Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

a4ce9b73db...eN.dll

windows7-x64

10

a4ce9b73db...eN.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    67s
  • max time network
    67s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2024, 22:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a4ce9b73db0da5195699660b8a44cb6b9f7529d85a4f84e3f9b2c2c7b54d793eN.dll

  • Size

    124KB

  • MD5

    fe442a96ba409ac71c34d9d1c7e779a0

  • SHA1

    eaea9dc6b1daf846c825e5b70cb1d5314b663760

  • SHA256

    a4ce9b73db0da5195699660b8a44cb6b9f7529d85a4f84e3f9b2c2c7b54d793e

  • SHA512

    648c2e01f939d06923f1174914436d4177f87f985341eda6bb71a1fa0cf3f550677fb9de10151d42beddb9dd9c6e847b4983c184cd2957c46f88d4f93e98ed2c

  • SSDEEP

    3072:Sjul6/5M7VmKeZ88Dkj7oR2SqwKJXtf5DGyVBQwIY6X4l:SocvZNDkYR2SqwK/AyVBQ9RIl

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4ce9b73db0da5195699660b8a44cb6b9f7529d85a4f84e3f9b2c2c7b54d793eN.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4ce9b73db0da5195699660b8a44cb6b9f7529d85a4f84e3f9b2c2c7b54d793eN.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2068
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:2532
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2416
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c427e408186cad97038b00b6b07ee06

    SHA1

    9bb54576a0adcb92c4697136055d5cc688bf9267

    SHA256

    34d938686b2b84b5d37355abfad96f488e299a3f3a18c71e6da4221fe47fd9ad

    SHA512

    1f8a71c62c5d3bc32ec245a5e2e03a10f4c5a1795d57eb98e38439e5b235dc9922ea71b71cb2c9971dc13a786c31a330b46f9e3251bc0a5af40039c61207f325

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    70460c06b875ec1877d0c9d97cca2623

    SHA1

    39d0371d7e659e9593f788eceb79a9892fa7d883

    SHA256

    9597cf25a1512776b04b8afa4a6cfdb4e2a6fecca1d19669651fcd3a7e03730d

    SHA512

    d9dae54e69ea0dcfc6a29648c7a326d26d30c6e893bb5e8859591cc5c19d4ce2908f9e3b3431d8d566a060ad395b87672c8d8b0231540a01e7f93ab566f6637d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7e6b7689a379ff75db881fc1f5395368

    SHA1

    4710b6f9061623d6641f6f591692dae3bc1cb4c6

    SHA256

    d1d35a8618157f7bd934382b31e3bf48adbea1c11be65e15301f1551b3d90e97

    SHA512

    9cd5364b56708215fb5b19a98f6d45d302ef4e5c4cae2c2f3501fae59a3e065603baa1cab633cc7379aec2e6d1393a8b843d5b6168f0ef16bc16e46f8b5c2f24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a4a136f379bf601f78afea91fefa06fb

    SHA1

    fa8686f9146151eb5c5408b8b1f92df695f76414

    SHA256

    d3887d123ec341c283d4fa42d552e37063e7b10f24fda671e2c10e976faedff9

    SHA512

    a49d928d238eea5ff25cb021088a951c74107d99fe12fc8a63e0b4a4ebe5ec435e265849fc6998712dc79a1f353152c7036653a19b2f5c7fc95360f3584f146a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    58cae76840041a13bea6d19e08fa7859

    SHA1

    36a47cbdcff0f98f28356ba28ee4f0f4eb91d1c4

    SHA256

    c92138e802283d3ae6a38907964ea8469dea43083ba9fd2411a8dd6d58974103

    SHA512

    812374e47cd5195b05acf0d1ff1e7f09f70eec6c294ac25534d1d49742d738dfe2aff596f36dce37581354555622de98024c09d12e27cbd5c46ae2064e76c637

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    57296303ca3081231346e727b0e9c96a

