Analysis
-
max time kernel
122s -
max time network
156s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
01-10-2022 17:50
General
-
Target
68f14eccee33d195b083273a09b22020a9c72b1c9e53aa68d3fe7e44c3e0b638.exe
-
Size
111KB
-
MD5
50341b4a7b2b3a7d2338348c5a419320
-
SHA1
920ae502b107d359bfc51c1328200001f2d0866e
-
SHA256
68f14eccee33d195b083273a09b22020a9c72b1c9e53aa68d3fe7e44c3e0b638
-
SHA512
476a4fd366d1b8f34607eb5bf3997faba271815086e56b5f24eb6ba8d945c56118f160a223f4ff18998535809745c3f99f9c7994feca188710f0cba00bc21945
-
SSDEEP
1536:4+hzRsibKplyXTq8OGRnsPFG+RODTb7MXL5uXZnzEObzzYJV72x14IKupSQV8g5y:TROzoTq0+RO7IwnYJJV71WSQVlN
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 4 IoCs
-
UPX packed file 16 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL 4 IoCs
-
Drops file in Program Files directory 9 IoCs
-
Modifies Internet Explorer settings 1 TTPs 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of SetWindowsHookEx 14 IoCs
-
Suspicious use of WriteProcessMemory 40 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\68f14eccee33d195b083273a09b22020a9c72b1c9e53aa68d3fe7e44c3e0b638.exe"C:\Users\Admin\AppData\Local\Temp\68f14eccee33d195b083273a09b22020a9c72b1c9e53aa68d3fe7e44c3e0b638.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\68f14eccee33d195b083273a09b22020a9c72b1c9e53aa68d3fe7e44c3e0b638Srv.exeC:\Users\Admin\AppData\Local\Temp\68f14eccee33d195b083273a09b22020a9c72b1c9e53aa68d3fe7e44c3e0b638Srv.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:964 CREDAT:275457 /prefetch:25⤵
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe"C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe"3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1184 CREDAT:275457 /prefetch:25⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1648 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
111KB
MD550341b4a7b2b3a7d2338348c5a419320
SHA1920ae502b107d359bfc51c1328200001f2d0866e
SHA25668f14eccee33d195b083273a09b22020a9c72b1c9e53aa68d3fe7e44c3e0b638
SHA512476a4fd366d1b8f34607eb5bf3997faba271815086e56b5f24eb6ba8d945c56118f160a223f4ff18998535809745c3f99f9c7994feca188710f0cba00bc21945
-
Filesize
111KB
MD550341b4a7b2b3a7d2338348c5a419320
SHA1920ae502b107d359bfc51c1328200001f2d0866e
SHA25668f14eccee33d195b083273a09b22020a9c72b1c9e53aa68d3fe7e44c3e0b638
SHA512476a4fd366d1b8f34607eb5bf3997faba271815086e56b5f24eb6ba8d945c56118f160a223f4ff18998535809745c3f99f9c7994feca188710f0cba00bc21945
-
Filesize
111KB
MD550341b4a7b2b3a7d2338348c5a419320
SHA1920ae502b107d359bfc51c1328200001f2d0866e
SHA25668f14eccee33d195b083273a09b22020a9c72b1c9e53aa68d3fe7e44c3e0b638
SHA512476a4fd366d1b8f34607eb5bf3997faba271815086e56b5f24eb6ba8d945c56118f160a223f4ff18998535809745c3f99f9c7994feca188710f0cba00bc21945
-
Filesize
111KB
MD550341b4a7b2b3a7d2338348c5a419320
SHA1920ae502b107d359bfc51c1328200001f2d0866e
SHA25668f14eccee33d195b083273a09b22020a9c72b1c9e53aa68d3fe7e44c3e0b638
SHA512476a4fd366d1b8f34607eb5bf3997faba271815086e56b5f24eb6ba8d945c56118f160a223f4ff18998535809745c3f99f9c7994feca188710f0cba00bc21945
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
3KB
MD5853cc1b5d46508eed62744c4c6bd2cc2
SHA12a8c7143f74c1ed175ace2f268470d9c302b38e6
SHA256c9c70f18a48ea75cc71e42d4565d1c1363db03a3edc5aa6eecf6f3adb65d42b5
SHA512c79bd373389d701813ac1c47d1990cca84423b997a5dbe97b5a4f25f8347a445ea58861a339991e5d63ce2ac6981e493d985ca6d099e9ae3d3f358d65a9a9674
-
Filesize
3KB
MD57b60e30ed4cc981613940fc5a0491985
SHA1bee5e9e5d4a06f8128a2b71ddad497728a5bbc57
SHA256a22d6eb0a35791ea5f8d8f5a022893ce01c9c85ded783d288dcb2a71e29bab7b
SHA5127ae173f3925bd1e5dc4607893ee14886dfd96e1cac3bfbe9c932422e7d1afafae953e360b424da09151f688a466fd5a5c851b28692b1d10785d0aa9f0d12125c
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
606B
MD56f0f9248446b567173c15220cb588919
SHA1e53b3d7d4aa1a589e3822d23d779b70511b10d76
SHA2561bd70509271af8f2e5ec2a9bb60875920fbfb0d55d2cdfb7cfbbbc14363ccf4b
SHA512686becbc8128a654b634d7d728581c7687b2890c21b52107acfca0f359e612aa4018f8440f585e0f1db64c867c84cfe25346f82277ad66257719b66813cbfa70
-
Filesize
111KB
MD550341b4a7b2b3a7d2338348c5a419320
SHA1920ae502b107d359bfc51c1328200001f2d0866e
SHA25668f14eccee33d195b083273a09b22020a9c72b1c9e53aa68d3fe7e44c3e0b638
SHA512476a4fd366d1b8f34607eb5bf3997faba271815086e56b5f24eb6ba8d945c56118f160a223f4ff18998535809745c3f99f9c7994feca188710f0cba00bc21945
-
Filesize
111KB
MD550341b4a7b2b3a7d2338348c5a419320
SHA1920ae502b107d359bfc51c1328200001f2d0866e
SHA25668f14eccee33d195b083273a09b22020a9c72b1c9e53aa68d3fe7e44c3e0b638
SHA512476a4fd366d1b8f34607eb5bf3997faba271815086e56b5f24eb6ba8d945c56118f160a223f4ff18998535809745c3f99f9c7994feca188710f0cba00bc21945
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
184KB
-
Filesize
8KB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
184KB