Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

456be755d8...3N.dll

windows7-x64

10

456be755d8...3N.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2024, 03:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    456be755d876295bee40e29e4e3043878a7765c1c2e8ac1e622c2ed6f0a87783N.dll

  • Size

    100KB

  • MD5

    35db5a4b1527f52df173cb584f8863c0

  • SHA1

    3dbeb72f73c8f261635125e28186dc99a346b15d

  • SHA256

    456be755d876295bee40e29e4e3043878a7765c1c2e8ac1e622c2ed6f0a87783

  • SHA512

    add7dd43474e01966384ab31b5ae2e3dbc32b916c4beb23a0cb4465708cab98770c8ada033ebeab642358edbc3d07e0597cbef326585e3ff12cfd9fcc6259813

  • SSDEEP

    1536:rNP0+uTEX7OpopI4iWb50WZgePYrEzt0GE/AiSTSDIqGU2U:x8+tYopj1N0WZVYrXdgs

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\456be755d876295bee40e29e4e3043878a7765c1c2e8ac1e622c2ed6f0a87783N.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\456be755d876295bee40e29e4e3043878a7765c1c2e8ac1e622c2ed6f0a87783N.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2152
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2176
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2764
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2696
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:3032
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 224
        3⤵
        • Program crash
        PID:2164

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bd488a235155ac40b99c473d5bc96d13

    SHA1

    9f4e95266d8ecca379ac48338b640a331d1c898a

    SHA256

    5938e34fd8655341a122ca67460c1a984a0cc24b147bb0a61895d98f51a9221f

    SHA512

    1c2e4b7cad54b24ce6f040945074a2faa8346f1a168996434444b027f5e26c387a5315d86fcce73321254a7d5afb53c9496191cccf9522fb4253a2cb74a7b047

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4386a0a616161182d9429acb901683cd

    SHA1

    9c052d24eaefaa41752ca181c750c439ee6c7ba1

    SHA256

    80d41fa079005b01e9d41a87239388fd4018be17a577accdb159936b9e0ca783

    SHA512

    35b17a360bf6eafc0fb9ee54a8737aa573a55bc90a279732e7775564041a21e1ac45c214142fe8a912fe14a03c40d04557620c2d43f1883c0975cf1f497be33a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    562ee746340f8704ae7fd89a9067d748

    SHA1

    071026157160fa1a77291207f556bb0571803292

    SHA256

    8afd2496bfe2770642df18286a73d017865b19c28917bd3b6ae89aa13af3773c

    SHA512

    05d3626ff56453b12cf7c5283f04f74d0d4c22f713fa4108ea1e68a70f0d55a5bbad7f467d7d00758ca054b3a1bcd3c202b1f9e8ed8e64e88db2bc58a8a6e884

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4349ab4245071b78c9a7b701afd46e3d

    SHA1

    a8510aae224381459c0c4a64c866b76d92d21b3c

    SHA256

    f3f711e8caf1ba0574a6d9ba3fc27658b42a97dd778371faff1b5ef029faabf5

    SHA512

    fe5d9b95296e960225d636c2d1a34be11fd413e25066af352d15d92a48c21390ab97c6bbb90a2684ddc44104789570b27f87397d48129d21a76f7ecf6bb75851

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    602f77923447db324adb23d5825eb429

    SHA1

    c936612787f466788f5ede9e0ced78523c81bd7e

    SHA256

    8c57151f6ef3c87a12fb547b53c897903b89f43ed699385984252fe75bcb254d

    SHA512

    615719c7b916bcf2b9ea0213bb82a4163c5ae4e463028a18892b0ba9a538fe6958754cbcfb1bd48baee52310d02ad83d73cfb4e71efbb5dde72eaebf521e5e33

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b4d5e4c19851862a30366c424d1ba402

    SHA1

    955be59de642b2340d44d94b1bf4b4e29d7b884f

    SHA256

    0d7ab878d82f59a8deeda5442c7b4c13c7317230bc4e950c74ccfa3ad9904225

    SHA512

    9682eef9e8c4f8a761548ef4f5e73038ae6834b3b25c805f2a05e7662369f7c85282c5d8afe12eb2c2f752d36413533f6e9e70ab005d9bd139c07711c2d3b618

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a2a0df1e2b7a2fb68254e401e2269fc

    SHA1

    299eed98217237b52eb2bab03b680c4cc6df8e40

    SHA256

    4b1f923903d86573ae01d63864fd3cadef8875373c8a37c098f6a9f453ada301

    SHA512

    fc47bb9b6f790cdfa30b98322405be01086ad0a8773d896cea00e8b3a6093fabe3fd575a1f9bd445c9f57060dae2bf0bc01e3206466b17173a09b80bd03ce12e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2191a8d9d6523fa529286a3ab543e15b

    SHA1

    a1881a8d76114f975021e20aad21e11b24e8ba78

    SHA256

    dd70d92767facada9829c8c7151061d5956726cb6376675107eda5506f573127

    SHA512

    e9f67ad88f072f1f1ae828e6b25815b4ea0e8c8f823f969e06dcafd0f78596152b211e386303af10464dc91749118c006806102ed19df3446745d12447931d9c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6986d80da7f48b65158de4166c39c0a1

    SHA1

    f2b093cc4ebaba1c7cd6d1fc989958969baaa71d

    SHA256

    0e786221651a3b3e3254549c9035b4875ea2cda9979c8f94a88ad9352b0fafa4

    SHA512

    d0cd88c78d5dcfed16fbb8c620a5bbf11a0b04fb7d46be32f504998a9b8cc53510afc0a53dd267278962cd055780202058d9389f9d49f0e3a4d4181586ef116f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3e2b479333f507056f0d1a89fe84dcf7

