Analysis
-
max time kernel
137s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
01/10/2022, 17:52
General
-
Target
474163e14dada25e6630e81d1342677ab37c26fe6c1a6700f0ed0d19a0b00219.exe
-
Size
449KB
-
MD5
079d733f2cfde87a696f05f746f16200
-
SHA1
c5f5726cfcd96347c01b163c1e6f84eeb0eea841
-
SHA256
474163e14dada25e6630e81d1342677ab37c26fe6c1a6700f0ed0d19a0b00219
-
SHA512
6edba0c78c6bb349209b2ddb2b604cff26ffd267bfdc987f3ff6de86c8e0c606f633dcc3c7ecd7dc8ced2af374c5f6ec9aa5bb8d702bece0f3f459c2775c263d
-
SSDEEP
12288:btcZiSnQDRwnzDhJmFur16KKMN+uCrTevQ:bUnUo+up6KKMsuCr
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 2 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Internet Explorer settings 1 TTPs 25 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\474163e14dada25e6630e81d1342677ab37c26fe6c1a6700f0ed0d19a0b00219.exe"C:\Users\Admin\AppData\Local\Temp\474163e14dada25e6630e81d1342677ab37c26fe6c1a6700f0ed0d19a0b00219.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\474163e14dada25e6630e81d1342677ab37c26fe6c1a6700f0ed0d19a0b00219Srv.exeC:\Users\Admin\AppData\Local\Temp\474163e14dada25e6630e81d1342677ab37c26fe6c1a6700f0ed0d19a0b00219Srv.exe2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:360 CREDAT:17410 /prefetch:25⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
52KB
MD517efb7e40d4cadaf3a4369435a8772ec
SHA1eb9302063ac2ab599ae93aaa1e45b88bbeacbca2
SHA256f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386
SHA512522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450
-
Filesize
52KB
MD517efb7e40d4cadaf3a4369435a8772ec
SHA1eb9302063ac2ab599ae93aaa1e45b88bbeacbca2
SHA256f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386
SHA512522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450
-
Filesize
52KB
MD517efb7e40d4cadaf3a4369435a8772ec
SHA1eb9302063ac2ab599ae93aaa1e45b88bbeacbca2
SHA256f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386
SHA512522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450
-
Filesize
52KB
MD517efb7e40d4cadaf3a4369435a8772ec
SHA1eb9302063ac2ab599ae93aaa1e45b88bbeacbca2
SHA256f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386
SHA512522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450
-
Filesize
532KB
-
Filesize
532KB
-
Filesize
532KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB