Overview

overview

10

Static

static

7

eZGBWtXo.exe

windows7-x64

10

eZGBWtXo.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    17-05-2023 09:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eZGBWtXo.exe

  • Size

    105KB

  • MD5

    ffadb3083695657ff11b3ec0030f84d9

  • SHA1

    9597cc24a22c1a344cdd3179de91d63346045562

  • SHA256

    203b4b09f6aaacb22acc0d090cd2427cbf973abba6df229e02ce8f17686f91dd

  • SHA512

    279743502dd77c4578198cfd05a16294952fa1bb96eeb03997c8c23f39d08099c0de9219d2fca50da3dc7322dfbc2d6371feb044b25aca79d3e77a8ef7223d1d

  • SSDEEP

    1536:sOC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfBi:swV4OgSzBmh04eZFkz3Rr0gwGj9Tf8

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 55 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eZGBWtXo.exe
    "C:\Users\Admin\AppData\Local\Temp\eZGBWtXo.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1344
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1692
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1692 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1864
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1276
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1276 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1800

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ee4b0d30192199fd9eb808c77aebf307

    SHA1

    94f5e1eebbffc5a40b762b945c321986f993ef7a

    SHA256

    bd7254c73c2b79369ab64d9f53129443f15a4509380cd441523ea6a9e0056119

    SHA512

    33d811a84e48ff807b1fce0fc56e91a977c6e1d65989e2de7e033a8714e6df7f77776277e796310b1793571f607ad01cd109175cdac82a56b53ec6bc35fe66e5

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0871195f8b7e96605fc7fcded5fda357

    SHA1

    df1ccf2a66e3181bbdbabbfbadd702874e71ece6

    SHA256

    9f35c3f6e8db115554597c16a811460dc708b1debf01909548094f9882077dbe

    SHA512

    e598618875aceeb1086d5fc61bbffe00cc7ea347b678a10ead6241cc489f4a8e98e4953ffe73bf8b3d11e08fafff664390fa3d78bf79af92a4ecdf30b0bc7555

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    023be1407ec34e7095089b221c3cee8e

    SHA1

    577f9f6e9ab09656a3cb0b72c3d31d9a6b9476c0

    SHA256

    12d4e132632789afb89da74d14197080dbd895631f8b6d20b1eef8813434aba6

    SHA512

    db69d82d184b0204d736d2a794caf1d72d8178368001298b3028b7566208934374c4662522931fddb4cded985176870a20e30db73f48cb3db0656a9acbd864f4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    41fbed0e79414c00a784d23d3fb2e635

    SHA1

    0761fe3228fc0399948d25064f034908cb537474

    SHA256

    aa638d2ae0458b0a8147520124e8d403d86a2ca22335c54b956ef985982a2eb8

    SHA512

    48fde9b9d0802aa7bd71306da679a8e921e7ec031e7e32747b38ed8da82b5a5734f8c0aeea9ac59bc21db66afd000c991c20b30331b2793c61820e4eb8ef47a7

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c032335c7d2b2f042454bb806e35ad97

    SHA1

    6856eeecaba5e4174ae42dc5b85d9cd2bc3b96f0

    SHA256

    5674ad8feef99e97abd2e93df2b57f52239ac3f1946b2d8b1c065e44edfd4707

    SHA512

    8487c81527eef673ec55fc99b3af95a4eaab4308089437a51a51ac2f51e58f86685444752db681760d8030225cb3bf3a826b3e6054d6fd543f4f8d02d212c29b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5d46860fb47b0a80246b9d2a898f0c76

    SHA1

    53f5179260758e13096c5ea21098fc423015b9de

    SHA256

    2f5965c13b1346356b64bf14815828af17c3f41e0aee46fc7c0ff24d083d285f

    SHA512

    44c320cb920fa19e7f66144393c4c9ad2182744cf943620f961c5cdb7dc64f294eec27ca4b378d24c9ee36470b575596a0a60c7a66123a151605080ea7898153

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4ee07f2bcb758f236e4557a9538ef2b2

    SHA1

    b077ebc3510606c2a701f3160c3c27657ec5bc41

    SHA256

    5a7ed45a2e35bc5e88c4e21638e4a71ea1978ebc6f62ffb143317799c8faf782

    SHA512

    1f7f853037c8984d2730e686e27b2e46ce3807f7c3576a6c0dd360acf6957c00eb06cda4cd3f4f9333ccf8f290ab9ef50e86ddef6938038b0380f7c9b4a4a4c9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    71b044091e6f741e01ff7f847eb9c807

    SHA1

    4c7df3914ba0015283ac9497757a6f3dbc633513

    SHA256

    351ccc7afb21d5ed2785c03d07475f77f95f5e876eb5381431be149183473b1c

    SHA512

    46d54e974aa4bd67dfaeccdb4d3e56106c018da0199ddee77552930d552fb413883cb3c03f1cb66e29500504d17b1fd1f8ca63e9d4ffa88af0de86b4ed12bd1e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4b0a581939075f789e3f911f82799dcb