    SHA1

    3e305fc20b3dceede22f88e00a3a95fb6dda0654

    SHA256

    a21fd083c011f8487af46f79d9d4131a457c9fd16454984e989b67725d8a4bfe

    SHA512

    03031c6d983a5c83a87ffc4f92a444ec5f79aa062c02fe1479ecaefa5639ae6a6585b9c80d126364dd0a5aee26a5b97a35a774b38f24c8320cec2810e06b1e2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff1fe6b53f201d52a3a4ff07cf313f95

    SHA1

    25546e94999832285b0bb9485449a056aa2ab0b7

    SHA256

    d2aa6d2f4d4f215a7db99ed866bdd4332573eac5cf17cd99f8fd2002c1e5e2ee

    SHA512

    6891be2a01739c66518ed1e7f047e12346ef265a1794e55699c1b886e9eded1829f16b487e2d0e7d03f87b95cc5198b18909fd2f0132f49f31cc81e0ff50a86e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12b7cf36281827cbea7a0bcc0177c9bd

    SHA1

    5ceedecfdce9ed38cdea6c1cac6a2bc9eee882cb

    SHA256

    ca453bf66966f7c7a4c2bd5478b2d35b0ba2e3169fa6721998b79210aeeba171

    SHA512

    77099b76b0189534f94dae2470b5aa5fb1fa64f1ff6e8cd8c552bc116f843a43903761b91f2b606ea0587a7dd5afe293f6277cb9330dafa9bf5f673f8145232d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e4c327804b498784d332494df4e712b4

    SHA1

    9670ff80ff63f9efe6fec8e529e64fb15067baba

    SHA256

    f04c919dfe89b93bf6502594f99361c646a23e271336c085c42bc05db7df6495

    SHA512

    f229d07c98891745a5458845d3c4e85d674da5211c8d7e4f31465eaf53d31cb4db4283626d9a1bfa071b431f107bf0387f9b010e29a79c6d043e07de99334869

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    440e0a9871263d9113c97891a87cf6a6

    SHA1

    bf39b6bf67685a7a7a5ef50c90d220032236e73c

    SHA256

    8b5abebde141b1e7130177504cfcf85527742355708250533cf5e9d3a80f0752

    SHA512

    5ff387d4f1cdc6b28562b586b3a844820f60884dc74ff04cf195af64ac6755e1842f662017da1d060880592d89bd0d70c19352cfedda2ca910ca357183422be1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    05c6a4842fe3d0c65852af54a3667608

    SHA1

    b963ab65e413007a554b5d171d1fa921602431c4

    SHA256

    b9aea5883abf5036c24c9906edf76b66dcfc181cda49888851e4c2a2141c480e

    SHA512

    31adc581a44e731bfedfbdd0e9f079575e5900e4ffa6a553adad238c09e9898f084dabe858f32e14fac108c2afb32c4a09d1423cf478c73f84d0efb19e45c657

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1ba0f509a7df1d9efc43f494f2d8093e

    SHA1

    2989e7aacb7e30b130c8a37bed9fc71209c71790

    SHA256

    6d673cdcaee7d16a048b5fc10e640f1e206cb3c6f0f8220d3c50a33d59876827

    SHA512

    9e2292f4d87354bf83cc990cc40849b157fbfb2e5f02e164c4d49a6930cb80c75e4c8b380f1e77ab2fe178e863daedfe43d06670bbacfc1ae8d6349ee1af2981

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b53f612a927837b2b39538ecd703e72d

    SHA1

    8b87a9c1cf09af462f0c870b9b49e164d127760f

    SHA256

    e8bd49725ce6bb4bcd4eebccc27f3eed60fe3032bf7552ffa70be47139c2e74f

    SHA512

    19cd1b7d0f2aafbfa7edec70dd2836f75562e2f3afa1405fdb7ad5664d409393759de87378126c7411e2cf61689bae3f96078f8fc514046432af416718e7c809

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e0b3d507638e9e4d0ffaa3e94fb79c7

    SHA1

    4ab4f1c07730a16e0e8860e8abae290b107b53c0

    SHA256

    cbe4eb2651e677e978e1fc56fd65e9b7030081e99638d623329a39bc707d62a9

    SHA512

    a829888681ce697dff09afd6db742bd43a9b9363affa460eff078ac559cca6980318609046e7bc985533058fb30835b79e3d78c1786841d3729e050a88adc61a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ceb01b2d51b781372606f2ba5ca5553d

    SHA1

    5fb77a7ff1abba32e50eaa0d9944e86bcdd342b8

    SHA256

    e4e92fff2a3c17f2c0c8e41520e600b027a97e6369d7094fc40ba936010afa47

    SHA512

    30f3dd92656c0bd02634aa1cf37d68fd31a7edc5ad3a7f2e2d4c4a3f84b041bb31c7cd4afb671e7f1301dd7946f6e7bd92465efeae3fa690ab7a0dc8c14e7d5e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabEC91.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarED71.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    59KB

    MD5

    54960c2df820f374ee1216a88a5750cd

    SHA1

    625417a11188c591c20837d0acea1f993f33e01a

    SHA256

    fd45f7c47b029a6f0a94ddd71135fe817f90ce7a231ce329ca47b648292b6cbc

    SHA512

    bbc05eb7872f4f7c3343f47bbda890b28ea6a51dc413fcc959ca515894ad3fdbbd893c4c0959acd1f8eaf479209e98d4641d318890758b7ebe7349c4c3757836

    Download Submit

  • memory/2152-8-0x0000000010000000-0x0000000010019000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2152-7-0x0000000010000000-0x0000000010019000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2152-9-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2176-11-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2176-13-0x00000000003B0000-0x00000000003BA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2176-15-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2764-30-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2764-27-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2764-28-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2764-24-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2764-26-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download