Overview

overview

10

Static

static

3

C/ProgramD...a0.exe

windows7-x64

10

C/ProgramD...a0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    27s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    19-05-2023 17:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    C/ProgramData/Sentinel/AFUCache/5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0.exe

  • Size

    294KB

  • MD5

    88364591c29935142382c7c04a6cfcfe

  • SHA1

    c5c956f5fa522b8e97fbb4ed534d0ccca0d54d06

  • SHA256

    5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0

  • SHA512

    6f104c05e464dc521ebd33d00b31f0431031c349f8805fc5e976f636f0800e5d1ea339d822cee4999147ecf89efa4f38491e6678926d1d27d4f9ad1c365e8b36

  • SSDEEP

    3072:CsixsE5b3mZCwC1AtgZ4GPd0AwQcNvS43sRzzwJORCEGqUjQOBIN:CsiRbnwCumev7643sBTY7FNs

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • UPX packed file 10 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 50 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\C\ProgramData\Sentinel\AFUCache\5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0.exe
    "C:\Users\Admin\AppData\Local\Temp\C\ProgramData\Sentinel\AFUCache\5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\Users\Admin\AppData\Local\Temp\C\ProgramData\Sentinel\AFUCache\5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0mgr.exe
      C:\Users\Admin\AppData\Local\Temp\C\ProgramData\Sentinel\AFUCache\5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0mgr.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1360
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1748
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1748 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1332
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1188
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1188 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1648

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    defca851a689ee40cffb1214c195cf4b

    SHA1

    b6d7ae1d9655dd78a0c152493b93264d82784fc9

    SHA256

    0b0fa5bec421bd4bd95d7b5a723cfad6d5387f82f789412af93c0dff1a586001

    SHA512

    84bf89bc9c4d5300defceb3eb3f9de2fcc0526321481b07c65361d20ab7baae41bdac016beffa84692ed9204aa157e41602d9d716b89bc0146669d1ededb3a39

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a124855276fccb76c8bd3b32afe073c3

    SHA1

    49f7a3b480f2c6932c9987afaef73c7beb78e4aa

    SHA256

    059197cdfc536801639922fa3ee9262a1a691aebc053790bb850f3ce8f8a3f78

    SHA512

    cdab3d082dc6e6bf88e99fd83608bdd1fe847f995628304ca3629fae3236bbd12fe7a5acbe85e376e19ed0a8c3a65bd88d23a171fbd7cc30efdaef428f82d1ac

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b980d54ff9f5b244005979838914582d

    SHA1

    3690574dbe109e08cb193a0b7f7737a18b25f35b

    SHA256

    92e96d85e0af8e6070bcc8e0d90adbffb4273c510b7347b4dd13d87b19cbce5f

    SHA512

    2c4c91da6630951005d14e3cb39fba764fd6e370271f764b4a9b9ddf0ca96e3346824bb8ef5dbaca51689e0bd77d59aceb0c9f2c6e9e3475dc92130ee245664c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b1a899180bf106ae5c1ca8c73a1a8ee8

    SHA1

    1a2904bcd67b9db0687c04d0a7cbfc7298d15974

    SHA256

    71c1e29b5e8c6327978434920b496ceb90c007683ab0bc9b9ec9b064d4706f36

    SHA512

    a68ce328a409b5c19a28d1815b9b9bf91f86909aa7878410d12384791bbca9364312653852d24b747880448f6121a1648a3b82c7bd09ece8d64f010e72c48431

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7e2012da15fc6037feccdf12c9649e0b

    SHA1

    f2597b547cc38d6499787e45b6a6cfd213e1bba2

    SHA256

    10c5347715dcceb4177846493de22b3debeb8ee2ed47e3640ded48a8230495cb

    SHA512

    926691be8dd8ef8b61e587f8f2c67ee60c09971e01119caf7bb4b9ba110f2e0abf6019b11c420017cb344472c1331b14cc4a382a9f8cf3d00ed4bac972fe069d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c21f2b173cd95443de5803cd2ee0ba1a

    SHA1

    7ca754374bc36454f73302aca66aebd857b7bf38

    SHA256

    96186703798dd61b0440fba7063170b8608a82eecc8ca8de0e17efdc9fdc7077

    SHA512

    3c03558b3e5bfc232af609c5b9f285852ec106332ec830c0e204c788ff85ccf79f7e6e7b5e892a6bc9466b5088cadb7bb56a0c76b92dcc8d43f530cd4000cfbb

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    94b7ee342c8a837d1de4f6d0951b74e7

