Overview

overview

10

Static

static

8

范伟打�...PI.dll

windows7_x64

10

范伟打�...PI.dll

windows10-2004_x64

1

范伟打�...dm.dll

windows7_x64

10

范伟打�...dm.dll

windows10-2004_x64

10

范伟打�...dm.dll

windows7_x64

10

范伟打�...dm.dll

windows10-2004_x64

10

范伟打�...��.bat

windows7_x64

1

范伟打�...��.bat

windows10-2004_x64

1

范伟打�...�.docx

windows7_x64

1

范伟打�...�.docx

windows10-2004_x64

1

范伟打�...��.exe

windows7_x64

10

范伟打�...��.exe

windows10-2004_x64

1

范伟打�...��.bat

windows7_x64

7

范伟打�...��.bat

windows10-2004_x64

1

范伟打�...��.exe

windows7_x64

1

范伟打�...��.exe

windows10-2004_x64

1

Analysis

  • max time kernel
    37s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    24-05-2022 17:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    范伟打天下招财宝辅助/招财宝辅助.exe

  • Size

    1.7MB

  • MD5

    9cae8990cec8fff426d4555e1ceda109

  • SHA1

    5b23b743f57ff137bd8f04dcdb44235ad354169b

  • SHA256

    7312da64e917caab82def3a5c324b8a2c4ca613676971585ad8f50094ea57cd9

  • SHA512

    0a14cb69b7916df5c275bc4aebae870221412fbd61407abff3ce6e67e32969497cac5ff269677121047c78c5093a9877507831417245e25f0b09f15346c2ff8f

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • UPX packed file 26 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\范伟打天下招财宝辅助\招财宝辅助.exe
    "C:\Users\Admin\AppData\Local\Temp\范伟打天下招财宝辅助\招财宝辅助.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1708-54-0x00000000758D1000-0x00000000758D3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1708-55-0x0000000001E60000-0x0000000001ED2000-memory.dmp
    Filesize

    456KB

    Download
  • memory/1708-56-0x0000000001E60000-0x0000000001ED2000-memory.dmp
    Filesize

    456KB

    Download
  • memory/1708-57-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1708-58-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1708-61-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1708-59-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1708-63-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1708-67-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1708-65-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1708-69-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1708-71-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1708-73-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1708-75-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1708-77-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1708-79-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1708-81-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1708-85-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1708-83-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1708-89-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1708-87-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1708-91-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1708-95-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1708-93-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1708-99-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1708-97-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1708-100-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download