Analysis
-
max time kernel
142s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
29-01-2023 12:28
General
-
Target
a00304a8020ef819c0bf7123fd264634f54f994bb0e4b8ab3e348290277dbb6c.exe
-
Size
196KB
-
MD5
8638468be18f63e7190d6855c51e9e50
-
SHA1
508ae3e49b8c8f3d82df2a6f132863a3d995a274
-
SHA256
a00304a8020ef819c0bf7123fd264634f54f994bb0e4b8ab3e348290277dbb6c
-
SHA512
5f8017f6a188ce898316741e700f77d4a76b0895fe556862d29837c29ae83ff50ec22ce19f23305854e77796400fdca3a76d81e01ee06ee03b05c515dca21134
-
SSDEEP
6144:mY3UEJ5yEMbOR/BV7mNwrTrP9TE4qyEyIQ568:3FtR7AwrTrhZEyR7
Score
10/10
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SetWindowsHookEx 22 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a00304a8020ef819c0bf7123fd264634f54f994bb0e4b8ab3e348290277dbb6c.exe"C:\Users\Admin\AppData\Local\Temp\a00304a8020ef819c0bf7123fd264634f54f994bb0e4b8ab3e348290277dbb6c.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4736 CREDAT:17410 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4736 CREDAT:82950 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4736 CREDAT:82954 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4736 CREDAT:17418 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3464-132-0x0000000002780000-0x0000000002870000-memory.dmpFilesize
960KB
-
memory/3464-133-0x0000000000400000-0x0000000000496000-memory.dmpFilesize
600KB
-
memory/3464-134-0x0000000000400000-0x0000000000496000-memory.dmpFilesize
600KB