ramnit | 6ace4ddf63aa8d54b60f01e6aaa4638c27b49dfc64a707e35c004eee09de1c7f

Analysis

max time kernel
37s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
24-05-2022 17:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

范伟打天下招财宝辅助/招财宝辅助.exe
Size

1.7MB
MD5

9cae8990cec8fff426d4555e1ceda109
SHA1

5b23b743f57ff137bd8f04dcdb44235ad354169b
SHA256

7312da64e917caab82def3a5c324b8a2c4ca613676971585ad8f50094ea57cd9
SHA512

0a14cb69b7916df5c275bc4aebae870221412fbd61407abff3ce6e67e32969497cac5ff269677121047c78c5093a9877507831417245e25f0b09f15346c2ff8f

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral11/memory/1708-55-0x0000000001E60000-0x0000000001ED2000-memory.dmp	upx
behavioral11/memory/1708-56-0x0000000001E60000-0x0000000001ED2000-memory.dmp	upx
behavioral11/memory/1708-57-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral11/memory/1708-58-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral11/memory/1708-61-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral11/memory/1708-59-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral11/memory/1708-63-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral11/memory/1708-67-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral11/memory/1708-65-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral11/memory/1708-69-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral11/memory/1708-71-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral11/memory/1708-73-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral11/memory/1708-75-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral11/memory/1708-77-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral11/memory/1708-79-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral11/memory/1708-81-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral11/memory/1708-85-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral11/memory/1708-83-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral11/memory/1708-89-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral11/memory/1708-87-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral11/memory/1708-91-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral11/memory/1708-95-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral11/memory/1708-93-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral11/memory/1708-99-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral11/memory/1708-97-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral11/memory/1708-100-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

招财宝辅助.exe

pid process

1708 招财宝辅助.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

招财宝辅助.exe

pid process

1708 招财宝辅助.exe
1708 招财宝辅助.exe
1708 招财宝辅助.exe

pid	process
1708	招财宝辅助.exe

pid	process
1708	招财宝辅助.exe
1708	招财宝辅助.exe
1708	招财宝辅助.exe

C:\Users\Admin\AppData\Local\Temp\范伟打天下招财宝辅助\招财宝辅助.exe
"C:\Users\Admin\AppData\Local\Temp\范伟打天下招财宝辅助\招财宝辅助.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1708-54-0x00000000758D1000-0x00000000758D3000-memory.dmp

Filesize
8KB

Download
memory/1708-55-0x0000000001E60000-0x0000000001ED2000-memory.dmp

Filesize
456KB

Download
memory/1708-56-0x0000000001E60000-0x0000000001ED2000-memory.dmp

Filesize
456KB

Download
memory/1708-57-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1708-58-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1708-61-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1708-59-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1708-63-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1708-67-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1708-65-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1708-69-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1708-71-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1708-73-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1708-75-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1708-77-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1708-79-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1708-81-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1708-85-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1708-83-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1708-89-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1708-87-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1708-91-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1708-95-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1708-93-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1708-99-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1708-97-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1708-100-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download