    SHA1

    448eb7e8dbb50c226fe7043ce23adc2e44dead55

    SHA256

    566376bac17900eed3dd03b5a2dafbfd68b2c139a88a481d31a55816cdc902a2

    SHA512

    be3995b94561414b0083dd992a607d7f90905fe49f7503c42fbdca86f1c247bf12e7ae1304dcd0af6862178be6bfaf4e9d3a252475c8ae8066c70f2596f8956a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eef788723556f33726a36bb5c5119f64

    SHA1

    162e492ab2cba104d6002a76983e55ac1a387d55

    SHA256

    844a64b0519bd81721368b234d1ed233d75d053ab24ebccc97207a7cb7829d7b

    SHA512

    c93a5d825f5b81ccb8c1a03c939f5b93a7bf655f0c85bc04b41cfc7617fdf9e92082e669524e047fdc2939e6ea4b4ef58683426e9b94db5b0970c0c8a076b228

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7bb18f49fde80f58178017873fba3617

    SHA1

    a436b6bd67e990683b76f0007e0e7eb849885b3f

    SHA256

    2829f12e72d1456173c9fd7ba20d0a55785fb0bb39b59a35f9c5f8633048e388

    SHA512

    a9556462b8de25883f58b598cd93182641196d7c0b0607ab0633b4c6628e05dd4ab2c63c9b59731a04e41ec441fde1c08e894de29e48d5473c85b5c2a38b7b22

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6F3240F1-F67E-11ED-9D84-FAEC88B9DA95}.dat
    Filesize

    5KB

    MD5

    1c3675bbc76defbb69019e0488c7ca4c

    SHA1

    57c9640bca20c6e9de4ff46f5f86df0d50901a53

    SHA256

    b89b8febc9f9eefaa0bb1b9e53c6091cc32e89b2ddca3da25a85536325cb303e

    SHA512

    9939736ddfeb14930246d9e47855abc8db79019b4444f1c43f0f61a5dc50241e9e4b1bcab395421df407c2be2306656b51a063b493256a6d7256733191f2f8cd

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6F326801-F67E-11ED-9D84-FAEC88B9DA95}.dat
    Filesize

    3KB

    MD5

    9525431add1996a7ce7796ad4859599d

    SHA1

    ff2dbd10e7ee23b3fc8996901cd8144407749844

    SHA256

    c3e025ad531acd83a2977ef45eb1280251dc4e77acd5b2fc218b11ff01b53c26

    SHA512

    559bca5b4adc7c9e8c9b1f330b59b87fa32091bd0896be2e200b45b8f5eeb4b6589a76d4b4708615f865674396d249f133745fd6fbaa114405e91ae4fce03101

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\C\ProgramData\Sentinel\AFUCache\5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0mgr.exe
    Filesize

    220KB

    MD5

    1b7fc3fa0a84470506c3028b48a5f04d

    SHA1

    3fa9f258fd20c92c0dd366f1520d44f61e236d3b

    SHA256

    9f62f582fc02ae7b3b5df9a8a90718a80773eed10828014cee2a938976ab056b

    SHA512

    1259215288d11be9493abc5d9babec8ff2563be3ed1aaf47fbda3f5832d7604f4f5956d09a06854ff133fb9e0971ac398966c46c743dee3f0aead6a2d0901c19

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\C\ProgramData\Sentinel\AFUCache\5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0mgr.exe
    Filesize

    220KB

    MD5

    1b7fc3fa0a84470506c3028b48a5f04d

    SHA1

    3fa9f258fd20c92c0dd366f1520d44f61e236d3b

    SHA256

    9f62f582fc02ae7b3b5df9a8a90718a80773eed10828014cee2a938976ab056b

    SHA512

    1259215288d11be9493abc5d9babec8ff2563be3ed1aaf47fbda3f5832d7604f4f5956d09a06854ff133fb9e0971ac398966c46c743dee3f0aead6a2d0901c19

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\C\ProgramData\Sentinel\AFUCache\5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0mgr.exe
    Filesize

    220KB

    MD5

    1b7fc3fa0a84470506c3028b48a5f04d

    SHA1

    3fa9f258fd20c92c0dd366f1520d44f61e236d3b

    SHA256

    9f62f582fc02ae7b3b5df9a8a90718a80773eed10828014cee2a938976ab056b

    SHA512

    1259215288d11be9493abc5d9babec8ff2563be3ed1aaf47fbda3f5832d7604f4f5956d09a06854ff133fb9e0971ac398966c46c743dee3f0aead6a2d0901c19

