Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

8fb0bb1050...e0.dll

windows7-x64

10

8fb0bb1050...e0.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2024, 07:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8fb0bb10503970ec506aaf43ff42aaad9009b76b0b9fdeb5b33d7cb4fac3f0e0.dll

  • Size

    124KB

  • MD5

    97cdb6b3376fddceecd30808a87e3f85

  • SHA1

    ffc0ce7886a99d4f1654b1654b88a750961e7e19

  • SHA256

    8fb0bb10503970ec506aaf43ff42aaad9009b76b0b9fdeb5b33d7cb4fac3f0e0

  • SHA512

    7b2fa4855aa5ec8fad6d357b76535005071927d2f144c6c20564a6943e45cef5c1d51ebf6f47d10ee10721061b8562bec1da4224d89251bab7e51b66108e8064

  • SSDEEP

    3072:jjulFr5M7VmKeZ88Dkj7oR2SqwKJXtf5DGyVBQwIY6X4+:jHcvZNDkYR2SqwK/AyVBQ9RI+

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\8fb0bb10503970ec506aaf43ff42aaad9009b76b0b9fdeb5b33d7cb4fac3f0e0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2580
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\8fb0bb10503970ec506aaf43ff42aaad9009b76b0b9fdeb5b33d7cb4fac3f0e0.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1752
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:2140
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2724
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2724 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2868

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c775b37ccf9d5e90bda9dc2703410edb

    SHA1

    125221d75ee1c955bdbdaa9e46a71eeda81ae0ed

    SHA256

    9987a99288b45bd4d23f70be6175c12b95e504cddd259914633b7e31f35a5ac8

    SHA512

    a6fa223318e1229a48d35084477648398411bc2b53ca388915284cdcfe1ded2fbfca33d7e1ded3dcb02f873acf0ca1d23629201782b2f84db1f1b0e9f70ebcda

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    99dca7c805f1163edfb89cf1742f232f

    SHA1

    a95e965c7271518b0af6d7e6f5bcbad319d23fb8

    SHA256

    146b6fd15f78fbe309aba0f4a6c8d9b18925124097542ce291c1b78fa3fa4068

    SHA512

    9f8f43ab00999f22403923d1775c6ec721e7fcdbe071c538cf851ebaf8806cd9881fbdd5a51879e05f11c0a44ca86eba0d4f4509ddef73338ad9d2010cc54ab7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6ee2c8132ac4d1d7fbd7c0b0dba8f4f6

    SHA1

    2335462d6c21085483927724ddb40c8c3da13090

    SHA256

    93604ee08d0851957f96b056059faf9272b5d83729342bea1502945c93a82043

    SHA512

    4a56454c1584698cdcb2650c37bbb78e6dfaba8737b278fbeed5a0714fbed0edeaccdef48ed00a2eab6ce396aa25764a44e4afb78e61fad1f1c93be0e7bb4f2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63e29974cf7ce253fd3e26e77d68ecd6

    SHA1

    27b1f478226dbad861dff70c8f88658c7095ea00

    SHA256

    9bb7ea115f34269d69c05b8974590026002574940a430590fecb5fafe52b10c8

    SHA512

    f7aa2473196295eda484bba5140db6e30f74a49b539e99cafd417131e572ebe3791b30d59c3e5761db5403cedc1fc349b87cdf00be656e5e68d5de9f65fac1a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f89d856a5dfb6170f3a0786b89e2162

    SHA1

    036a71fce291b46e41f7287d8c9f9b48271c6b40

    SHA256

    5ae5f984023e9dd91918bf03a91cd63997e91062f8cd81cab1db831b578cc74a

    SHA512

    871a60a2923a63f9132f98fa939c605b0380bb18c101f8de4b18f91e54517480f835e67387725631a4fefd267c2d896e635165937c6b65cb38e6e56ab04c0259

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6afa759dc2fc679e0aafb7ee0496f5ee

