Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

164137e9c7...54.exe

windows7-x64

10

164137e9c7...54.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    122s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2024, 15:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    164137e9c7a5096e5aa479faf3d53dde1bb25fa811afd4d3476d01d95be50e54.exe

  • Size

    382KB

  • MD5

    4abde9a6c0e63e8b6688e4e90103d015

  • SHA1

    20f8380026eb57f94568f3fc7610a7076f433681

  • SHA256

    164137e9c7a5096e5aa479faf3d53dde1bb25fa811afd4d3476d01d95be50e54

  • SHA512

    3adc3ba7e82ab57fd332f80674376c9ef9ba12d1d2d21da5fdee8bf8ec4d93de1bd38962dad357db24c85f33f1a4054896cd196894a8323a101242161c2f0c1f

  • SSDEEP

    3072:4k59fo2r2f0oJDib8iLws7ngPDwGj9Tf8mrxWxfaDAHVyQ0Po3:4k7o2r2fj2P8sbg8Gj9om1WySVyQ0A3

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\164137e9c7a5096e5aa479faf3d53dde1bb25fa811afd4d3476d01d95be50e54.exe
    "C:\Users\Admin\AppData\Local\Temp\164137e9c7a5096e5aa479faf3d53dde1bb25fa811afd4d3476d01d95be50e54.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1832
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2536
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2536 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2092
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1284
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1284 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e89d2b315062490ac4783fcb54dc09d9

    SHA1

    4428f8cbdd695e44a9530f0819193fe2be94abd3

    SHA256

    cd40c88d8f6c5c22c970b0677d7c2fb36644b6d6213840a8a4900f51dbca92a5

    SHA512

    417b82ac70d10ad8794f049b40205751c3264253c8cc65505157bd50682d63bceef712253bffe13db6beeaada622d84d034e51ad48121a0f36fb4152ec53ca44

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9220e62d0f3a47b9a531862da02989bb

    SHA1

    82eb716cd1179d7c96cea51a30538860b542a9c5

    SHA256

    36483e8314aed906a767320ecc7a1861b213b4dcca89bc0a842efe04e1f5b7f3

    SHA512

    961b8c392023413cdea345b773681def2af52d260af3b188acd10b8a34916426c7578a3500ac73293112852d95906fc567dc6a207b55abf2c71d97e300738f39

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    79aaae3a532eb0bd5a4f6635c41dfbf0

    SHA1

    2e0bd70964dd66055711309a80ff6d6d4dcf08b6

    SHA256

    05ea3d2a0c1647c4bd0fde33f89cfb83e17aa26b98c53c9ee73e0a4e63c4c332

    SHA512

    7ad7546863345fd9a4c209fe56840448d4a4d88a8e60266bda2c368d992adee67cca7c1ca8d753c8d48e68ac65fabd7ac0332881cb50e81ec6e8bbc5c07ac668

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e8e73175b64550b39941740cb68fbee2

    SHA1

    b1c2e2714549470dc0fb32bc219f85e18f489a05

    SHA256

    b9bdff92b8de1b3558e6a88396f7cf26dd102e9b11e5c6b5dfd629743de72ad1

    SHA512

    93708e13f8b1a05f0a0095191b9d9d80b22605eed2291df80f3becb245429067ff72c90ac523f59f0b4cc35fc09402a026668a5d4b192e805f0b3f8216a3a5c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a1b5a2df8566ef70e437e62a886605c

    SHA1

    5b23a6af2d78fbd0a64710707fb433faf32f13b0

    SHA256

    3cc8cf46a96c5f2b6ed5dd6c7deb6d7f5026e0de97dc72f87297609f02d2a7db

    SHA512

    b167bdcfa79a16a86c326973ea1b59fce6339c2e1b284d9e8450d10fb92a886f89cbcbb59bc4664b7efe1345e2da7de4b68a1f506327ec0a92f82f16b5a7ef78

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f1981573a278a67c041f1d23fd7a036

