Overview

overview

10

Static

static

8

67fca67d69...62.exe

windows7_x64

10

67fca67d69...62.exe

windows10_x64

10

Analysis

  • max time kernel
    92s
  • max time network
    141s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    13-05-2021 12:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    67fca67d693881c64958232a25e4a2c841e473bc335b699f2b955a14895d8662.exe

  • Size

    228KB

  • MD5

    00d8b22278e3bf540badb67f4cc95542

  • SHA1

    5618e2742527f4e0d64c8cdabf4c547469473d8e

  • SHA256

    67fca67d693881c64958232a25e4a2c841e473bc335b699f2b955a14895d8662

  • SHA512

    f591dbe24dfa3f4c8beac27c10c33dc973621de7c1ded6977475de3aff611d8f1e9dd26c3c173eb60a0a2956acaacf903e2ce6cb09ff712b32c92134282c0ee6

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\67fca67d693881c64958232a25e4a2c841e473bc335b699f2b955a14895d8662.exe
    "C:\Users\Admin\AppData\Local\Temp\67fca67d693881c64958232a25e4a2c841e473bc335b699f2b955a14895d8662.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1824
    • C:\Users\Admin\AppData\Local\Temp\67fca67d693881c64958232a25e4a2c841e473bc335b699f2b955a14895d8662Srv.exe
      C:\Users\Admin\AppData\Local\Temp\67fca67d693881c64958232a25e4a2c841e473bc335b699f2b955a14895d8662Srv.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:2712
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:216
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:288
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:288 CREDAT:82945 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1520

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    MD5

    da18881ccaefeaa4942af9291cb34826

    SHA1

    e4f33c21684bede05ccea60dd0767250ff2b3aba

    SHA256

    1d736643af18fe45f74f67a68c3268b39e7dbd84aaaf46dba5e23e48e8402842

    SHA512

    2420cf80794f4e74fb95934698714d4386e022d68c0c4e181d9d6e189bf3fab09f920e6e9128e423a1dbf357558bab628133d1084a7a306617c3a9c2461a5901

    Download Submit
  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    MD5

    da18881ccaefeaa4942af9291cb34826

    SHA1

    e4f33c21684bede05ccea60dd0767250ff2b3aba

    SHA256

    1d736643af18fe45f74f67a68c3268b39e7dbd84aaaf46dba5e23e48e8402842

    SHA512

    2420cf80794f4e74fb95934698714d4386e022d68c0c4e181d9d6e189bf3fab09f920e6e9128e423a1dbf357558bab628133d1084a7a306617c3a9c2461a5901

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    ef07b2dc81b7fdcc01d8a9cce1261822

    SHA1

    535c60f61ed56d43a349e92b86dd5204a1b61859

    SHA256

    4f4d35e9bbae40c756cb82b60a2bbfe0dfe055b06ddf2494a953ce7565ff8eb6

    SHA512

    1a26ee805d55b252567caec75c0b75ec5493aa1865b4fd8a1cf6b18972e2ffd82ba778b4a6a80ed85c9d016d841d26be11d4bc6f4bf8d8b512e7261dc7ad3fe3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    d70ee1250aaf8d8dc861e3d0241c1ca4

    SHA1

    4d95473cfdb3b9271ea5556401a2f042648b0524

    SHA256

    2208e87500227917c837ca9db201c9b4fe75fffaa0bcc182c6dd278bbd6e4045

    SHA512

    7d78ff1c40cca2726bd253901acef4ded3c7b15acd6711242220493c885cb353b5a17ede86004f6a659ec5f52805b9a221745eaa634dcc45f1f72fc3067edfa3

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\KKF5HISC.cookie
    MD5

    5502b8c0f31e22c6b40bce0cee5a9dd9

    SHA1

    88e6a1d28adb946f606e907fbe296079fcf823be

    SHA256

    f595a0b7c13abc5e667cafde93eb78bb8fcbb1fb03e592d8d4d050f33dc2e057

    SHA512

    33dd0bbdae44e5dab6907bb9f7e1834f2c34ba58d5667d3575a867f600a9c440b42a6eae9b53d57cf52db0b89ee1809b9efe2e01598ae5ce708b570612151f8e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\YYIV5JP3.cookie
    MD5

    b8a37b418e3ec2e5c3463cb230877534

    SHA1

    6105f3f394f448038751a58c9ab944e598f8f127

    SHA256

    c5a69d61cba54604bbb91281989e5cbae889c09988ee6d4ed3e76cca0586acf9

    SHA512

    32df1ab0ad255e12a01ebcd3b9706fc49864357e1f3de65da2ddb3a24940ae850cb31a9650ef664fafed0643c7c4295060df056eae8fa3a8abbeddbe0e97dcd2

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\67fca67d693881c64958232a25e4a2c841e473bc335b699f2b955a14895d8662Srv.exe
    MD5

    da18881ccaefeaa4942af9291cb34826

    SHA1

    e4f33c21684bede05ccea60dd0767250ff2b3aba

    SHA256

    1d736643af18fe45f74f67a68c3268b39e7dbd84aaaf46dba5e23e48e8402842

    SHA512

    2420cf80794f4e74fb95934698714d4386e022d68c0c4e181d9d6e189bf3fab09f920e6e9128e423a1dbf357558bab628133d1084a7a306617c3a9c2461a5901

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\67fca67d693881c64958232a25e4a2c841e473bc335b699f2b955a14895d8662Srv.exe
    MD5

    da18881ccaefeaa4942af9291cb34826

    SHA1

    e4f33c21684bede05ccea60dd0767250ff2b3aba

    SHA256

    1d736643af18fe45f74f67a68c3268b39e7dbd84aaaf46dba5e23e48e8402842

    SHA512

    2420cf80794f4e74fb95934698714d4386e022d68c0c4e181d9d6e189bf3fab09f920e6e9128e423a1dbf357558bab628133d1084a7a306617c3a9c2461a5901

    Download Submit
  • memory/216-117-0x0000000000000000-mapping.dmp
    Download
  • memory/216-120-0x00000000001F0000-0x00000000001F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/288-121-0x0000000000000000-mapping.dmp
    Download
  • memory/288-124-0x00007FFC17D50000-0x00007FFC17DBB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1520-128-0x0000000000000000-mapping.dmp
    Download
  • memory/1824-125-0x00000000008C0000-0x00000000009FC000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/2712-114-0x0000000000000000-mapping.dmp
    Download
  • memory/2712-123-0x0000000000400000-0x000000000042E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/2712-122-0x00000000001E0000-0x00000000001EF000-memory.dmp
    Filesize

    60KB

    Download