Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

bc5e54a0f2...b7.dll

windows7-x64

10

bc5e54a0f2...b7.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    84s
  • max time network
    67s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    24/01/2025, 02:56 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc5e54a0f2466f878e1b0b37683db5f513a00ca5085b09167f317ae22bf138b7.dll

  • Size

    2.5MB

  • MD5

    1a5213723f7d8e0d40d1902643498fd4

  • SHA1

    afb43438d6999be0ac626792653f835a0f0cde0a

  • SHA256

    bc5e54a0f2466f878e1b0b37683db5f513a00ca5085b09167f317ae22bf138b7

  • SHA512

    34257f3f52e54a1caf9249986ff6042b702d5619b8b0dcdf5e1335a74847de44dc48e06be080f87845f825bc977ae376196ceac93ebaeb388128f4ec74c03c33

  • SSDEEP

    49152:ZWGT8J8nXBXb7D1WkEFNPWRp0JeeI8ENn+4B5UP:XT8J4/158WRry

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\bc5e54a0f2466f878e1b0b37683db5f513a00ca5085b09167f317ae22bf138b7.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2556
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\bc5e54a0f2466f878e1b0b37683db5f513a00ca5085b09167f317ae22bf138b7.dll
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2384
      • C:\Windows\SysWOW64\regsvr32Srv.exe
        C:\Windows\SysWOW64\regsvr32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3036
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2808
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2852
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2840

Network

  • flag-us
    DNS
    api.bing.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    api.bing.com
    IN A
    Response
    api.bing.com
    IN CNAME
    api-bing-com.e-0001.e-msedge.net
    api-bing-com.e-0001.e-msedge.net
    IN CNAME
    e-0001.e-msedge.net
    e-0001.e-msedge.net
    IN A
    13.107.5.80
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.8kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
     7.9kB
     10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    779 B
     7.8kB
     9
    12
  • 8.8.8.8:53
    api.bing.com
    dns
    iexplore.exe
    58 B
     134 B
     1
    1

    DNS Request

    api.bing.com

    DNS Response

    13.107.5.80

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f367a798e7e08e2e6c7d85f29155374e

    SHA1

    ffe13a0cf38f4efd57ac2e480448b574533e44e6

    SHA256

    a49f02ce9a2cd099b072ba04c71f9c4c924cf7fa1f647915349530d91f4eebe0

    SHA512

    93f1d68e557cb98f69dcbd2efe2fd2887c5b068f3e224a4848ad55d80d7839221408c206451881e4cdfa909b0f9d3afa2bf01b27744d466dd46fc41a9a54ec8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6ca2d04da456f599ec73c4a2069567a2

    SHA1

    ffeefc4ef9225efd32c7991ad877f6c806913b25

    SHA256

    d8841f01fce07d96a348e39236ce946a254b5ca68034ce640baf93ff53fafd54

    SHA512

    1b53dc5f18d268dea443e854b0079bcddd87a78c2a197cdf0d4b091e33239bb36f94da6b1a520d779d07890e2d8c1c53f0f3f10177607eef72ee1b126fd1c87f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f565ce23f9d2557ca71a5d1be4b9e00

    SHA1

    3122c3b248a11b06e0c07cde0488e235b85a497f

    SHA256

    f85ae11553a1ef1309ab4bd22f9b124d7a15135cfd87157462e86231b9d2c495

    SHA512

    54aadf821962d9684f1d663e1ce4b3bef545a2bd843b6b0fef33e442ca7046f03e7bae534722524ff3fd1a136a656eb55c39cf258f543bf6504aa0145b04666c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a20ae9b05d90491aa7b0e2422defbb3

    SHA1

    0efb7493a5233e16a184315a68bc328f7aad7a91

    SHA256

    38a1cd0b007a7cbab8cd4427cf31922c49620c3872b7f2717065297c5ee01805

    SHA512

    32798967dd4feaf700abd8721f8a2a9d174c2bc33ed8fea6f12f7adf968c3663488783995abf337f7b00c4d5f8ae3d4a75883756b879d3c4743f06b32c2e8044