    SHA1

    11a4b3ab01d7938eca52aa916ea8264a180e69bb

    SHA256

    9685a68a55566ce1f4de7d01a986dc99b3936306067d13c1baba2d0416538919

    SHA512

    b6bcba439a7e2ca808e548a4f59f0fa6afbcbce09f1be860548f15566bc4cf9c4f40c9ce7c7b53de20bb263caf740d13135c987177e832e74a6de1aa985f2f76

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2dd36c3d715a1b75b9256d5e4692234e

    SHA1

    eb6337ddf08752a852251bc64a6858ec5fab9572

    SHA256

    26a15c79af0b4cd1ba002b7162aba53da35712e1edb4f21ee72fab0e0bf9d0ae

    SHA512

    64e18334b2d3bb5101b466f0217ad8084c02964addee16494d6f547dfde294056b406899c77e1e0fec021463e4e1657571ba659e1bf661c58192513203746b3f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d55f78f6918532d8fe45686ef375e043

    SHA1

    a545e3daa6cba41cb5bbccb2f6aa23720924bf2f

    SHA256

    00ed2a3877fd3e340550a75ec3b4a0bedae0bf501c8198bb320f6ee1d1b82b88

    SHA512

    66754117d70c4a41529aa466ab02aa9043052e99557c3496d0ce4ad6f1bdeaf9248934dbf0d092ae55865d3d67dfbf7dd1be0ffe23a3eaf3aa3a2b19086a9db7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb65c70df2ac042deb76379a91975ef4

    SHA1

    c45c9ff66f8205865b6370eaedb2ca4da4059a0b

    SHA256

    e95847dc092a090a82d5bed5dcdfee153aa00020cbabd72d17d4564c089c83d1

    SHA512

    e46a8a53f5591995476349f15259af9eeb3d300f1792b8d9d8590ca9079d722582268a2b09ac6a3f77d69436044b1e253db0d86230415e463b5cc0579bde90c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    468113f25ba4bca59ae4fbd9a035d171

    SHA1

    0244dda63b6c2ca9fea9e1965ac95412f3b903f3

    SHA256

    1cf5f89ef57031e02bd4f45c54337db80d1815b7af46a3cb3c7b87252481af26

    SHA512

    a87ca9364456487ea445341948a2a08e03e724f1461d4aa08676e9eb7ec40b65b77f242b6b07e233402b43da40aae92b61e8c9813ac625a329470983684f2e3b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d983bb2763ecb0ca2c139fb04e614b3a

    SHA1

    fa666552412921ff3ded3380ec9f0cdc3cfe0fa7

    SHA256

    afd0d1330d2621e4f14e3a10debf54f0529fd42dcd065961f0501750763fa298

    SHA512

    bac0ee82b2355473adf7053f45824d17fb67aa6cd0cc5ed73fbc298369a21aa565e0fc0e108be9c4d32451a2292696b8ab03aad3ea2bb6e84f9f4f0c90af8015

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bff887fc0c14fdba6a120dc0215f1a3d

    SHA1

    1b6acbcb1b426394354f8ec1c1bd73a4bd47f6e0

    SHA256

    8c3815879bd34ad8d1eb294dbad74ee157486a009522816d0f7d056b3e30332d

    SHA512

    0caf076d548aa056cbec4c58bd62dfe6321940b11e06cb5fea3d5f49c97ee5e266d4a0f1fa7ce2a617ea168e6294b532ed1aaca1e86126c2e497f29247512a66

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ac4a20073387454ed4011bccf735b616

    SHA1

    68f54a0eeca9b5434c7aa259b2dadedb38613245

    SHA256

    06d691ce1ee8bdcc7a9412765a65cf7fe82a3a11bf6234d108d4809b7fbb4e26

    SHA512

    6b6d956c5881e372789efa8106d9c09b83eb52b990398216cfebc016c29c3a5a9620d332ef4ef25f953bd1546d5287dce93ff5f0331fa75051508de4981fcc72

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    40df434ce6cf907c7c3b5602377ffbf9

    SHA1

    9663c97509559bd0e6f820a8434ee7d89b8e0ebf

    SHA256

    0201c2a69cc45a91431d1a57545511b702805b947e77408c0c9882d70c413be0

    SHA512

    b3d27d750ddbcd1fea4889d16cc94cf47cac57954209411ef4f431006e79dc12a3d0150c947355a32eef77a21d25ad55d73a1f4723f1b092d0e579b6219b3278