    SHA1

    f07aa5d74777474e885872185825e1e8ec755057

    SHA256

    f0f2449fc2b0743794ff214afa1a824dc89524a91b9cc3444603df64532dc8d5

    SHA512

    515bd3ff6995a41a8a3b3c75883ad6822651e300ac4094217d9d96375158eab0593ba574d626879631e82b67827d7010a9fe6820d11e2c3ff0d5608f5c45c193

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9490b347455754754929c5645bf0594

    SHA1

    1ff5cadfeb903fb8b7c8a83df424024fa227e0bf

    SHA256

    04656185b427a84d0110ed986e7b26c1dc56901f29860a0b095670d60de27dc1

    SHA512

    4a091fc46a0d71bc2a2064f9e979f1ff820309dfbe3cf1368021854363f06633dd857ada476271a114df58225bc3a41ef9bc0079465dd4e29f67e0b9553dd536

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e192fd7302eaac03c1879390b29a9743

    SHA1

    29a0ed1bccc328aa71de5af29b7dd7ab142daa7b

    SHA256

    70b9c7329f56c17655368ec243a0abc810eb79fb7dbee11ff40da96db0660d35

    SHA512

    6a243877abe6e4036a526793a1127d5af6d8e93c4eae2df109275e3c2f7476745095f95cc1e173c47056a41ce68a52df775f56b830f21fcb5519eecefb92ef74

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f8ffa44859076b5db4c15edf43e2d7e

    SHA1

    6150b73f087d729c603107fb4f49dfbcc6132103

    SHA256

    78dee8a29b3c266106a2fc5418daa115fe74caaf26b00b92374b886b9fa89868

    SHA512

    b2046daa60c69c6cd9ff1c5a38fa3c108699014fdbb8428eeb081fed62490c606c6f2b3771b066fae64400ff74bd4b1ae8131527220309af5a0be34318b7fbb1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c4e8faba324d277d8785fa7e3ee21e3

    SHA1

    d4ca12fd85361bd229327bae8e68712e947bd361

    SHA256

    66888b78941a6cfe035a9e76a9bf7ee937deda71078fb8c5510773100c880774

    SHA512

    5dade9c9f79e0c686b4719d251f9e9c182100fa706fb5387d6b30515b9642ff368fdb5e57677fc42a422ff2aef7ec781a3efbaf6c905df3cf92d7a6d0c0eef1a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b5088411cde569eadf5902fb8b19fed3

    SHA1

    199483fe2c89d4c901781dcfcf45b0a8bb2bcad4

    SHA256

    2008eba4dcc9a6dd742b22f91ad6e17637dc16499cfec2a1b2c54cfa3cbe57e2

    SHA512

    06dbd6340dd95e35b6009cd470edd0b41a83408e827804f5ad93e5bb203e8b65e7031674dd2921812956006641ded769db17a2fc58b7c590de4d50ade2e3b76e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6407e3a949bdebaec8feaa47c646aefb

    SHA1

    3041dcf49b7b40aa53dbc354b2667803ae214634

    SHA256

    0a12b86e1b838be97a529ee13676f1e9e131ca974380115ac1ca918af94d132d

    SHA512

    8c693b49cbe5708b363c12bb0462b08761ed78546e456d6d3d4ea7c23a8e2a332e92f2c54a0e634fbce1bcec728abc55397704e4f9ca1030a073b9b6ee73df82

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5cd6212f56d9eb30d2f069b1f597bb8f

    SHA1

    4610d59848f455a290e88b31a1cbf20786e5a984

    SHA256

    2bd9bdec24df341f7583a6c15aa4ead9c0c1e28a1d5c1bdbb56dfbc08dc479f6

    SHA512

    c735e175fa006a7911fa8c40346a4a7dc01671e0bcb1d244c2e953392d960eebb051b2e551e9e9f5437135766311bda7746cd014fe82a4773d21344945c489ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e71360ed36ca918037a13deb8403f59

