Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
136s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26/12/2024, 14:41
General
-
Target
921ebcd5594f9ec50a2b1d33de44958f89e2933ce0eb632c695f6dc934e0e2de.exe
-
Size
1.0MB
-
MD5
274cd54d172c7b050e86a1490eeacdc1
-
SHA1
1cae02626a6632ef8499d780965c4e5a503575d3
-
SHA256
921ebcd5594f9ec50a2b1d33de44958f89e2933ce0eb632c695f6dc934e0e2de
-
SHA512
bd5cf00f43a212fdb5f946b09039fac23dfb5fd7d16e46bd285a232597fa0a3467db059aaf7e49813e608b398cf059f39012bc0d5b215780a40dd5428650cbf4
-
SSDEEP
24576:zKpsANa+fHl66lNHYWTS6/ZWS5vYLWyghjzojT:zKKAbl6046F4S5YLWlNEjT
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 6 IoCs
-
Drops file in System32 directory 1 IoCs
-
UPX packed file 10 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 7 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of SetWindowsHookEx 16 IoCs
-
Suspicious use of WriteProcessMemory 36 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\921ebcd5594f9ec50a2b1d33de44958f89e2933ce0eb632c695f6dc934e0e2de.exe"C:\Users\Admin\AppData\Local\Temp\921ebcd5594f9ec50a2b1d33de44958f89e2933ce0eb632c695f6dc934e0e2de.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\921ebcd5594f9ec50a2b1d33de44958f89e2933ce0eb632c695f6dc934e0e2demgr.exeC:\Users\Admin\AppData\Local\Temp\921ebcd5594f9ec50a2b1d33de44958f89e2933ce0eb632c695f6dc934e0e2demgr.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:340993 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2964 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\921ebcd5594f9ec50a2b1d33de44958f89e2933ce0eb632c695f6dc934e0e2deSrv.exeC:\Users\Admin\AppData\Local\Temp\921ebcd5594f9ec50a2b1d33de44958f89e2933ce0eb632c695f6dc934e0e2deSrv.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:25⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD58e148ca9f406342f4101140d38bfb125
SHA14c37d94a6fe1b7c79a4bb0c210fb5824e23d0466
SHA2560e42b27d7f2b31d90662ca2ff7b597a3c879f193e3c57233d702246c0cb5f833
SHA5121bdefbd59a9e0774f936c2ad0063e4c47fa5962d64daaf1bb30a7a29ebe55adce91326d32043b3a02918b0d1e90ec5673bd03a879b48835edde42101682b237f
-
Filesize
342B
MD5dfed77ec3c372f7de8af8e25777e5288
SHA18666351424f15fb8ef3c68366bac988ba503deef
SHA256f903cb3d2e2982aae26a10aaae5e23a2aa96e9cafcb153785ddf0b660df85372
SHA51279ef5bc2599667cf1d21e8438da62d638ec94155a79ae4eba7749fae3dfb21f799cac97b44a895b3b11fe404200d15e15bcf9de8a7430b33ae4e7d19ac02ef6c
-
Filesize
342B
MD52dc28c8570882e7591835877e774ce28
SHA1aace597e00409b901fec5fd11f41de2613d7d5bb
SHA25687e32a47e246b3502266bea964bb564eff7f1d14c9410d86b5f2223d9e7c9376
SHA51237662a7e5359fd31dde238f75eb38e3944bd7a4708c094f36641ed68a2fe48e5b1a8ab5ef14b5209266603b7a8a5841adffdb481041c1cd9e1db6b47930c576c
-
Filesize
342B
MD522c7216d8b10d02def2d32061015147d
SHA1826d04af106c1b015a6d7eb9fb4ab7e1fe074e40
SHA2566d8285e38edd5bfa83d9067e421f6e8113350b54c8d0231f38006786b9ffe3c5
SHA512244dac26b5a35e2beb6371be8317befa99ac3ab5fc162736a1741305c36e6c18dd99e6c931107bc2ce296b1b5f7675152b5f665e82287f81ed513e8fc1a378b8
-
Filesize
342B
MD5fc9bafa81d7272f7483e06b9e0c59f48
SHA14eb76d5b5f826c6b36dea4b109cd0a77394e9f8a
SHA256dd59bc593c8a81c6d282466c119d24da6f0f5e373d3b1b3b0e5ca9fbcccae0c3