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f2a08e9b3f766bde240892c06868b852

    SHA1

    358efc2f021b7bbf36afa1ccf2664015b3352b09

    SHA256

    84f84b14aaca5b55f3694f7cf4d40467ba975bd01f7b3099996bcb403d4a66aa

    SHA512

    e28c78e056c9ba6007311a1973fc0829994e1f177095e011e7038342f5ccb39cf2a2418b4ce129d0c684701bb7c7652a179f8b399c0714afe5e7c639644e108b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b8159ec7b1865fd77f6d2bb1fc7066e

    SHA1

    b59a813410ba6bf12945d758fe29cd9c818365f3

    SHA256

    94335e6347eb7930b968ccc7f4dab04f7e7db8551f1a5cf067c4fed68eb62caa

    SHA512

    f4ac07ff023d8719291c1117fb4cbe75f8872e54b973191839d63ff10c05ccf0ea5ccd09c6fb50bef79e28a10ef7034c64b5e30dc72566a2fc0b37049f5956e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c82e213b5c1efb56b5e440837d98a3e

    SHA1

    0ad5b7a736e95904095236a98a784928a5199ecf

    SHA256

    0cda07042d3f7f69137f909c1670b5a318592205a55353a2f79dfcae4d4aa07a

    SHA512

    0cffacc307ada6b47dc6604c0184db74da685d4bee67193603900c00f693179f6ac82f44914f496c6b780b8263caa4d54960d660d4a1514d8ce513337ec33220

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    57f7e8b83bf61cc91bd2ea1b46dfed5e

    SHA1

    0ca4c773289b7e87feb6deaaf6dc574ab9ffc98d

    SHA256

    09e4359146ec7f0ddf4d2ac927ed84a94be92eb8198160b2e7b9b0d9791eeb51

    SHA512

    198a7ccd0c41b42e82c4bc3d7b3c3697aa0c73d15aff923bc770b81676e62540ab4afdf1517ab35d1f2c18b01c456fc63db179a844319386b35cfee5fd0f71ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0bf1465007943249998576102e604d61

    SHA1

    de9070c97f13ce86771042a92c61e768f3a99699

    SHA256

    1dcb0df519d76021077fe452a011e53bd709d0b19244a7f7ef64e8ff89d1ffc6

    SHA512

    2d2558185554a9e80ad257187c787c3c4b35cd9f92a58fa58e1c5b982277b037788b9e9b524e28fe30b492d993dc5f6030adabc33eb38caa8c96f003eb497e0f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{93ABB471-C3A0-11EF-80AB-7A300BFEC721}.dat
    Filesize

    4KB

    MD5

    f67b9302b9113ccb08a6cbc27da0ab7b

    SHA1

    dc9009d7cb5d5bb9ea4bf8406e6c40b4d37fbaa7

    SHA256

    de579609003e8932a669953ed2d0bbb5823f5a0db11195dc81d0655d4fc20545

    SHA512

    56d79cc2c6708836aee2c918057bf6c36e11ce21ff0ff61145bb140eee60795d522081ebc428103e498be792ff5e8307b7d7c2786a2526a1d960e42568997345

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{93AE15D1-C3A0-11EF-80AB-7A300BFEC721}.dat
    Filesize

    5KB

    MD5

    de68f8103acccef1b3da33f99a763a94

    SHA1

    04c3d604d08ae2eda0eca05f55f0f84e814338ca

    SHA256

    a0a32bc9c3ebd3d3a5876313bb6d7afdaba9d9cad6831271d185cc3b74f4e1bf

    SHA512

    aa28575f279eee689014f54bb231c0912ea614251ed40c788f1294a6fb5745af0e6061f32ae3370e782d2764714c16a06a67ceb05845a101e37a27b6ee14be6d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE1F9.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE2F6.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1832-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1832-6-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/1832-5-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1832-4-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/1832-3-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1832-2-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/1832-9-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download

  • memory/1832-0-0x0000000000400000-0x0000000000485000-memory.dmp

    Filesize

    532KB

    Download