb0f4fcde2

  • SSDEEP

    3072:DOBOLWXivHYMzv2HvP5YeBTEEP2831Vr/rF8QOSta7Wefkka+4BCLUIXCjtmVlGJ:DOp8HpzdQOStKIdSUIXCYGcDlTVE

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\eb42d640fd9705235e742c0f81f14065aefdaae8217639ba14486d6ab8eb6feeN.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1764
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\eb42d640fd9705235e742c0f81f14065aefdaae8217639ba14486d6ab8eb6feeN.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1732
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2128
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1424
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1424 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2748
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3036
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3036 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2596

Network

  • flag-us
    DNS
    api.bing.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    api.bing.com
    IN A
    Response
    api.bing.com
    IN CNAME
    api-bing-com.e-0001.e-msedge.net
    api-bing-com.e-0001.e-msedge.net
    IN CNAME
    e-0001.e-msedge.net
    e-0001.e-msedge.net
    IN A
    13.107.5.80
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.8kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
     7.9kB
     10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    831 B
     7.9kB
     10
    13
  • 8.8.8.8:53
    api.bing.com
    dns
    iexplore.exe
    58 B
     134 B
     1
    1

    DNS Request

    api.bing.com

    DNS Response

    13.107.5.80

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    68761092062cdfe33598f59352d5625b

    SHA1

    2a2d8eb8b00e024d7635538db7ed2161b29fa273

    SHA256

    c88f31fa7a4f374d2daf06b935222e02fce257a5bbacbaf36a3b918c2a4a32f8

    SHA512

    4db482c855fb2d8602496b6f28b7795a3ffa8e1e9c32f967443cc8deaed73c4de61370a1a2de65cf2af3b66f10afd1542b4949d206e42108bb44ed92c49ccbd8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06eca9d13ee12e94e7c02ecbb793b01f

    SHA1

    4f982f2fa842261fdf166abcf1c5872fb23bf645

    SHA256

    e39876464a34b643b5b19c16566a9b83f700cc3bbb500c11df061d25b8d7e75a

    SHA512

    2d1e3e25f560b7d5bbab8211661a9e047bfc491a19a5f1cf9a2c82f82f392ed7868c837f23c5cd334966731ffae829f5a130c98efb7320a44dcc618860404199

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d721f037fd84d5c84c1af953d917384

    SHA1

    bf07511fbd59e56fa6d67c4b5950bd72306dc3ca

    SHA256

    42a8ddf70a4f0bf9fff1782d7995558457b9ddf98a66377068450718002021b0

    SHA512

    4e1631c19346abef58137a151ca2ece0c2960ce500b9cbebe575e56a7edab91272a3e3f8800d9630bb4397d4801cefd9558283ba56be0af33c2a379877dbaed4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    40026d9f6b44e313df81fe24d7b92f1c

    SHA1

    0bcce95e2f316c0ce74351293f32b687299c92e9

    SHA256

    1051ba1f64d501e52bc5c7ff8adccabb57c040c1e31db7ad396336ad10ef6591

    SHA512

    d9e58ca31aad2041299f186050025a304b8b8dafe10e9195c010f41966425aedcec27743227f1666d7c23f44bf122cf1a949ece6f18e1d893012f2a5b7a7c52a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b1ad2b82824064cf8e5fe9496c358f8

    SHA1

    7c31a0b25e4435ce1b280f5c3183bba56bfaf6ed

    SHA256

    c933e6be4413bac0a8d9046c05e6c984ebad11583712ce6ae68ed98c8a784be8

    SHA512

    d11f419e2b3b7a4a44d6c5118a7609be214012d0de6279b8667662e76b28ebf2ce47baf965dd042de9889cf67af0a7c916b1d50d1f0d0f39b3b7a5295efd016b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6de3a67394270ecd9f3a23ba7fc4d766

    SHA1

    6e510fabe5248bff831eb1ee21139aa62ab80534

    SHA256

    9d9f66f94793498d08b82bb921981f97dbbea40dc97ac7832a225dd8d7ed0c2f

    SHA512

    193a7d713f296fc8e6b13fa7d6f8fa4124f066918e01f081d61772ec8c52c6c3817db3df0bf75c8e5dcc6db3b3751f6140a8292b57a1978e934ad3de295fd64a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b7d266f2b5c5e6c28ce5eeacbadac37b