SHA512f1e57a9684ca4218b5ec849dc51add207783fbd475c6a81f0e45a1bb7c89f894454b872d234d22dc7625532a0f458017506d61104c5e7f0347f2d6da506e484a
-
Filesize
342B
MD54a711cfa5ad1af2465ac92833ba3a567
SHA19fd2793f6c405913f9b822f9ae10f7015b236c5a
SHA256a0c590c4dfd80e5a56e0366100f6e39e4969efbcb4601d12f2ac13566fa50ce7
SHA51215322746258efd01edfbcffffaab29ad08cb6c2b71cca125c86f471780de7593b7cf84cf40eeb850e45709e77ac35dc31ce34b0a3c6a60e93a15f2eba2930860
-
Filesize
342B
MD524e6400e9f35e4c372ff95c6c964921b
SHA19a25891de92f3f0cbb65a6a222e0dcf8f2645959
SHA256b68dbfb4d1651aeceecb5ed4fc148e89bf28bb776846ca696e3488f77e30b2e6
SHA51256003ed66e65e35c755b69fed1648ff0dc9a6ea9c19376b44f041ae7f7587b276f0ad6e79d08c4238de715d3f1d5575e2e9e9862724a989d1b34119c54003d5f
-
Filesize
342B
MD5412c30fd8a2d86419bcad45a5b9d8924
SHA1e10030b390d2b11fabb80e82d827b9d0fe4ae20f
SHA25663fcd4f6ba220211ff8765ae2d8d9e0816abb17547b09c07d40f10e54425df49
SHA51281b07ff553ef2014afff4fd59da02e7199903ff4927decec154424dfccdfc726581e682a3f8c83125d65669371e454a5d95a3e4cde9702c6d8a94c93013e780d
-
Filesize
342B
MD5b5321a2c0c959aac59da966024ddb5ce
SHA1b70d0c3d945b5fe7110ce77b5e5c8e18d464dc80
SHA256949980548e5799845a7cfdbec033f299893b405d65b96279d5b1646f3c5fc76f
SHA512a0da3e173bb0c5d42d79447c217df04758d859f9b81838c151cb9b6cd1ef9dd25b406cfe9e8433c0add5be6e705b9920093e42e67cc5b5fd023c93574097e354
-
Filesize
342B
MD505f189b648f7c3b96ecaa09e4123d554
SHA1aff0b6f7624e6172abb20f6feabc7df9033a112e
SHA25622268af5e7be3223879820cb69701cb7b929caf7254bb75dfa592179bf7051d3
SHA51237e1283120d34b336be19360018f6a22ec325a74c33eaaa3142be462a1cabefbb8cb986eecab6045ee6a697a78dd5f2dcfe092c21b8b8a8e3e4f7adaf65d22bd
-
Filesize
342B
MD551aad64b8af23e31f34e26a9e03bc64b
SHA1f54958021436956157fe44cf352c61ef2d452721
SHA2569d254c71f27b25c8d658e58b1ce3eb1b936435568cdb11abbe6e19265eea22e6
SHA512d18f4e46c85d1fe51ccba48d99bb56866131b3c5f4baefb6f2fabe5e198da5f0c108083ed2986d70b166a2f4a9adeef324ff10c8c02d465f158ce3cab9354b92
-
Filesize
342B
MD5bb0e5e31dc8cfc193b07bc869ba3afec
SHA15d7b1cdae5eb39cf4a46b1dadc09f94f61774d23
SHA2561d3d3cb62083608b538de768f2472e2f74043887dca55ace63cd2eaba1ce1c8a
SHA5122b9f5cdd5ad173e9846f38c3dca89656de58c81ff28f716ac7e4fa2c01a1f2c8f5675f098f10e00dc4e86f5d4c14e70b882a5ea61d5877883525b9b443c6ff7c
-
Filesize
342B
MD5da5e40f8e4de9731e3a2bf15a2f0dc18
SHA19b14a321a7f0ef166f9a440e11bfe4ffac3f3698
SHA2568c6be393db7a7876119bcf9b217fb36a2db0a49f83c339da4d1080a2e2559022
SHA512a18c779fe9e1ab16a7eae9710d06e9d0f9d29a8d2ac07d387f54543e5afe0a9d16d9cac447bfab41077baa5aa463bd16d70b2137ba5547de6f7cc860830118c5
-
Filesize
342B
MD5b09c1ace18783ac275d1640d0949bb14
SHA1f7008cca6f1e9f2e76796417d12930860c1ae0c7
SHA2562d3d8b54292d3875971c05808ed78801ae458da7edc7f819a4fdf5520ca24884
SHA5125874e9bb3b0608ec3ab39c6b7df0c08cbf6c45375c7d1272b5205c61e807de4cc0e936ea26ab24c58ed79b62ef6e1643f2ac0c1443e03ceada0a1e9eb2db8277
-
Filesize
342B
MD549e398dd1710c75ae1ab577d93be7db2
SHA136935f1ea1d885752dc88380e84ab2d1a46997d7
SHA256848e6b0ecc5c9589b9e87f1b2fdfc25c0968e20442538f75428292e032337971
SHA512041a495da1b3ed37a1d5b3d89e60c5b979f94912de46c8a8977649e4488db3e6da879ad0b6fd4c72a455d3947627d29c614c4c6a97ed5e10957a2c269546adc5
-
Filesize
342B
MD576bde8acc90e88f8df44105a38695aa3
SHA12f313813fcf0689b093a2e85a0430741adeba70f
SHA256bda6b76f4b428df00a1549c264b345fb23887059398b92ea46e8b1be2f99bebf