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ccdbe64b80489f831ccb92a7c44ee30

    SHA1

    e9a9875c724e409f1b0870ed27a6bf5b195179e5

    SHA256

    93e03de913129d5072345a5ce3b95e099a5a92341a74c36b4fc5e22b1ebc5238

    SHA512

    14c5f10703f83b39aded373d4e2d935adef1951552456a442bb3574c519a6cb3e82103a91773bc2e92cfbcdaddb1bf020ff45cb182362f63c575c12f9621623d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff19ddd15fc044f2660f852550c22697

    SHA1

    77119f55cae4612eb704a6408a41f37217ed9674

    SHA256

    7fb96852094f51f8a519bad110ca9ba0c1ffd4ee595730e0ad195039a8c13b3f

    SHA512

    c740660dfa5f841160706e3f4854decce0e754cd35e202a0f80782745063b806d226c218fe238549e7d85cda49f03d24980907efae54baf77bf7babe779ed03e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    355cee5e9879bf8fc4c982c350822cce

    SHA1

    687d30020440f77226421c14eb54f84e435c86e8

    SHA256

    78a7cbc1301bf00b46aaf53c3696c20a98ff062be73e65c425ae9ce79a922242

    SHA512

    5dea235a13372ce39431eaa9599a70c8d779298d479c15c0fc6fbbdeb952b3891ab2b3b7e6e098ed680c7d71b211045324c894b44f36f86cd8fc75b5610836b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f404562bb84d49351b4dc3c70e6eeea2

    SHA1

    886a3c70221e6091f6de81be2b95b74a9854233d

    SHA256

    fa9503dc6a7aa0008d81ffdc9c34263d677b0bec7676c16c6613d3b91490fe4b

    SHA512

    65efdfee4fb2ab11d5e5a6d0a48584902c63b6fbaea53818e08fc4a157adac365cfbf090ed34ddb1ad495021a32d9cf114d3d9cbeea073f4587c30cc3d8945cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b41172defe68d2e1fd16b48c48c85d2

    SHA1

    db20bdf148df32ac08f515149301e8f6d054d80e

    SHA256

    bd0b626be01690684e8d7afd4a1b645ddb959df0fe047fb02c804ea8d126d914

    SHA512

    d208defa41990c075ebdfc5f7c6a05f551405d243e55127c366f29aec01a0c71803611884cbacb0c31ccb8e9eace9e78ebd731ecf7e149193c5dad32bbf545a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    08114029ef6ec64f2d4e1b208f11a73a

    SHA1

    3696af75414d8f483739deb5d57291fe1964bca3

    SHA256

    8e534583271d9a5374207a629343a789c8b01de35c2a2590d9add7fd7cc44229

    SHA512

    03bf758d00e36dd54038cccc360e47471dcdc53ebe06685b96326d348cf7d2191c27b723ae59a34e821f2ab13443666bdd955a43e869c87235ecad311654a975

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4bb5b2557dbc9851c5402a6bdf2e45b3

    SHA1

    03148af00b457e1890e2c7909536a87add214f4c

    SHA256

    65673eb73a548201d9587dcc8de4d19c748de5bbc51c759268b7ebb371f05689

    SHA512

    4ca806cdd25197142b9bccb4405cd154b4b574a14103bcbe2b9022dfd1111a2b4db10d5b666713d98850280dfa0a43c7fb887dfde9842e2035d3c8e350a9d38e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1ba05fa5e3b87cf79ae796990c603233

    SHA1

    997dfacd13cb72c4ddb2964675637bb73a2354f1

    SHA256

    1d9f97085f113676b1dc662998a9c8686380b20966170ee513edb287c2a6dfe2

    SHA512

    74f501a05f1f1963c25952f0a8e1eac5f78576e7744f1fa9ebd93263d8e905104418a28f8058380d47e881331a0f5833dacfe979f5f25ab54babbd2e97870dbd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fbfb50550b7e3fdddbcf3ce42f4fb399

