Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2025-01-22...it.exe

windows7-x64

10

2025-01-22...it.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    134s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22/01/2025, 02:04 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnit.exe

  • Size

    1.6MB

  • MD5

    0c487ce5916b8baeb7b233a3776f24ef

  • SHA1

    612a8f233bb6365859fd036c77e22ee25902081d

  • SHA256

    b856be4654e62b6faa5f4a81f6d6a4ea9d79a7d930c46e3d94afbc9a403796d3

  • SHA512

    c53b089cba0789030110ce368570033b8a0b625a1424de632fd80b02f8e59d4e1d37c05c72cf0bfa779cb525e13a2c5d36bc5e2a381cdd6ca54981998d13cf1c

  • SSDEEP

    49152:/oTfSbJYz+fgs5W7xBJmMcBXyP1EnbHWNu3n:Qk8JmMcNHnbHx

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnit.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnit.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2096
    • C:\Users\Admin\AppData\Local\Temp\2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnitSrv.exe
      C:\Users\Admin\AppData\Local\Temp\2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnitSrv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2480
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2328
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2840
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2840 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1976

Network

  • flag-us
    DNS
    api.bing.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    api.bing.com
    IN A
    Response
    api.bing.com
    IN CNAME
    api-bing-com.e-0001.e-msedge.net
    api-bing-com.e-0001.e-msedge.net
    IN CNAME
    e-0001.e-msedge.net
    e-0001.e-msedge.net
    IN A
    13.107.5.80
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.8kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.8kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    779 B
     7.8kB
     9
    12
  • 8.8.8.8:53
    api.bing.com
    dns
    iexplore.exe
    58 B
     134 B
     1
    1

    DNS Request

    api.bing.com

    DNS Response

    13.107.5.80

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ffadd3f53a348218d3ac9ead173844e9

    SHA1

    bbf7ca00d9ecad1dc1ff315c00acf82fb9d414da

    SHA256

    a0132abe543ace18f3a10aaeae874928f6156d6590498fcc7da72eb316529f4b

    SHA512

    540a32f77e3a2df59bbdda0b2b675859a0d1c13cf42ea64608fc2abf46b74798e03051c9f75196bd13e63704c2ea8e8668befb2dcc8cf5a74663ef652ed96cb2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f483437ea22a6aeaa09671c0bdf5c21b

    SHA1

    4a0785f5ab6d5ac1305eba36ea3a47d13216662d

    SHA256

    c9cc3f4bb33d5e073c0c7b40ba794f8def89c26547cf220bfdad36f8bd013b90

    SHA512

    1c2002e036449d5809063faa3f3bfaa1ecf9b6d6578b4fc1f58749c6f453d29e3d3eb59a147c75ce170ae9577b2e5c397a54c747da08b08e3bee4b64f23d4edd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ea349fd243c91dd32fccc6ba4399fe71

    SHA1

    304bce15715c5fa5f4e3b0e45c4abc1f1a4ddb22

    SHA256

    15731665f08c0174f367f59375c34ba8cdaf2e35e5440ee30492b074d2d4367a

    SHA512

    7b740809e70fdffc0119974e9d204b4ba78e2c8ad0b4b53cb38af045a95c9946f840855935f054067da30f739b149536e662f7b05caf1f79f5f06d78fd6c7f3f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    839b9f718b93deff167cd784cf697394

    SHA1

    f9028b74df7d3fd74f773865c2e86fba159025dd

    SHA256

    6b64c4055421c6fae6acf4278448e4fa2788ae833d6322e602d4fd8bfbfbb6f9

    SHA512

    f297cdeea57365a94a8d7b69d237bf9b662ae1d6ad8e404627fd9f42fc44e6318ae20b2ff41ff18a7186fb3d2da539d49a910d08e7f5070e7efc4b23069b200d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a296b4f4032395982bccedda85f0bfc3

    SHA1

    cf392e27f426e8427941d6c090c964761587b875

    SHA256

    9bb2c2091f19002187076aff3b2e0271111f1f60ce1079096e03b5078e41e00f

    SHA512

    23fe45b416f58b36456982cd518cde338399e7b16855a51f156fae35cdcab0b1fac69afd320080eb6ebb2ecd67814b322ef25ffe525f95ce13fe0a5a836f7fd0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    99e76d9b62ab39932c7739791702afad

    SHA1

    ce6cedf85523e853493ee5de8e6e5a3242612fd4

    SHA256

    6dc9ebd2b01cb6bef4d46e8a4503b04b1148b8dd6126df3094cf78d1697faf4e

    SHA512

    b3e0e1f5592541c9b31373a274b20d35df7bd768bfc083ed52638cdaa248c0398238e2111814889d053cfe55eadd8697b5afa3e4ad12a17058a4f149e55866b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18bea68aafda580e20fa92824c1a8d69

    SHA1

    486aecae19470c6be4b78f69e263c2fe9c482408

    SHA256

    dc7cd484ff2751fa9548ca521f97050615ee53f5fec3ecfc573b8ec62f7503ac

    SHA512

    2d92eb61c0762bb0e3cef3673b1f51891b185410379bf38842cecfd9de63f172b8b336389fc67328dbd6bc6952ddbe357cf3aeabd22422f0c62444982dce92c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f17203a71c7159f7fb1704f6985a46ab

    SHA1

    7bd56d18a4566972a3a57c8c8ff09e240951d60d

    SHA256

    a865cff32ba2844c997ae6179eeeb5ffa901d3f509be0e3aac9f1c4ffd57f590

    SHA512

    cf7cb019d7676b262a65c8334fb99d11458d83867b97754ce33316f1bbc214764e85b74955da3768d6890a280e63fcfbb561a17353cfa3a2689ddc4016466647