    SHA1

    1adfc1194f8b3466aba83cb0a3e2a33c808d8f25

    SHA256

    e73d5083ba1d9111e109870cd57f29942ac6ab71e303bff960b805b8f58fcc4b

    SHA512

    de795f35d78edc96c8011cc5f97f88ade8fea33552baf268a62d49a76de53e2faff9ed5a8d6673f37382a83e16ff45d9f155dfc9f2cb6c86bffedbdb41ff22e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1708038fb872d2cf374f318f968fe690

    SHA1

    524c2eccba71eac1330e2cbe37b904ea56639639

    SHA256

    0fe473f2712e87cfb8cccb952ce0f404281c70a7c45faffca7d2296e54aa80a1

    SHA512

    192b099cbe5bc8e040377ebcf58197145522039fcee387694fd946f11c8131a893a13ce2d4a37a7aebcbee882b894567a1428db5f7fb959cb882cbf1b62cfab4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6158a869420356e1d9b3c70be977a86f

    SHA1

    e8a604525da9cdb7fe3c677cf898039afea53e40

    SHA256

    ce54cf278685aec1bdaa2df59d8fb92d41e33bd69294f22ce7e971e160e56a5a

    SHA512

    380373d9ffbf8517048f6558136ee248ac0e6a0190f58aadda613ad1e6396375287454798471956d65872cc58ff0b3bc403d6b9ad89f5e063caa63656748f046

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d08636b601397104331f30d2f50ebae6

    SHA1

    c51fc7660d617e35cdf07cd3246b74b193283ee1

    SHA256

    5ba7070bea3d7a49314ead8596b2a2c720b2f5389dff702aa30d56b7958a6e18

    SHA512

    e1273c540c16c0b5693c19e83f28e9a18f62e7e89929aec0a8330dc66136a578b269d8afef38be4bf193fd576364bf61976f1c5ec7195bf65de5b7a78e83fc41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d2e263554a3a9592b8edeff538814fe6

    SHA1

    f3422495e5558b36656ed3b2b6ebe6df9301da05

    SHA256

    720ba5dca34ef8aafca21be360b9b8aee8ae859e7955112fc5f6f176069508e0

    SHA512

    2681641486ef84d751f222784fe49f0c1b81ba64777379452773b97d260e8859db5ee08a7d28bd37dc67b84812cd721aae55db89d9b94057e787f41a34f18427

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6583b1574fd8da8a2c93e587a8498aae

    SHA1

    d9e5257f76c02c6f414a8256b51ffe93fcfee565

    SHA256

    37bc2fd2f28554b939fe7e297c830329134da25c73d87147737e90b87eb648e2

    SHA512

    4b7b2a00aeee1402db6cc8066b9bb8295d0be8d82cdc7e3f6991f6e91865c18e460e6f3cc10842f97921bc0428628ea80e536630ccd1909455b5a0efe01cae16

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC8DE.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC9BB.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    88KB

    MD5

    fe76e62c9c90a4bea8f2c464dc867719

    SHA1

    f0935e8b6c22dea5c6e9d4127f5c10363deba541

    SHA256

    5705c47b229c893f67741480ed5e3bce60597b2bb0dd755fb1f499a23888d7d6

    SHA512

    7d6d5bfb10df493ffea7132807be417b5a283d34a1cd49042390b2b927691fd53ecf8eee459c727844395f34e4230b2cd85b38b7fb7df0a3638b244d0c3f6394

    Download Submit

  • memory/1752-1-0x0000000010000000-0x000000001001F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1752-10-0x0000000000210000-0x0000000000230000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1752-4-0x0000000000210000-0x0000000000230000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2140-15-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2140-21-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2140-24-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2140-11-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2140-22-0x000000007701F000-0x0000000077020000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-17-0x00000000002D0000-0x00000000002D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-20-0x0000000000190000-0x0000000000191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-19-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2140-18-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2140-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2140-13-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2140-14-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download