    SHA1

    e9f30e478bf18f968c9039161ce7ca04a6654b87

    SHA256

    0bcb997c72796c23dfe1b2f1e95f872b309dc769b44fc5f986f473fe0b1852d0

    SHA512

    9fceda7e5cf7e05a90f497626703ce3488280d1f4a23499927f2d69ba9be1e2bd272ea04f310fd0a01ff67b2e2fb5c53efaca584327ba69d123f8bc789dd65d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ec3d20046203f64c657a12fecf7c574

    SHA1

    bfc6cd2fd6f5c0cbb805a4dcd88f33d3c999d91b

    SHA256

    3d63c4b1b40f32fdf9e5ae66c037c150e048bd35542a0aa3a6f3ef685ec22065

    SHA512

    cb70cf068519e143f30a96956e3ad6cb5e154e4d893ab39ce1cc4df196ed0a61d9d2ef0f9a4f618b528d3f4de8f6ddeae2462f30dbf09ab40b115ed6b844c894

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dda1378b833c7efe33c907bf2eacea47

    SHA1

    dd9f5af7c00d4fdb87837c045e99ae665a8967f4

    SHA256

    585551755feec69a8c710c1e2c9482dc1ad2c2d4c9035a76d0c24d108f702da9

    SHA512

    057901d93c43110cc20b8ec41db66539953afdd6b913a28fbc72a1a5c56e344b848f40d99df00dc38e897ab0eba3bf872cbb13c44c143d76be7d3b0f7783c8fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b9b6afe0e4f1200e05262c3d068cbd1

    SHA1

    067564be58c7028794e7a0eb87ad3a5910c4b4a8

    SHA256

    473c441d4ea54aec1ecefe0d3a4c9513147a14687dfa8dcec628cdaf2b14583b

    SHA512

    001ed48d23f1c432c8ee4b706797ad41eb571db1237c1f1567c61b22d5b9d42590791c3032d4aa9e81dcc28c919f50ed56aaaa9363d0518e78c9cf4eb148abaa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    acc0cbf1c377a4393f4235c21d228065

    SHA1

    f9e46e8054032c67373826d31aa28e06e5889640

    SHA256

    386c9ce8479869154603a492df9ce9dcb105a988576c90a1a4f13a108065f96c

    SHA512

    c61dfe5b77d310e14fee1ac9b9695a8dd3c647c77caa9d765ef0b5d0031d92d065af8ba1bdfcb68c976625042765cdffe9c1cb39fe4caf4ae40e821859a37299

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a799219f8dcf0c58de98defdf477951a

    SHA1

    937ffe21b02c948ef895ec6e4c864d927a93a93c

    SHA256

    912dae1aaa58c98ad124d300f8081e61cad2c27737e105baed5969c763ad444e

    SHA512

    4e31795f3e7c7066d9a3481b0a9ee9edd29ad5aba607246fe7d740166f011ffb4671484bb330cc7600aa847d708c6bd8744098715af90a776cc504da1e7e80db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    96227335cf24b99c58a8d602cb69c39c

    SHA1

    5183ab67016ec4976c93212acae435fe684cc1b8

    SHA256

    5ff74248e18493f299dc45b85a756113b2b9747d7e1e65ebe5d9b2096c8af36b

    SHA512

    689e905c96b3fbcd4896219d3d5c57f54edf55bc5abb312ffc98ae31ebd5035ecfbc8c2acfd5df761b047fedc6bc2955a708cd7e10c1f583cfcd07e257c558d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f1695160e664c4ce2d0c777a987bacc

    SHA1

    025b2a66300f68a4cba336298f501d83aa92c14f

    SHA256

    525156bee47a55ab4ea3ddf5bc1b6c30e3bc26a329b4eb240f951266adff7366

    SHA512

    38b146461ae6d7de0eaac562fee39c24fe903c1d7271634e1d32d2df3ea746be203b65a12c36cd9fb359ce22bfc527c3c46ad40528d1f31ee51e486dd8a1caa9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d26abe32d4e18a2c9070e2ab499e592e