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e4eef571ce4dbd13fbdb55d1df52c759

    SHA1

    81074bce81521da1e3497c7035f6c7845ff9dc38

    SHA256

    1833ed5107a834d67ed68b0be0656762c80ee512627781d2952a49e06e366bc3

    SHA512

    29ce3ba5e2f421e4b25b73ebc9ff559eb92054e55ea8fb18db2641df1b1087a9746e9ad05a3bf6daca8b33b9dfc5f27a1d65bbeae13ed9a693259f3826375ff5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9a2fc36b9720a2ba7465b3d1766dd814

    SHA1

    c7386450bfd82870ad7cb0c92890c39c5bf7f216

    SHA256

    683365e7ed2ebad08ccf86abb7a97e12777f1785f49b8e7778d05e5539edad0f

    SHA512

    45d2e2421f7549bd87fb32df11c4faf877a2b384994c113b4cb12a6b8266ac570f1c8e526f471196fec5920ee74b7dd479b74fce1b3186d4a174daa59c1035e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d967584b721c8df4b5a141f16d370a19

    SHA1

    b901df4a2910389bb6c3f489bddfb3ef6c8f0096

    SHA256

    955332de472922a09601b4b7f56a2654a00ba563f0fc8186d82764566028f72b

    SHA512

    c687f3c3be1bb15cd4311dcbee80df44edb18579f4726493ef15b18e14e1bf469c18bfa60b3bcf78bfac75fab361eab2193493a7bf378d0f80f375884f05913e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2230be51495cb613e6c87a80b1e9982c

    SHA1

    0de689f3055f8be4e53d8277301d916b9420012d

    SHA256

    c82c050fa7f508232e8fc0a67128e657c8e66da505eefe0241f531af176f2cf5

    SHA512

    530c7bcca2013287ffcfd7430a4d4d65d397fb4fa61e15eea18e004d496f909458aa436dc17d62c328a2bdc749a51d2a0d84cfce090ea210f7197625500ffd24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dff71e56143735d4ef00dcd3b79f3188

    SHA1

    acb75e5240257be8a916abb2556c9c3ffb6e6042

    SHA256

    4084373249ce59bc2102696b2bd84f468d206bb6de8812b6c7dea6207c1b418a

    SHA512

    18b45c290d4a9d07de81a7726f7adb67ce793b08e7ee082c6d3627447cee7427c559ceac90f503d4da52e75f4ee374192cfba993fef1c579bb4d87544dcbde5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    133301067a20f885515b6957b6ada830

    SHA1

    adf0f0d5ff6126f5455fb46293fdbca6fed39d07

    SHA256

    e7090ceb237a44ae5ecbf011f0b176e2b3c507f9f62ea1a37769e5dc3994d114

    SHA512

    93bc24418d2ba98f2d0f5f69a72d87cb4874d1f2719de747ca09cc43c1ace436a5e7a49e05e6a67349e191ba2d288bfdc06814d74ba4013d2505881b1589e986

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    205c71637492d99251c59ae7e0d546b5

    SHA1

    f89449ee4ee8133befff81ee2e26db902d410996

    SHA256

    14acda565b42319a44c630e756726cfd8c3e87cdbab7f64f9b8aeb9bae3b58e3

    SHA512

    5f00a7a5c78aaad4b4cf30ce5c14f1882e42eb498d74cd18d344cc784daef8911c682dce71940e283a8506f44b20a3055310bf0e19782b5f3860045e3883431e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1c71065d17edb42cd4ec11ab5dc5134f

    SHA1

    3f06bde74021643df810b9d15f1bcb5ee73de331

    SHA256

    dbea6fde9b00f2010017ab05d72791c3bfe96f010f7eac7b5837ae5c954cac5c

    SHA512

    c597680377313909f05c6caf31a44c7bec141fac461a17a75c24d2c9df7155dcbdf6db6389fc3e6859b6c8882ef40cea1d69f30d005d86e07fcf6ebdecfeb80d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e7b828e18612c4ae4000765745bb5e6

    SHA1

    37bb9eb12654661576ad90b2f9bf0a98fae42059

    SHA256

    0a358ff626d39403eb5bed76de64a5581f68760d9b9fa3c1f13ad862093b11b0

    SHA512

    8d55f0e9697a05337db7417b21fed72cd24e4e8d88ad695f0cfb443c523bd40e3daeb8487999e168bad1c641f650919e89956fee13afa4b273f52d8625c107f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    70ea402f5ebc533327502c12bd074dd7

    SHA1

    51a74c9bc95a05db1a428ecca06a80ab9af147b1

    SHA256

    83bbbba8f18f7a469a0d8e4d7e45a4e9f8f4daf98e3c33297858aa93033b2415

    SHA512

    a43aa11af595d9c7a739e948b017d17ce81b9c29ee1ed6da144b8d2cfebc922fd89ef5bd1f4cce6389bc48d9dc48ca3046a8398cde678713f8a212d664a1ebd6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    66db06808bd455e0db838727737bc4ef

    SHA1

    f29540b1c97e46669a15fec457df536250bc3328

    SHA256

    68a58acf19900cb80ee6b17c93b7ad4b7c7b6baf740bb19487c402d79c1f7de5

    SHA512

    1b81001562ccd8bd13a0676be67f01c087d85f6736f981dcff408484a88b24f84b033cab382947e2eca3da8392dff623728d482cb5483dc7ebe11adbd167287e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF76C.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF81B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnitSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2096-451-0x0000000001060000-0x0000000001267000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2096-3-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2096-0-0x0000000001060000-0x0000000001267000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2096-22-0x0000000001060000-0x0000000001267000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2328-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2328-17-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2328-19-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2328-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2480-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2480-8-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.