    SHA1

    72c479a5d239887901e7f23b3921d428b632b78d

    SHA256

    b474bf9f61e4bea437d766cde47d4f0b1c8e522ba14999eb3d39d5f05c4eea8d

    SHA512

    d756f226d0479b700c7d865b39ff8161781507c29e2ef1316f5d9be07ba50fecf54424e62a719c20e5f1314aa138e9f2347fc2d4003a22a1a55388642888296e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c135b67108f73da2fbba1a52d1240971

    SHA1

    7f98b9dbbbe791bc26c8dfb70d108e0e76a4fd5d

    SHA256

    8f8f65b13a5249894bd0619c4e2a8139b607eb61abb27aae530859902abba5ee

    SHA512

    d08aceabf7139a23261f6ba57136cbbab94febfb334261db3170dee13b1efbb5ae6e897cebd1ac0c68835e126c86f4a41a7c41f884abe45cb4809f85970ecd6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f5a8cee2fcda996ebdc52988c5b6f7e2

    SHA1

    f83bea39abbdae38720735366da92764ab115380

    SHA256

    41756cb1f4a4f238bd74e9ecf9d4748859a68758b60e2cace448a7276ecc0c15

    SHA512

    c1e03955e76cae98669f6cb58631f803f2b08628a319d050a2927ab248d06481830234414e432154a5b27ada684c6495e2df7180ae68253138327a44fc2632a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c1329e54ee742fc7c5f9b9eb69bc7a93

    SHA1

    ce5012ba3d85650c9b1c3793af8dce82dd5f1c20

    SHA256

    07c0cc624c6e06e1cefb8e950b56df66cdf46eceb216980a2533b938d6259ca5

    SHA512

    f6d65a3f718c70adbd4e7c762bb04bb6c645eacd9d9ba6a72f798a7b628bcd35b1685b172e72145e8b705a2121ae82811290115b63e34be0e3e3959b65bdc72f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c91601f9e6e6ebd512526cf85cb9ba0

    SHA1

    93a2d432e95921d59c0d6cf1e8934e06b13b4eab

    SHA256

    fb9300bb18576ac3a9e9c9b3a6d4f366952ea6b48382a2a6d967e2bc447b53cf

    SHA512

    3c5fc7b6319304fb346e1870cdb3dfc5b1435a2a559cef8ea4b9c28aea4ae7d55b6e316628a9e3ee2e5850ad81f8c073f2aa3e2b8506fdbe0d76d4186f9f0729

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6a4bbf682bfb4f62d80b70db14762eb

    SHA1

    48861945965b1fa2b1fc81b9f385f34dcf416b9d

    SHA256

    2687520cefba23341ca7f8d60973303b732fb4d3ac5738a1b23ae3a25cbdd2dd

    SHA512

    1d4c9dad6752a43ef3ff2697fcce52dfcb319bf7e0681e7c17c118808aa62f5bf2c1d5e229ce05ccd5feb346b5a65e5e922d5d687d4c6ea7207a1fce34aa9853

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7b561fac88a9d529548385be08ec428c

    SHA1

    4bbd8bf109daf90f07f995c03b628e27dd549dd9

    SHA256

    246be9a696f44010adeece3ba94d76ea5d2ccf86347f11482ebf00ce286b4d72

    SHA512

    633aa0d76ddbbdc9ebe3318fd1a11d2d953d2d9129d2736a0f263faaad0af0f0e3ac17b8e2b8152cd140dfc983b41abd242ba89e0f13e7caf0a485897e5d7c3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f694a26e808da4c3932142b08ba997a0

    SHA1

    6cbebfa664546fc38065d13e18807970ceb958c9

    SHA256

    5484de2b9ee6a566c01512d5655a3a591ee4fcadfe9df7b913fa93b2504bb77b

    SHA512

    c43f294218060ec102fd50a7d6209899f708afd7e4d549ed1fd8eb388598ef9920b26eb04633a5dfb4398a2406533371599de54803f64a8a3ee5991ee2cfba46

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b70366d19aa6809ec261b94d2e6d576

