Analysis
-
max time kernel
77s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
30/10/2022, 23:07
General
-
Target
a23f6867bcbd8fd25c2b2abb6451314aefddc0cbca8053bd8ce6e61a9a24aa79.exe
-
Size
111KB
-
MD5
a1a03d75d1740f39b913884980cddd60
-
SHA1
30aed1d2ec4e6f690e899a493d675204a3a9e259
-
SHA256
a23f6867bcbd8fd25c2b2abb6451314aefddc0cbca8053bd8ce6e61a9a24aa79
-
SHA512
135a3779384dfd724c940f72d0f4d2d096e8e879f42fd9dd26dd10de71d264408cae82ad6852cbb7c707edf1e11391207ec9c29987010c8ecba15b7e5e35b839
-
SSDEEP
1536:4+hzRsibKplyXTq8OGRnsPFG+RODTb7MXL5uXZnzEdkvLQZ8Eq9jdNFChPEX9ua2:TROzoTq0+RO7IwnY+x/mJnaYW8dBHb
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 4 IoCs
-
UPX packed file 17 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL 4 IoCs
-
Drops file in Program Files directory 8 IoCs
-
Modifies Internet Explorer settings 1 TTPs 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of SetWindowsHookEx 14 IoCs
-
Suspicious use of WriteProcessMemory 40 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a23f6867bcbd8fd25c2b2abb6451314aefddc0cbca8053bd8ce6e61a9a24aa79.exe"C:\Users\Admin\AppData\Local\Temp\a23f6867bcbd8fd25c2b2abb6451314aefddc0cbca8053bd8ce6e61a9a24aa79.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\a23f6867bcbd8fd25c2b2abb6451314aefddc0cbca8053bd8ce6e61a9a24aa79Srv.exeC:\Users\Admin\AppData\Local\Temp\a23f6867bcbd8fd25c2b2abb6451314aefddc0cbca8053bd8ce6e61a9a24aa79Srv.exe2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:996 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe"C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:26⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1956 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
111KB
MD5a1a03d75d1740f39b913884980cddd60
SHA130aed1d2ec4e6f690e899a493d675204a3a9e259
SHA256a23f6867bcbd8fd25c2b2abb6451314aefddc0cbca8053bd8ce6e61a9a24aa79
SHA512135a3779384dfd724c940f72d0f4d2d096e8e879f42fd9dd26dd10de71d264408cae82ad6852cbb7c707edf1e11391207ec9c29987010c8ecba15b7e5e35b839
-
Filesize
111KB
MD5a1a03d75d1740f39b913884980cddd60
SHA130aed1d2ec4e6f690e899a493d675204a3a9e259
SHA256a23f6867bcbd8fd25c2b2abb6451314aefddc0cbca8053bd8ce6e61a9a24aa79
SHA512135a3779384dfd724c940f72d0f4d2d096e8e879f42fd9dd26dd10de71d264408cae82ad6852cbb7c707edf1e11391207ec9c29987010c8ecba15b7e5e35b839
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
5KB
MD588686614d15bd9c36cf19053dcd3d590
SHA1f66b66b04c13687001883aeb65c0976bf6102ffe
SHA256af67d2ddd439d09208f584767b95e814ab69a824706c0f7ef219d819a1640252
SHA512c9230935be02ac123adda5acc2afcc202095a9865d181fc1d759807d5bf67fca97622d9a9f322da38ffb7fd299f310cf71bb7bee0ae2fc4f6bca5a746dc814d1
-
Filesize
5KB
MD5fa0026ffc4614517c6e1c797817df0f7
SHA172ef5e2647d26a7c92a19e8fa839afb2983b31a5
SHA2566e96f2093a7c7382aac9bfea643238a64b76f38c735ea6e9dcb81f99f1bf54b4
SHA5123f2e3f500880ab8d2dcaf7bf2c025e25575e13c61af7ab0f08afb270ddea88d8dd026af7e94aa0e8252ad849d0a140d267051cc21da976b8de8ec563b0d99f7a
-
Filesize
3KB
MD5787006b534b5df15f9668a53b5d87d90
SHA1e95e4e650aa9ed298996241cf51236dfc50c17ff
SHA256c6b602641de003e71e340868fa3c926292007de247d1456c70218542f3ee428f
SHA512ce7c42fa56ee587ff4a94f6ddda57072015e2769a49b65e6521f01153b3c8834faa716a1f2e3867ce56e5f09aea5a0bce271c0b8e004b951d2024c261f0bd9f5
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
608B
MD5e549db8d4c13214c9c74beb64d97afdb
SHA1f36a7e13b0a05fc2d72a7df40e1cdb56ce41b450
SHA256a105da9a6a256e5978d3a231f52ae4008c343c531869af361adb29538d72ac12
SHA512258a074c8c1fcb8ad59641a4681df72462d397cb1a5e0d45e4333b5d63f9a74617f4378a563d3efde17685f3c2289798a542359554eca19061fee1a66d78a544
-
Filesize
111KB
MD5a1a03d75d1740f39b913884980cddd60
SHA130aed1d2ec4e6f690e899a493d675204a3a9e259
SHA256a23f6867bcbd8fd25c2b2abb6451314aefddc0cbca8053bd8ce6e61a9a24aa79
SHA512135a3779384dfd724c940f72d0f4d2d096e8e879f42fd9dd26dd10de71d264408cae82ad6852cbb7c707edf1e11391207ec9c29987010c8ecba15b7e5e35b839
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
244KB
-
Filesize
8KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
244KB
-
Filesize
184KB