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab4627.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab46E6.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar4749.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit
  • \Users\Admin\AppData\Local\Temp\C\ProgramData\Sentinel\AFUCache\5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0mgr.exe
    Filesize

    220KB

    MD5

    1b7fc3fa0a84470506c3028b48a5f04d

    SHA1

    3fa9f258fd20c92c0dd366f1520d44f61e236d3b

    SHA256

    9f62f582fc02ae7b3b5df9a8a90718a80773eed10828014cee2a938976ab056b

    SHA512

    1259215288d11be9493abc5d9babec8ff2563be3ed1aaf47fbda3f5832d7604f4f5956d09a06854ff133fb9e0971ac398966c46c743dee3f0aead6a2d0901c19

    Download Submit
  • \Users\Admin\AppData\Local\Temp\C\ProgramData\Sentinel\AFUCache\5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0mgr.exe
    Filesize

    220KB

    MD5

    1b7fc3fa0a84470506c3028b48a5f04d

    SHA1

    3fa9f258fd20c92c0dd366f1520d44f61e236d3b

    SHA256

    9f62f582fc02ae7b3b5df9a8a90718a80773eed10828014cee2a938976ab056b

    SHA512

    1259215288d11be9493abc5d9babec8ff2563be3ed1aaf47fbda3f5832d7604f4f5956d09a06854ff133fb9e0971ac398966c46c743dee3f0aead6a2d0901c19

    Download Submit
  • \Users\Admin\AppData\Local\Temp\C\ProgramData\Sentinel\AFUCache\5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0mgr.exe
    Filesize

    220KB

    MD5

    1b7fc3fa0a84470506c3028b48a5f04d

    SHA1

    3fa9f258fd20c92c0dd366f1520d44f61e236d3b

    SHA256

    9f62f582fc02ae7b3b5df9a8a90718a80773eed10828014cee2a938976ab056b

    SHA512

    1259215288d11be9493abc5d9babec8ff2563be3ed1aaf47fbda3f5832d7604f4f5956d09a06854ff133fb9e0971ac398966c46c743dee3f0aead6a2d0901c19

    Download Submit
  • \Users\Admin\AppData\Local\Temp\C\ProgramData\Sentinel\AFUCache\5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0mgr.exe
    Filesize

    220KB

    MD5

    1b7fc3fa0a84470506c3028b48a5f04d

    SHA1

    3fa9f258fd20c92c0dd366f1520d44f61e236d3b

    SHA256

    9f62f582fc02ae7b3b5df9a8a90718a80773eed10828014cee2a938976ab056b

    SHA512

    1259215288d11be9493abc5d9babec8ff2563be3ed1aaf47fbda3f5832d7604f4f5956d09a06854ff133fb9e0971ac398966c46c743dee3f0aead6a2d0901c19

    Download Submit
  • \Users\Admin\AppData\Local\Temp\C\ProgramData\Sentinel\AFUCache\5baeeb470a72cdeb472e9ba549580a6f962d26bf1adefafd343733ae48aa20a0mgr.exe
    Filesize

    220KB

    MD5

    1b7fc3fa0a84470506c3028b48a5f04d

    SHA1

    3fa9f258fd20c92c0dd366f1520d44f61e236d3b

    SHA256

    9f62f582fc02ae7b3b5df9a8a90718a80773eed10828014cee2a938976ab056b

    SHA512

    1259215288d11be9493abc5d9babec8ff2563be3ed1aaf47fbda3f5832d7604f4f5956d09a06854ff133fb9e0971ac398966c46c743dee3f0aead6a2d0901c19

    Download Submit
  • memory/1360-76-0x0000000000230000-0x000000000023D000-memory.dmp
    Filesize

    52KB

    Download
  • memory/1360-66-0x0000000000300000-0x0000000000301000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1360-67-0x0000000000310000-0x0000000000311000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1360-72-0x0000000000240000-0x0000000000241000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1360-75-0x0000000000400000-0x0000000000470000-memory.dmp
    Filesize

    448KB

    Download
  • memory/1360-71-0x0000000000400000-0x0000000000470000-memory.dmp
    Filesize

    448KB

    Download
  • memory/1472-122-0x0000000000400000-0x000000000044E000-memory.dmp
    Filesize

    312KB

    Download
  • memory/1472-68-0x0000000000400000-0x000000000044E000-memory.dmp
    Filesize

    312KB

    Download
  • memory/1472-70-0x0000000000370000-0x00000000003E0000-memory.dmp
    Filesize

    448KB

    Download
  • memory/1472-69-0x0000000000230000-0x000000000027E000-memory.dmp
    Filesize

    312KB

    Download