Overview

overview

10

Static

static

3536198df2...36.exe

windows7-x64

10

3536198df2...36.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    95s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 17:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3536198df2a492cc873ea37fbe37f487d012ea4c5850e6dc9023113c71eb7436.exe

  • Size

    184KB

  • MD5

    511d9653a39a34b1f6463c9270591ef0

  • SHA1

    34f2f685603e75d34edbd40632403c0bf6f94dc0

  • SHA256

    3536198df2a492cc873ea37fbe37f487d012ea4c5850e6dc9023113c71eb7436

  • SHA512

    01d6b0e41db20cb77d413a8bc775e0a92756befea139d90cb809f8428110952b3c299b44913cb7a4ac4a8a7af58934fcf398b6fc6962b28eb4e48925c551e564

  • SSDEEP

    1536:UsFkAwGhzZh2UXYmvdRmSZad2jN0RAD3csVO9/w8gN5aXZ7TyizULeCTL3L7:TkAwuzhjdRmSZiAna/w8gCXZHnCTLL7

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 53 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3536198df2a492cc873ea37fbe37f487d012ea4c5850e6dc9023113c71eb7436.exe
    "C:\Users\Admin\AppData\Local\Temp\3536198df2a492cc873ea37fbe37f487d012ea4c5850e6dc9023113c71eb7436.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Users\Admin\AppData\Local\Temp\3536198df2a492cc873ea37fbe37f487d012ea4c5850e6dc9023113c71eb7436mgr.exe
      C:\Users\Admin\AppData\Local\Temp\3536198df2a492cc873ea37fbe37f487d012ea4c5850e6dc9023113c71eb7436mgr.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:1884
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1232
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1232 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1564
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1104
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1104 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:272

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F5363A41-6B68-11ED-9551-6E705F4A26E5}.dat
    Filesize

    5KB

    MD5

    0f3205bf5f4221df4c283d93f600ac9b

    SHA1

    9e8ff83a0757481a5124537fa0d20cd64a6da93f

    SHA256

    129dc71f847d879dff513a6b1c86fd8c9b3cdb636a6c1f76a46cb13bf7445a46

    SHA512

    81e046ee4e9192a5f1a3e8d3a950f4b3d1de3e49c03aee1fa20f6ff48afd7dc988e651f7c7a56e558612de8623babc5961a27da790e443d0cb521f697e3cba93

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F5380F01-6B68-11ED-9551-6E705F4A26E5}.dat
    Filesize

    3KB

    MD5

    815a03a20309855b87410dac91514d12

    SHA1

    8f77a041d16eada9179ba5e42f40c017b65bf7cb

    SHA256

    eb9783dd718837de380df50c6887c35b51863dbe9be79503fc9a59d8f3af30b8

    SHA512

    740e2229094be84402fd0a853117f647de78bded8ae2dfee264e14684fbbc54c8681b55822788f3c79295581678b0a08b9246c6b27d57a6f99d42b2baab15a6b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3536198df2a492cc873ea37fbe37f487d012ea4c5850e6dc9023113c71eb7436mgr.exe
    Filesize

    91KB

    MD5

    551161ba25d6c58cf6a4afe7587f7dcb

    SHA1

    3f36d947c0d082433bb121a9914b4841ffbfb5af

    SHA256

    f676ab20252c6ff437c7e3db1a8a3875715bf1a5a59812439f296cb5cd724b58

    SHA512

    f68a52bcfafccaf9b4390f7cdd9a57544d82a1f41656aeaf98f46ddc0198e636a790088cf8b734244cc5144a00704a8430e469c46284387d04c5a38cba17b00e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WV58KUZB.txt
    Filesize

    603B

    MD5

    3d4d9db92d962ba5a70f1b39f3914c3f

    SHA1

    2581cecc43633681c9b0bd13280cbb0417c2aa61

    SHA256

    c3fee1be5a4f62678f52a3e748d64bebc566372e013f0f59a02cbb09f6121ece

    SHA512

    59f9b36b759397146859ca6bc0cc0efe529dc88d5249eba53e20becc50e85cf2a7dd6ddb8060f2de2234bd29d37697b658d545494b651212c8fd3f7425338cbd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\3536198df2a492cc873ea37fbe37f487d012ea4c5850e6dc9023113c71eb7436mgr.exe
    Filesize

    91KB

    MD5

    551161ba25d6c58cf6a4afe7587f7dcb

    SHA1

    3f36d947c0d082433bb121a9914b4841ffbfb5af

    SHA256

    f676ab20252c6ff437c7e3db1a8a3875715bf1a5a59812439f296cb5cd724b58

    SHA512

    f68a52bcfafccaf9b4390f7cdd9a57544d82a1f41656aeaf98f46ddc0198e636a790088cf8b734244cc5144a00704a8430e469c46284387d04c5a38cba17b00e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\3536198df2a492cc873ea37fbe37f487d012ea4c5850e6dc9023113c71eb7436mgr.exe
    Filesize

    91KB

    MD5

    551161ba25d6c58cf6a4afe7587f7dcb

    SHA1

    3f36d947c0d082433bb121a9914b4841ffbfb5af

    SHA256

    f676ab20252c6ff437c7e3db1a8a3875715bf1a5a59812439f296cb5cd724b58

    SHA512

    f68a52bcfafccaf9b4390f7cdd9a57544d82a1f41656aeaf98f46ddc0198e636a790088cf8b734244cc5144a00704a8430e469c46284387d04c5a38cba17b00e

    Download Submit

  • memory/1684-64-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1684-66-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1884-56-0x0000000000000000-mapping.dmp

    Download

  • memory/1884-62-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download