    SHA1

    0df9e995cc400842c7cec83deb2cc59dfaf6727e

    SHA256

    f3c9ebdfb08e5c352f792848d5dbd7ffd10436f7c06cae353642f80f7a1eddc7

    SHA512

    84bccc3bbaf4011b1c3afde4f57f857ad834852757afef4259ad67dd3ec2276eb31d3e732f0d3881e91dce93cba0c684e26c058f451c41cc263f2a57ae40979d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8751d18bb328a57873e74d5833c99490

    SHA1

    3ddef07f1b2a10a333a5e4f464695c1153972d42

    SHA256

    3d7bb73a1d8122f69c0c07cf56dfd8615fd7008d39bedc1c318758d44f30878c

    SHA512

    4ad07cfbcaffdbb7b63832f5eb31b062636fc42967e7071089d104143ee2734eac1ccf9b30b812d00aa7eec5e0c37deb87df19b5d0e93c411891a9fdf6cfd80b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a145d5b58df58bc608d23838fe04ed6

    SHA1

    015bbca6183018418f4cf4ed93baa431ed795f47

    SHA256

    3001c36d04badbe5d2164ebc5b18d2c16505ae26d687feb6bda7c5f126e52477

    SHA512

    e16f70dfc3cd01a081314dee23916e9c4c44ebd39f2558c33a45eea4302fc8d487f82efeb6cde30dfba2621c074802a18a4079ff3e05b6c7afa6eb7d148bbe41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    98bb45cfb2dc6813caf772875307735b

    SHA1

    a3b164fb1d2723cf5d04175b5c57d1dd8f1f17e4

    SHA256

    86ac35d35f98c7cc86ed943c377bd510442de396ae3e251372d5201f4c223ef6

    SHA512

    3a314b76f1ee813690169b08e112628e0cdef5bb925823291b611c09dbb5432c7e5050e66235012ce44436ae4dc630c54eb2bcd01dd931086d9b4ff7e4fcb717

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cab477d48de48f1321cda94e5dcac915

    SHA1

    0d824f06efb2b7ae8bb841d934b2ebe5f9b8a1fd

    SHA256

    f9ff8ee559e31e5bc94fcaeeb487d32c435979d71726cbb2507b0056205ad5f5

    SHA512

    4efe85c7feb30bed75ac657b7b591a417ba60c28228a7b99696756f56d5bef24e55e2de2b1fe7a2e532e64f2d236900687a91fdc24d818130b9e5f716c971095

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{19CA9A71-BDF8-11EF-949F-EAF933E40231}.dat
    Filesize

    5KB

    MD5

    6dff7e46cba0af0e4328833c59dd8564

    SHA1

    0a69a14292f5c6ddd679ba80d40bd590f045dd10

    SHA256

    36a345c277f3ee7ff778deab2ba37480af46d02b403d13a5303ac2de647031dd

    SHA512

    aa3bd33ce1a5dffef49687f24d9eedc2a2697daca59af72b7175da08b588ad54cf7b0aa56c5a659d079ad6b2b1f72fecdaff55e019edb1e51569acde022ea7fc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFA59.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFA7B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    101KB

    MD5

    1f92a7cf627f4c7d554d28326f1da954

    SHA1

    b7befe20fd68856539347f0650473b6dad504863

    SHA256

    fee6b0318f0ba98b8df448017226ad900167f9d7cb1d21d603f5da3022f29e00

    SHA512

    07c8d54b2b68f11b9a05fd652f0dc5b3bc30de58eb20537846763bc011e64496c0636a8e37abbc96d07a6ff9c304141e38e8f0453760d48f753343eaa319fec5

    Download Submit

  • memory/1732-10-0x00000000006F0000-0x000000000075A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/1732-11-0x00000000006F0000-0x000000000075A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/1732-20-0x00000000006F0000-0x000000000075A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/1732-2-0x0000000007000000-0x0000000007034000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1732-1-0x0000000007000000-0x0000000007034000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1732-0-0x0000000007000000-0x0000000007034000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2128-18-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2128-17-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2128-13-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2128-14-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2128-15-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2128-16-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2128-21-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.