    SHA1

    7b8030bc5a1497582e4d590269de50fb3a0724e9

    SHA256

    25901d3d5e14d3f258c4f80dea8b3a70da1d4753552192a73c8b7f09f4b8b60d

    SHA512

    55c9b0ab8748db4ebeb61c175ea85af545f18d216c8a79885bcb6b084a5575eaab184b34497ea9827b9c507fdcbba787149b9163cdb1ad02af0682d9b7082199

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c79e8df397c603c843ed91124b2b6cdd

    SHA1

    697942f62a143ef6ce23d25c231cdd07fb927e62

    SHA256

    e72dc1167b5bc969b2366a3d9c23aebe0a80735f66ba99de9df7aff65618bf98

    SHA512

    32f922c66326cd9dc301157e6c86dcc017ff18f930ad6401be2e319f3e0875db8ee6f02782b16535adf87ee3c78eb586089b763a777ce03b1aa783e9035959d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aef2221aa2b3c05d7523d7f68f4cc5c7

    SHA1

    d6a6281d3c9a043ef9249e540b47d452d37d86dd

    SHA256

    fb2a501d1ddea92abc7199b8b604ac5fe2fcf2b1b905bfd968bea09636494273

    SHA512

    b0ebe3666289e9c1a3311c0e401d8a939d820cf05a27b35b0588b1109fe4604be22b891350d030bcc3a4905db68201180aab9db96457710fb0eab4e8f24db4fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    598fc512710f682b6474f1b611103ca5

    SHA1

    7237658bb752f82808fc7bc4baf1a5cfc407bcff

    SHA256

    b1f2f09a2b64398fb4a600f62b426fd65e6e9e80e2f25c0fb094973d6d56f873

    SHA512

    11f0e73e56cedc4daa66d817f8a41961ef0fe494363f23b38f1f427a3d5e7607726f580c728b2368f817053d437ac13ee3073a6b89e2ec1105804f2fd6cc32ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    480117149fd7e8ea77e125a5551d661c

    SHA1

    7051ad9cf875df0046405c6e3cfef09493776bbd

    SHA256

    0bdfaa8bc02ceb6bd0bacab5f1f010d948f97b9d84553acc844ff32b75055a99

    SHA512

    0268baab8a8d7938da5e09497cd0b0de17065b8bf4ad45d58c295e43375ec33fac6b81db461cb906e8bcbe43dafc7cbe29fe443941056f3ce2ebf4815ad59344

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9591a61966ae9431fd6969ddabd32b6e

    SHA1

    475978aa81b488ef3522c027e7a77e046db274c5

    SHA256

    5ee8e1a433d5e4b8fbe41516425d34f8de9b5af789c1476e828f6296f895ba1e

    SHA512

    d041f8f68b3cf9883fc6ac080e84b454d4392037929bb9596bbebf306d132bb0a244de09dabbc25d5c30e663e242c6f8d754deec0156bb20ecb63f8f25fafe82

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c12e0ec2ba24f06216aa049387b5cf5

    SHA1

    1a4af4ec06f85006d303f060ebe094233cfd035b

    SHA256

    eff85819f7884ba99a92b76339f33a7951800c40b746427aef451213ff2f483e

    SHA512

    9e97e281f11143caab61938ce6e69d13498ba45f44689c842058839ffb492aa00ceae18845a379241ee1cb6a46ae1c4471351849af06a535cf7d9c2d41895251

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1AE3.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1B44.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\regsvr32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2384-0-0x0000000074340000-0x00000000745C2000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2384-6-0x0000000000190000-0x00000000001BE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2808-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2808-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2808-19-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2808-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3036-7-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3036-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3036-9-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.