Overview

overview

10

Static

static

59bd4cb74f...95.exe

windows7-x64

10

59bd4cb74f...95.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    90s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/10/2022, 00:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    59bd4cb74f42201a106ee56fcd396c0745ca1e67a91c7910858a592ec2348095.exe

  • Size

    123KB

  • MD5

    0060bacecd724271979e39a875160390

  • SHA1

    786f4cc8ef9c834e6df320f798ae23d491f53cb6

  • SHA256

    59bd4cb74f42201a106ee56fcd396c0745ca1e67a91c7910858a592ec2348095

  • SHA512

    bafa131b9b24b76fafc0d8e10c6e70afd70e6257254abdb5c28d3634e10e3089f12b70293654fef17c2c96fba7f081e8828dbd20f7b3e79127440b1f76c80071

  • SSDEEP

    768:F06R0UtgnKqGR7//GPc0LOBhvBrHks3IiyhDYQbGmxlNaM+WGa1wuxnzgOYw9ICW:zR0Zn3Pc0LCH9MtbvabUDzJYWu3B

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\59bd4cb74f42201a106ee56fcd396c0745ca1e67a91c7910858a592ec2348095.exe
    "C:\Users\Admin\AppData\Local\Temp\59bd4cb74f42201a106ee56fcd396c0745ca1e67a91c7910858a592ec2348095.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4876
    • C:\Program Files (x86)\Microsoft\WaterMark.exe
      "C:\Program Files (x86)\Microsoft\WaterMark.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:4592
      • C:\Windows\SysWOW64\svchost.exe
        C:\Windows\system32\svchost.exe
        3⤵
          PID:4468
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 204
            4⤵
            • Program crash
            PID:2216
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          3⤵
          • Modifies Internet Explorer settings
          PID:2720
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:680
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:680 CREDAT:17410 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:460
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4468 -ip 4468
      1⤵
        PID:2332

      Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\Microsoft\WaterMark.exe
              Filesize

              123KB

              MD5

              0060bacecd724271979e39a875160390

              SHA1

              786f4cc8ef9c834e6df320f798ae23d491f53cb6

              SHA256

              59bd4cb74f42201a106ee56fcd396c0745ca1e67a91c7910858a592ec2348095

              SHA512

              bafa131b9b24b76fafc0d8e10c6e70afd70e6257254abdb5c28d3634e10e3089f12b70293654fef17c2c96fba7f081e8828dbd20f7b3e79127440b1f76c80071

              Download Submit

            • C:\Program Files (x86)\Microsoft\WaterMark.exe
              Filesize

              123KB

              MD5

              0060bacecd724271979e39a875160390

              SHA1

              786f4cc8ef9c834e6df320f798ae23d491f53cb6

              SHA256

              59bd4cb74f42201a106ee56fcd396c0745ca1e67a91c7910858a592ec2348095

              SHA512

              bafa131b9b24b76fafc0d8e10c6e70afd70e6257254abdb5c28d3634e10e3089f12b70293654fef17c2c96fba7f081e8828dbd20f7b3e79127440b1f76c80071

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
              Filesize

              471B

              MD5

              4f630c01f9bf4c57d049a46ea616203c

              SHA1

              a2d06f097a95d9096f7e381d39e982c0c29aac25

              SHA256

              217bc1b6fd8b9b5987d428f164bde885ce60d24db297abd86c177e8595c30793

              SHA512

              1ae68ac255fe9b2c517425e8642fb630c178ea261e6e844fc27d7a9f8d3e6c92da594549284622aee09b96540e9fc6086fa32ba7f66c794c1c983ed7c526af45

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
              Filesize

              434B

              MD5

              69f9dbbdc5448119921c3591131e0a03

              SHA1

              ac39b77d2214efa93515b18389995bbb2fd1e148

              SHA256

              911adaaf2df59a8dc0e9431c733974ba8f1f100ec2e46fb5333945bb75022d6d

              SHA512

              cbd12c8ca50da75347b326fcadbb6774b912d9d854c53f004ca325131aa13b2162a8ac5af00233f26dfd2f9eddc21cbcb4171595fdd8f1fd4e5322e6bb759def

              Download Submit

            • memory/4592-147-0x0000000000400000-0x0000000000491000-memory.dmp

              Filesize

              580KB

              Download

            • memory/4592-148-0x0000000000400000-0x0000000000491000-memory.dmp

              Filesize

              580KB

              Download

            • memory/4592-149-0x0000000000400000-0x0000000000491000-memory.dmp

              Filesize

              580KB

              Download

            • memory/4592-150-0x0000000000400000-0x0000000000491000-memory.dmp

              Filesize

              580KB

              Download

            • memory/4592-151-0x0000000000400000-0x0000000000491000-memory.dmp

              Filesize

              580KB

              Download

            • memory/4592-152-0x0000000000400000-0x0000000000491000-memory.dmp

              Filesize

              580KB

              Download

            • memory/4592-153-0x0000000000400000-0x0000000000491000-memory.dmp

              Filesize

              580KB

              Download

            • memory/4592-154-0x0000000000400000-0x0000000000421000-memory.dmp

              Filesize

              132KB

              Download

            • memory/4876-140-0x0000000000400000-0x0000000000421000-memory.dmp

              Filesize

              132KB

              Download

            • memory/4876-132-0x0000000000400000-0x0000000000491000-memory.dmp

              Filesize

              580KB

              Download

            • memory/4876-136-0x0000000000400000-0x0000000000421000-memory.dmp

              Filesize

              132KB

              Download

            • memory/4876-135-0x0000000000400000-0x0000000000421000-memory.dmp

              Filesize

              132KB

              Download