SHA512f59df41eca8a002b47480eb8d50756b14cf80881c1a103e184cee9c53b2673ac64311b17fd711cc1cf1126c8f4fce3283d5dd54bef1a3abf83c9b5cd21a8eadd
-
Filesize
342B
MD568c16693c8e27cfed1bc574ba0df766d
SHA1399ca8095c176ce89d866914db887ad72e6f3e74
SHA256e5a25822e636e5f442370022a63fed9b1c03b8225c0025590ad862cb8dfe0022
SHA51271627761caf21ba2b5367f810000712ee53bda4797a2c0643e40e60945c7b23817496b34b6837b487c6e9c0db785868bb7597acc879cfcefc117a078aaf133ff
-
Filesize
342B
MD5c78074c9da00332b14b73c42d8b9a68c
SHA1395fdc5281264b720304f13b5390a6e63213ebfa
SHA25671f069519c9fb66cbda0ff897658086190c5822cf49fe90c0d2b6063457fa4f3
SHA51201c20e565cdc88a23f88d85dbf033747d8d90c84245c8a66b79b621c7041bc944c9110daeb7dd53440138457601a3d8fc6f9aa7df044c8e1e64f6aefebd6dad2
-
Filesize
342B
MD57c66ceb0f78aba803ba1a2a69c1e1859
SHA100f05c9282b1e743a252d71786af3d2e6646fed6
SHA256ef602d029dba35070209b89fc3584240c327ada0034c658607f2b4b68e0ab79c
SHA51280eca1e21e9e1e0271cb2e8db5fb85bd4f91a3ec3666a07a249c7d607fab83d4c72c7e458a57cc799d49a9405afe925f3096fc0115a5d9e1973cc8a045baea26
-
Filesize
342B
MD52905b0a931714cbfa3fa7911897efd7d
SHA1217ffaab7b5e2d72e55679e951b7743658a26a67
SHA256ee95f8fbb9a6a306fa7da1a7de342239261c6ca9e9837f98c6fdace02fb79086
SHA512b270b71b12dfcd9e31e1af42fb7fe1eba3a568c8be0e2b2b9065e79f75a51a54c56d3f48a1bdda5b7a0582dd9a88e753cfe30343a0d0889a711c97475caf5ace
-
Filesize
342B
MD5b26324491422a055571f2cdfac52cd81
SHA116d1a0bd7f871dcd646145cd2f0846c12f403fba
SHA25697381ddf56a216740af2ec5b67e400318a9bb3f0a137e969809b16e16aa97759
SHA5126065e17e928bcc277688cb38c753b59680275a3afb252871e7829fa1f0ada6620c8bd83aa8559caa284fc1bfad3e97e346aba2f02d399fe35dea36d392d58f3f
-
Filesize
5KB
MD566261438b3cc7a5df655686b253787c9
SHA1ce4ed61e067d820278dce77c040bd958097af988
SHA256c343a315fa07579e84ad2dec81b6371c901c8ec0c1fa3f2b3b835eb61600f2b7
SHA5122062d2591e071880c5994293aa0a50152c14fa05cfa3038137c5f1e68b85ae9757e94946d723d779d984cfa945577128898c90fcbc0aef9fae3042e02795328a
-
Filesize
5KB
MD5134290357f715798572d8e586f789538
SHA17674ca7389f02081763adf2287668fb6f43261a0
SHA2563bfd1f2638f5b4686c9de0f9d7c03807182aed104e3b4382a72516d8f2a844a9
SHA5125931311f5e171f2776b9b49860950075ab86e3453ce4035032bfa7ebd3a74095b3df8634383c00aa660b2770d17a1972b138ba818042ba1aa45c713d3983c2db
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
105KB
MD5dfb5daabb95dcfad1a5faf9ab1437076
SHA14a199569a9b52911bee7fb19ab80570cc5ff9ed1
SHA25654282ec29d4993ed6e9972122cfbb70bba4898a21d527bd9e72a166d7ec2fdc0
SHA5125d31c34403ab5f8db4a6d84f2b5579d4ea18673914b626d78e458a648ac20ddd8e342818e807331036d7bb064f596a02b9737acac42fbead29260343a30717e8
-
Filesize
120KB
MD56ded751b628ddb2a1c0c05f18858437c
SHA1d1c98eb12d23975332ce59e17e8e1e3f3ad498fd
SHA2566733977939a17dafb2e100c898fd0948095b6b33e8362aebe57ef7ea87db58ab
SHA512554facab0a0d4b75504b0e3f9f8eda4ed0808e5397a214f3bf0c282542dfc2024c449b03c1aa9c1700307ce72ca88c1414650ec865b6e353b5d70f53aab10710
-
Filesize
364KB
-
Filesize
4KB
-
Filesize
364KB
-
Filesize
364KB
-
Filesize
4KB
-
Filesize
364KB
-
Filesize
364KB
-
Filesize
4KB
-
Filesize
364KB
-
Filesize
1.2MB
-
Filesize
364KB
-
Filesize
184KB
-
Filesize
364KB
-
Filesize
364KB
-
Filesize
1.2MB
-
Filesize
60KB
-
Filesize
184KB
-
Filesize
4KB
-
Filesize
184KB