    SHA1

    446848793cce661d6d6ea223a1c8bcc2ef2288d5

    SHA256

    99f100be9508284813229defb143830fd42f8d97e14135acd83dfb419556780e

    SHA512

    dfdc248dbfa9637749d3a09e6a553ea62cf55a45a9e3e6feb0f718efa15c18df7cf6fcd87c9e0783c531fe3b2fadc96292076428a194875df0f15399d879ef1f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    52d588de3213babf5fbc1c623da51a39

    SHA1

    14d32a58571bef3f9e4739497783a5cd2c67cf96

    SHA256

    ebdff7037c422119108b4543c5ba1d71913c069ae087310d13e2e4a8d7d04c34

    SHA512

    f763d79005f3488d647f1b4b14863301f3472e80b7d4cc21727a8debb471bfc689429da129e610c908f0cb433e5fa38e658c79c0d0593be315d9805ee06c78cc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4c20f77034276578e6b466e71b50964b

    SHA1

    2b20edeae1e6a7eae8eb8ae28e036f71d85d094b

    SHA256

    82a0b60a318ef6eb2dc8e8b186ca3bb12e15967dc4f4ee13413aba3c49d81ee0

    SHA512

    7fccf8418cf7443311d2e2e8a620244a3e7cb08dfbd819619f5fa175329322d3bb0d7f1ed4b6e180377742c5bd9017a0c76eca6f3f45d115a32094954be32468

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    82ee7724507bbfc679f12d0452515429

    SHA1

    1b083be086f7ac163cf11cc4f718c6419466ea89

    SHA256

    25bdc716952cb8aa25b823f4fb82ba0720ac5e06050944f8aac4121609cb6ef5

    SHA512

    44a7688f4c2a2df654172d041378e02e1bc3a1ca50c6e746cde5d72ac8a48970c5e2d94dc6c43b3e199d32135c7a89f38fe75b5f0d9668a3b680cef5f2cf2b72

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bda6a4fc318785dc8fd1aa2abdaada79

    SHA1

    ccd4dc4803d9b53ee016b22e19303d0207c38c2c

    SHA256

    cbbf6fd07bc46f6dca9fdbf49d23d843d07302593516bffa81b4a99b32cc0b67

    SHA512

    37febbb6a1b10595280870404a7039b1b35103041eedea88acc7c9194991e2c23f5b8ebea3cf5c4d1342ccc52ead834d64ea642debebbe11801e55ba9bfee4e3

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DADADBE1-F4A9-11ED-B88A-7AA90D5E5B0D}.dat
    Filesize

    3KB

    MD5

    5188bac5ad2fefcf26ae30e857e73a4a

    SHA1

    3d5282af9649cc4d4b00eeab074d808e37b0605e

    SHA256

    583bf4fead6ed3f60421347cd297c600aaddbf5843b89182d811c986a447e8e2

    SHA512

    5f1673617759519d7bd73ac4b856d41cdaef214304c9f86bbabef200760ac70de4d98b28c02cd409392b62bc99b37b0546ca1c643248a8c9daef909e850e274d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DADB02F1-F4A9-11ED-B88A-7AA90D5E5B0D}.dat
    Filesize

    5KB

    MD5

    f8532f7fdcd009f0588fdf2a9e6ac322

    SHA1

    472921466ed3a5c9cdd51b2e8419d88152d65db3

    SHA256

    5d2c8212e7151c69d420c658f84311d215161340848496ac311e1dc499c14444

    SHA512

    fd03dc8bf7c860afd223fb92d39970d377f446acda505d65dc86973ca9c3a2db4759cff5e315be17bd2d85d1be93419df759f2df7a5bb6ee9827747b41b6f086

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TOS3MI7U\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab4750.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab482E.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar4880.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\223VTD4H.txt
    Filesize

    604B

    MD5

    51e92273b2fce5e6f35caaeb4eb5f043

    SHA1

    622e332d4a7bed56638794111933b66c18eb6821

    SHA256

    ef1ffc1ab44ec22bb99ffd4f2e6c4acad9bba99697d88cc49919b8e846277b81

    SHA512

    7e591cc5cb63958897b36b45b9a65c111ee85c7a319e103130fe4cf97904683d79052725d1c8ef8882a72018866181f47094fb44d8cb68942b568671cb6b65a2

    Download Submit
  • memory/1344-58-0x0000000000400000-0x000000000045D000-memory.dmp
    Filesize

    372KB

    Download
  • memory/1344-55-0x00000000003C0000-0x00000000003C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1344-54-0x00000000003B0000-0x00000000003B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1344-59-0x00000000001B0000-0x00000000001B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1344-60-0x0000000000400000-0x000000000045D000-memory.dmp
    Filesize

    372KB

    Download