Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

29fcbe2194...0N.exe

windows7-x64

10

29fcbe2194...0N.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    69s
  • max time network
    73s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2024, 01:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    29fcbe2194a440ffe357b6ce45c2c4ae0d5320c0e2457946496cd0d2e135f110N.exe

  • Size

    382KB

  • MD5

    4bb0f1333e8f56cdee6e0b7f56378740

  • SHA1

    90fc2c46c396466486d958cf63a806b7854d816b

  • SHA256

    29fcbe2194a440ffe357b6ce45c2c4ae0d5320c0e2457946496cd0d2e135f110

  • SHA512

    f506478b4a7d65e12cf069b72cc7ac3fe878dd50c548763a0f0b298c1f46f47a51c7b1470218093f87e925c427b29cfbd6c515973b905410a1e33ec54785a334

  • SSDEEP

    3072:4k59fo2r2f0oJDib8iLws7ngPDwGj9Tf8mrxWxfaDAHVyQ0Po:4k7o2r2fj2P8sbg8Gj9om1WySVyQ0A

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\29fcbe2194a440ffe357b6ce45c2c4ae0d5320c0e2457946496cd0d2e135f110N.exe
    "C:\Users\Admin\AppData\Local\Temp\29fcbe2194a440ffe357b6ce45c2c4ae0d5320c0e2457946496cd0d2e135f110N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2768
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2816
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2816 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1896
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2904
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2904 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2912

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a986e27bdccd14a27ade35d1f43b4c70

    SHA1

    d87749be65b71a562c1f3bb29beffaac7906775c

    SHA256

    a109d1f1f822b63eaf6ce8d99306662af44a25750dc5c6fa5641e3033b8f5361

    SHA512

    a95af84626acc6d9fba75da8f85942ba26e8fe0023529b6da3eaf0e9fc162c2acd65e2258e2b832938b3a415279875b4bef9c966a487f4f85edd4d4fc11505d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e136aea60fbe4c39dd410a5bb4946c1

    SHA1

    5192464d510093bed93a956015ce985f85586027

    SHA256

    10c72c94c5338661907651fb04c47b0210672dd42d6a637b4d11b97ac89234c1

    SHA512

    3eaffce47af199794864820e81db9d0193edc30b73045a0ad923df620d66c842e14dc657f05afa7651a41a64ed189cdae7c43ef85da65bac0fc348b09582d686

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6adbf81d3caf9240834821e19803830

    SHA1

    1aa6b625c23c42bdc062e75eeae0a64d5faa89cd

    SHA256

    fd43e886f4db43e60c12bbc905e0eb6856a4ea59ffe60238666f03c59881339e

    SHA512

    86133d9f59f0cca147aeb2a31c70db0f8e94aab8b2ea33395c2241c49d4546a7c4b7afd8912e209cf592f614dba4ff8dcfe8bfd06ec9712e3256176e31e058d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f5aa6eb012155bf7840d6af6c21122c8

    SHA1

    d4ad7e96e370aa6861fc7b01508320f7c1cd9e4e

    SHA256

    9cef209f8bcee94761269a9c5c4867aa38ddcc3dbbaf5f765bdf046e4f05730f

    SHA512

    5cd44f5dfe0dcd55ad52cdaf6950a0987db591ee873cdfd40c3b1caf9cc4858ab3db45bac87d185a61873ef5adf72e75ef992be997a0a24d5d6e46099e6461a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    efa836ed80575b706873e7d69edd4f8c

    SHA1

    51ed6491f7d4276313b88191ace4a4eb386cdf80

    SHA256

    d93819befff879b1040bf5b79075ae24552161cee07bd4d072926b8aa6b2d243

    SHA512

    bf08dfa1464f2b9357f05cacdee1f1900c727572ca4b9dacf68994dd41f2c37e3394e862172647d69c3fd9c2328786b64fb9dc7164293136c72a7d464cf7434e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d4200542e99b0d657dff2b133421626

    SHA1

    b7ae587c9497116c27ffcd1f2eb748e3e185a72d

    SHA256

    9abba9c388dbc734401987cd7f379c5add66fb7bf04e057c5c0237d09f940f0a

    SHA512

    1b90c12678d70a4cbaad137a5019a2a76d1d68d03062db0c361f82778403c0dde3b38d5d6de62437c48c57b60f49a10e2d0bce2ba09966455f66b7c08758a351