    SHA1

    76c8b9b48a9683c38547d4bcf1a649f6ba178ac2

    SHA256

    8222a5afe1fd77de4aad0cbba44166192ba92fdec28083dd87be29d600b5e7ee

    SHA512

    e2fbab403c78b75f01fe277cfa64460dfbd81ffbd928745dd77f6d3fcf97132f191c2ce725cffe821cc6e8f628c1c19f6d7cb3da5385028cedb4d5f39cef0f91

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    81b9fdb4ca04d46e1dfca13dd6c72c29

    SHA1

    3c5513e261126ce73a17a9f77d97655719afab6d

    SHA256

    59ec2f90ee28220c6753d4cf111e11bbe28960ef1a411f9a7409838f3c7cfbc8

    SHA512

    3c485c69043e917d1a61453d6b47f0eedf2b4adf25a6e2cf063e82234a6aedd359c86b17f60a21be9c8f4b5dc9f3a415b83588e142da24008a9f45bf13fbf9f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    968684609daa130d68155ab5a308af7a

    SHA1

    e81c89033d2db2f6055e3e9e68fd62ea010aa104

    SHA256

    6fd9d3a64f8f156a0a9f17a1a73155ce7b35a2d71f2386121cea5d13a95e7373

    SHA512

    7671bb7d22106be4dc589680b5405c816c2e9a78d9b9af5d0a7d40a63e302df0c10b7b8408fcaedeb006fbc92ee0b339599754434160c0dc7c3c3614602cc0c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc6d56b6d5c8d59480b49666cd49811c

    SHA1

    9b66c19414e3d66072a52660736c41dc360b6f4c

    SHA256

    94dc6e7ff9895a1b00c3b6e8cdeba6c29af1e472f4f4321fac4eb05b9bea0744

    SHA512

    241e2eaca21b28db0501c16f0ed45248829a980fe1d28145de78b55b5794bf4eb2d8ebb71a6f69e8b9b5502ff490116f5a6fc8a670801b06b3b6e4dbf62fe282

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c1014c078e30c9f7f453eacc471d5865

    SHA1

    6e6e804f0c4ad35770a6c121a6b435d8ed1ac3c1

    SHA256

    28f970635e044aa9b1ae9b31b70196e1f344888edd4cc39afb4887241bb9bd25

    SHA512

    10b5a699c0d62aa9f9d1e2cd9d17303a32e6a8d48ca4f199d1fdabdb70efd5ed820153bcd1b3bea142e402c9c8fe73880134c307ec9ab76a52b279ef6dfea9c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e5ee5d75ec9de76efd6e0e41ba5bd31

    SHA1

    50be6e2b541f6231ed7829100eb02f5965bf20e8

    SHA256

    71e8cdcfb124d1b9c970fc0d1855df47ab09a67e583b3733a0d19790079acd97

    SHA512

    6a05aeb8c5df9a47fc83ee0f19f080f15fb10b64302e0a4424cd7a9729a9b03e231fc4ea9cdc63336bcd962d549f68b7d1c5b86db2d105484d3d783397378e3f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE478.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE546.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    88KB

    MD5

    fe76e62c9c90a4bea8f2c464dc867719

    SHA1

    f0935e8b6c22dea5c6e9d4127f5c10363deba541

    SHA256

    5705c47b229c893f67741480ed5e3bce60597b2bb0dd755fb1f499a23888d7d6

    SHA512

    7d6d5bfb10df493ffea7132807be417b5a283d34a1cd49042390b2b927691fd53ecf8eee459c727844395f34e4230b2cd85b38b7fb7df0a3638b244d0c3f6394

    Download Submit

  • memory/2068-14-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2068-2-0x0000000010000000-0x000000001001F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2068-0-0x0000000010000000-0x000000001001F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2532-16-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2532-13-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2532-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2532-17-0x0000000000340000-0x0000000000341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-18-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2532-19-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2532-21-0x0000000000190000-0x0000000000191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-22-0x00000000779EF000-0x00000000779F0000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-20-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2532-11-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2532-10-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download