Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
90s -
max time network
91s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
24/01/2025, 21:16
General
-
Target
c5a5958c8a6eadefa872704f3fc5c84bc6bca1bd7148039641f71c94e07111e1.dll
-
Size
232KB
-
MD5
056cf9cd2d87cd3ed65015921c9c7e25
-
SHA1
99a8a59d984fe663828a368fbb484ed50a2e199d
-
SHA256
c5a5958c8a6eadefa872704f3fc5c84bc6bca1bd7148039641f71c94e07111e1
-
SHA512
c518186dd5e2d321277920230a95465f76a74bb7b489fefcdf9d2688adba19f03fa754ce532a859564e0bd7591f378bdf31b41d06b06c0616ab839c6d5f23f95
-
SSDEEP
3072:h+aJd9iRyxPqPYk4K2+QOtvhgWtx50GB/oMpl8aXYQ+cIPKc+4r:gaGyxPqgk4V/OJ30G59pl82O9pr
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
Drops file in System32 directory 1 IoCs
-
UPX packed file 7 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 23 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c5a5958c8a6eadefa872704f3fc5c84bc6bca1bd7148039641f71c94e07111e1.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c5a5958c8a6eadefa872704f3fc5c84bc6bca1bd7148039641f71c94e07111e1.dll,#12⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32Srv.exeC:\Windows\SysWOW64\rundll32Srv.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:275457 /prefetch:26⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD56723d34d51a98f0e52051576d42d1201
SHA1bda320735acb9ad7d5ef2f9ec4e3de77df4cf260
SHA256e86735d65b03cd306c1ad4eead1478d9a2597f17c379c7570454a9061054a5a2
SHA512070d032d387831da441695cdc23f3fbee96e635725f65d1659a8fd80ea5c1a79714b461f49fb1915e7ecb202e463770be26ca46992940308ee8d0e7c046b8c11
-
Filesize
342B
MD5c253f26971ac55ece2823e5d211960a2
SHA19bc69123cbaec35413d87539b4a4d38fc57ab6b2
SHA2569756a1e46bbcf3695bf5d812ae681535004448d0dadca20eeade8a01f1dd4a4f
SHA512d4f1039faf80d7e815c4df67972ab22143f0195c503694b8d7c5984a3dd850267b8f9f915344a59301bc3f6916036c0f5d651b73033791fa15bd40f632c0c0f3
-
Filesize
342B
MD5b2079cd5ba41357495aae7af0682550e
SHA11898050d6830e589607539808c8c80cd6464ba1a
SHA256795a6e46821c16c684075a6b0f60539df94da5fdeed5f77dc861188221c4e784
SHA512a09a5a1bc823a4df01fd4e08a874ae02c3f7c29b3649de0ac4164b4f81afef1e1e46e4b1f4233a19f2c65a4e1ae788eb77e0203e616a4c1c0a88c8803b22e205
-
Filesize
342B
MD5e33e42cbad14fee46171889c4130ecc7
SHA1d0c181142c2ee49366e3ca7a11dce4177c1c69a0
SHA25621ab1dabb5c2ab710db6e2ef66dae2d5dfe1b12005bd86cedeed4b5a239b1d9b
SHA5128bbe1dd006fadfe4bab40aa9f025f8f17079bb363750deee1ccd9152ca0e1537b251172b7c13f33321918ac93857a671cf788e7b507c5935dbceec67818f89c1
-
Filesize
342B
MD5ed8b5a6d388f242925b5b3408aafe685
SHA12d76fd29378f3f760c069f7c5ac8fc357e887295
SHA2561f1fdc3d0fe0e5bb6c28c8a9e11018f5244b2f728ff3e8db5a3ed539ef70eb6e
SHA512a74bcbc76907bda211e3d727f35e948ed120037979d7325b7ea617c9ff1202b0bcaa8be7620e9ab55c8b795ba2fd81cdb43299f1c50461f4a468ab979b71436c
-
Filesize
342B
MD588b4c38a25f19ea488fe2003f9055d1a
SHA16049cb97a94afe4b1a05676bdf846412f03e96c4
SHA2564687e15afe1f1284bfc7c27348acb1229a8a8b718b17f94635a3b92c1a1823cb
SHA512aebca4a27337bab9cdb102b71e4e50eda15befba3c8aab76b8ad9e8b6ffe17dace1b877d7b2135852cbda6f9cf145bc6978c21eed4e200cbf244afd4bd5cabdf
-
Filesize
342B
MD544962f825df6f3fa5ab4b35c384fad88
SHA1c104f47b4cf38f51b3c5af5213de4c4711979f29
SHA25641c5e2b39bdb8c7f26b93d3bc30522eba7f03136abb6da4629a70806b06cdbbb
SHA512625676dc04729868238323f3cbf00b4b37810d7b53eca97fd0606455b848e77eb7a6315797c406f2756128b487fee048a048be655dd9af7b4ded5ed0868648d9
-
Filesize
342B
MD50d57a0c000579034924be3ad8c6514ea
SHA1a8a96660402eecf55672fc4dcd443e029f7dbf4b
SHA2565351f84fe4fa8f7743fd4b51eda4d972d9fe16f80fe148df8fa7af53e44b08fb
SHA512c8b78643cd6bef3f544d7af05933bc3976abea8d6c4ae6075a110713ab66d9437e2a02c4e0c3a2b94fdbe193e4625d58ac2799753f9b1e917fe7f0ce81eaf4a5
-
Filesize
342B
MD50548a82586607cf3a0320cac4dea1c11
SHA158f25712b175d0f3de4ea249b27ee804441708a2
SHA256cb87e5140b0efe676b71f13d5288e14a75ceb371a428aa2a8aa188894e51ce13
SHA512468bc248dba2f4d1fea2dd9b99b91c1829e04ee2f2f2349da21c6aeec19ecad21023bfe97767c152d0fe28002a675866c65c4d5f576468fb476bf68da831b892
-
Filesize
342B
MD5d3c8cb2e1daf9119f78175f91e0100ed
SHA18dfc85a26ecb5a3c7786a82eb2b8effc329fadff
SHA2561f28136480e936c0f5d6473d598c898bbb14d0294fe3f357b10354310fdca469
SHA51282ffe95a31a4c88d339edd59b9340a1fccac9b9e776410c65de45ef80559fe7f50abeb3251cf323c189ab1992351c7ab0efa8b4bc7d07d10d14748648e53182f
-
Filesize
342B
MD593be9c4208564f8bfc87ed5a66e8eadc
SHA1038c55d62523e4571f437c5e80a91dbf6e203efe
SHA2564825e7e1cf6bf1d916fe29753856fe51d2606dfa66c30b44bfc5c5c517f26a4b
SHA5123043446d8b1e96cdcfcf46c2ea064161a2a9a0503a089a69e45ae6f1422b7a0038bf8fd32d373357e4e9c89c04e9acf8ac6fa8df6293d31b285eac3c71c39da6
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
236KB
-
Filesize
184KB
-
Filesize
236KB
-
Filesize
236KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
60KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
4KB