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    972fbcbea4abec67c7dbec49f935d7d1

    SHA1

    6995051bb6c3787425f89e5216cfda353ff74ec0

    SHA256

    a20a90f28a5dc78d5c5858772c60bda7a7fffde11ced245019558cb3539ff749

    SHA512

    52b6785c447a55dceed397e76f44434ff12efa7153ddde1279c34532c2225e5405e31be96f2e352e860dbd442b0528e5c53c018fab69da6fec36d454b95c2e90

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b4bf09d855512ca07fe0f6d8af336cb

    SHA1

    4352dedf5bf657c6337fbef9dc68d71256015f25

    SHA256

    cf07a303e195e2afd225a27ae7e01507e575201caeac2c9d5401c1a5c4fa35d2

    SHA512

    24ec1e11a55e5ca33ae21fcd74134e7844d27df8ed8fcdb5eadaf5a5d40b4f6303689b5801fa418d6ed5e3e27b017ab1b0be771b440f3f6b3e2ce6e58917c0b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3fb2e096232ce37fe4da5ea14014c657

    SHA1

    14b3b0d6b7ec6ae132d062a5357e53cac827087a

    SHA256

    c37fc4b535afed7dbf5a634bc635ef11bc31a547fae231e00c0f8f68b220bc17

    SHA512

    37ea8c946d0589e74190fc4792b897688f6d922ecd03b1541fe6c06fffc68917171a8b466fba849cd4db6075b1b127c1b29bf6e14b80a9a7a54cb8f19eb460e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4fae763f353bf129729820c21c147489

    SHA1

    234b2014a5cc72b58734e74ed467556d6c0ddf6d

    SHA256

    d4c6d0069343fcfafe8d1f71b3de6913dfdaa35384e8f67bfaecdb80cc75738f

    SHA512

    5530926ebda857f46de6c904489bb86d417caf604cc2655d47129aa6ba65c2a2c6f0510b05863db05c4087006e688d5914b76e91952b0165f817a9610c977b13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f0e227937fa30e6932b1bb201c3691a4

    SHA1

    a703e82ecd52939ee0ca80115f5a6aafb1d5c6b9

    SHA256

    60ba940fcb75adfaa14675d43703bf9c42006f9c362c2b363119e99f6e057302

    SHA512

    477d46e74be58d46e7bf1fbc360d6b8783734b615128d757e1fe321dccbda8e121ecaff3e4e5b86f6c5fbbf456f88ce492116f95bdb6a71805e3d5dad8dc4acc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    afa10de987befc82f67fc6acea2df241

    SHA1

    0cf3dbd0cd8039fe2cbc55ecd1f6f6d3639b8f41

    SHA256

    2144343a0dd5b647467e75b35860c25b6d0285f974589f80f0fb6abd5750d825

    SHA512

    215f496abf2b2207639c81695735ca6f5dc481d2d9e8d5f4f6bdaa8fc06e25f5ce72f327cd0579a5cbca82a6f1a8c32747ee5aa15551b654f8dbf85621b58146

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    70ce36dd8a09a54f78354ba19624ccda

    SHA1

    02373473b2f3d9274a603b9f624bda2be1b9b67e

    SHA256

    efaa2a9030fbd1d928bd5a3e7e5fa15783c03f2097b49ab7248bbfa53ed77c63

    SHA512

    4f143101a1a44633aad56749be2c4518ec1392073fd876673789ca5c0be567e0f3e7127756e7f421b7083198242f50f3534671859a179089b682aa7646ce5f50

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94bf1b1835f831e476e652342d93da2c

    SHA1

    b62b5a5f56c3043473407a58b0eb4beb5b1ebb3d

    SHA256

    fa51dcea5adea31c8a084b5825f44a4928fde7131b9dde7e01f3bf93001e93b5

    SHA512

    17d8d710bd7cae299f750d96b5e93a507d3591d3f9f3efa9c51d247d9ffd4d2af4b4319c4f3be2f2dd76e004d9e0a25ff9ccaf396c7386b3b4360364c10c08f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    24a66bb9ba974f6787456fad0b0ea957

