Overview

overview

10

Static

static

8

95338461c9...2c.exe

windows7_x64

10

95338461c9...2c.exe

windows10_x64

10

Analysis

  • max time kernel
    146s
  • max time network
    146s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    13-05-2021 13:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    95338461c9f48b1a58359ba44a9ae23f38e39a804be8bec143f94aa1b71e932c.exe

  • Size

    249KB

  • MD5

    47cbda60d9893c5fc4cd74ce8c2bbb1f

  • SHA1

    ea131f3b305948e2b2f4007295f2518349d46c62

  • SHA256

    95338461c9f48b1a58359ba44a9ae23f38e39a804be8bec143f94aa1b71e932c

  • SHA512

    c987ee8ebb2152f65085876975f39cb0812424594cf616b1fa1c3eacdbcd676fde414d9b6b05dbeb9ad332c3507c421265ffa7d1083fb44cbfd97b7637de4d07

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\95338461c9f48b1a58359ba44a9ae23f38e39a804be8bec143f94aa1b71e932c.exe
    "C:\Users\Admin\AppData\Local\Temp\95338461c9f48b1a58359ba44a9ae23f38e39a804be8bec143f94aa1b71e932c.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3172
    • C:\Users\Admin\AppData\Local\Temp\95338461c9f48b1a58359ba44a9ae23f38e39a804be8bec143f94aa1b71e932cSrv.exe
      C:\Users\Admin\AppData\Local\Temp\95338461c9f48b1a58359ba44a9ae23f38e39a804be8bec143f94aa1b71e932cSrv.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:2892
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2740
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:200
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:200 CREDAT:82945 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1964

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    MD5

    da18881ccaefeaa4942af9291cb34826

    SHA1

    e4f33c21684bede05ccea60dd0767250ff2b3aba

    SHA256

    1d736643af18fe45f74f67a68c3268b39e7dbd84aaaf46dba5e23e48e8402842

    SHA512

    2420cf80794f4e74fb95934698714d4386e022d68c0c4e181d9d6e189bf3fab09f920e6e9128e423a1dbf357558bab628133d1084a7a306617c3a9c2461a5901

    Download Submit
  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    MD5

    da18881ccaefeaa4942af9291cb34826

    SHA1

    e4f33c21684bede05ccea60dd0767250ff2b3aba

    SHA256

    1d736643af18fe45f74f67a68c3268b39e7dbd84aaaf46dba5e23e48e8402842

    SHA512

    2420cf80794f4e74fb95934698714d4386e022d68c0c4e181d9d6e189bf3fab09f920e6e9128e423a1dbf357558bab628133d1084a7a306617c3a9c2461a5901

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    ef07b2dc81b7fdcc01d8a9cce1261822

    SHA1

    535c60f61ed56d43a349e92b86dd5204a1b61859

    SHA256

    4f4d35e9bbae40c756cb82b60a2bbfe0dfe055b06ddf2494a953ce7565ff8eb6

    SHA512

    1a26ee805d55b252567caec75c0b75ec5493aa1865b4fd8a1cf6b18972e2ffd82ba778b4a6a80ed85c9d016d841d26be11d4bc6f4bf8d8b512e7261dc7ad3fe3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    44e52cbb719701036716c8973b71d9ea

    SHA1

    957f91416899fa53cf76540b015e92c00539809f

    SHA256

    de657df41f3d08b21a6eb3721d5f11c9215f4fe00a639f6641158abee4c77f67

    SHA512

    aac08434a92385a285b252f3ee6f13635f165c0e39b38cc7e2d9720b07a48bab06fb520b0a81351cdca4ee9117d789e4c68fdb4d66071732670d22fd49274c33

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\1IEOMCZL.cookie
    MD5

    2196967d4de2f6dfc0afa940b7a93ba8

    SHA1

    cdc047bf720e167dc9428f7e0bffe917c342e399

    SHA256

    2a399c49ffeb8206c90e05e3d643349aa6161056072e47a71f418d2c6d9863f3

    SHA512

    efd53cdc6a194c39dfe307e044c8c1e347266736f862b6863e45ce18cc10b35bb9a8afa488092369b40ce6ee224b0fcb0bcbe458b90a7108ba1dea5e161b53b6

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\KVU9YL6R.cookie
    MD5

    e429c163fd0d586bc410333a0840c598

    SHA1

    5fee1a94d4d91d559f1279427d508ac3c247d2d9

    SHA256

    a63587fdad0a27c1cc64b50e23d8ac5874efba55a2c1ca8a8296f119b6dabf26

    SHA512

    3922c4cd98d415a3d5670821cfb5f966ffe77ef19bbba026763fe899b57d7450946c7561568e8bacad741b3f0b0c8f4513bfe1cd20a910d92c7cd8032a1510f5

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\95338461c9f48b1a58359ba44a9ae23f38e39a804be8bec143f94aa1b71e932cSrv.exe
    MD5

    da18881ccaefeaa4942af9291cb34826

    SHA1

    e4f33c21684bede05ccea60dd0767250ff2b3aba

    SHA256

    1d736643af18fe45f74f67a68c3268b39e7dbd84aaaf46dba5e23e48e8402842

    SHA512

    2420cf80794f4e74fb95934698714d4386e022d68c0c4e181d9d6e189bf3fab09f920e6e9128e423a1dbf357558bab628133d1084a7a306617c3a9c2461a5901

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\95338461c9f48b1a58359ba44a9ae23f38e39a804be8bec143f94aa1b71e932cSrv.exe
    MD5

    da18881ccaefeaa4942af9291cb34826

    SHA1

    e4f33c21684bede05ccea60dd0767250ff2b3aba

    SHA256

    1d736643af18fe45f74f67a68c3268b39e7dbd84aaaf46dba5e23e48e8402842

    SHA512

    2420cf80794f4e74fb95934698714d4386e022d68c0c4e181d9d6e189bf3fab09f920e6e9128e423a1dbf357558bab628133d1084a7a306617c3a9c2461a5901

    Download Submit
  • memory/200-121-0x0000000000000000-mapping.dmp
    Download
  • memory/200-124-0x00007FF900F20000-0x00007FF900F8B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1964-128-0x0000000000000000-mapping.dmp
    Download
  • memory/2740-120-0x0000000000540000-0x0000000000541000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2740-117-0x0000000000000000-mapping.dmp
    Download
  • memory/2892-114-0x0000000000000000-mapping.dmp
    Download
  • memory/2892-123-0x0000000000400000-0x000000000042E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/2892-122-0x00000000001E0000-0x00000000001EF000-memory.dmp
    Filesize

    60KB

    Download
  • memory/3172-125-0x00000000005F0000-0x000000000073A000-memory.dmp
    Filesize

    1.3MB

    Download