    SHA1

    d48ded2862ee68ae9a5c6dcbb7f3291606fc6c2a

    SHA256

    46ea6f714fa3531dd2a4863b09c52ae2094b8c8632770d94813895625cf16aed

    SHA512

    b4da967ebce343da1636c3c0f4c2ff8d0a5555d94921ac9d67870d053e2758bdeb2c2559227a0a73e120f4f16712b7dcf91310e16163eaffa288d10b3ce055e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f058929ad418c89f31ac4639afff8ddb

    SHA1

    0c1334c15edd44b990ca451891da632038402e42

    SHA256

    068527dad6191bac85f047b1b07a6a7250b09ec2c3cf7abf4203b7ec82b265c8

    SHA512

    09e7fa68fb0ae30e126564713466731fc83c4ee8711b3687d103836169cc60c05cf04c4262898ac59844812393b32ce8be9cd44d042b31641cb34910fc92da64

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    742db39e931c48d879777794f022b21f

    SHA1

    ac6653f1187454208e6f80e14d7b10adffa544a5

    SHA256

    db5b01d8532bb765d14bc0b38323661f9a6a1d94ede4345e321ec6ae47e9940a

    SHA512

    9f8f4259b49d7c68b2509f1eb395fe55f613f6fb8ea56f84f19bd77a691896bf6ecb0ebf968f894d68ca2ffddc8f24bbfd29413d1061666dc270e79070ab64a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d498763046154466d32f08354153e021

    SHA1

    56fbb5e7de55c37d30ae35bc6ce62ee2d464c157

    SHA256

    6914d18ee581de5c7bd032d943745b86e98724cf929d95b9d37624b9cef5ed4f

    SHA512

    605340a17a4b5b88a97d8a114314110b4e76ca1482374641a800003e7f45ce36a561a853394dc30f7ee95655c6b5f6e2b0926f83797c822ed8864fd7f050a66c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f4a8db873285eded3cfdbd476be2d72

    SHA1

    1606c030c347ac2243ff2415101d38347a002246

    SHA256

    57d19199a71aba9b3ed1d655db9b4a47263fde56a4de54d37167ee49e9473e79

    SHA512

    268a8e036582c34790fcf924e0db17ddad9bbed5a4aa873473feb96a29773760bcb83918fdc9e1e5445489bcdf64b07272c5cfdb4d9c3196d344452c6714bf1c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b533a7955340d0dbaef3ebfa2a3ea1cb

    SHA1

    9fec3c0889adb3ef1cd3908d891696a1c069f03e

    SHA256

    3e64853f9935be27c726ce7aa54fd3a8f6983cd9ef0d3ca4a9ebcb3f308f1220

    SHA512

    598369ef9bdef5b4628b282c66e7fdce697af12fc6a2cb8f9deec765962b47fb135fc7581c7234112e5f421df3c34350c582a7708ea605d1a605f93c9d4d064f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{492BC4F1-C32B-11EF-93C8-7227CCB080AF}.dat
    Filesize

    5KB

    MD5

    2cdc7eecc7a357e33302669557c08c8f

    SHA1

    0b20e632b68daaa568ad0d00b1c17b54062c34ff

    SHA256

    67497a0dcf3a148ee974ba639e86b22a2ed41cd616881f3b66680f7e9c133047

    SHA512

    c1feb13f2b9256986c07e1ca8814c7aa97553e53163519052b7403125a8bc23ff7e7c1ebbbc1fc85e1a8127a5f75920441309093e2cc55c6c03fb2995273c492

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{493087B1-C32B-11EF-93C8-7227CCB080AF}.dat
    Filesize

    4KB

    MD5

    b6f658a5db4e06354f33d2160ff74a27

    SHA1

    7020b696a2f76a5596cce1b6ff74c9457e773bc8

    SHA256

    277299ca6926c1272704f004e3ed287e5db182975f08863998a8c17c6d1096a1

    SHA512

    644349178266fb1661ee1b18b08c33789b2b8e9b2f0796150eec34b33b87c41c6c1177d1e74b677776f3dbc63980c445c2044b1a87b7c0a086cd57e238238e13

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7072.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7140.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2768-0-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2768-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2768-2-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2768-4-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2768-5-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/2768-3-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2768-8-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download