Overview

overview

10

Static

static

3

usbip2.exe

windows7-x64

10

usbip2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    100s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2023 11:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    usbip2.exe

  • Size

    158KB

  • MD5

    21476c3c3de7451c68b93ca8d613dc57

  • SHA1

    1971b779dc8e578dc8ea259dabbe800adf8ded32

  • SHA256

    918e7f3639668920a9e46b143d774492a478b5d6f9862684b1852f5708d52a48

  • SHA512

    885bad8f2994eef9bbd72f20e6ebe000076e9d13f3dfcb20900db1a25f7b4b008489eb358411c71c88acd11b5a363863453bbc13d36f55dceff6a4f9080e6d62

  • SSDEEP

    3072:VFS7g1G7XUJBBHN6oq4IcqRxCfuCvl+sg7Wz0VGjEX74I8PB:VFygokJLNeFOl+sg7Wz0gA7s

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\usbip2.exe
    "C:\Users\Admin\AppData\Local\Temp\usbip2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Users\Admin\AppData\Local\Temp\usbip2Srv.exe
      C:\Users\Admin\AppData\Local\Temp\usbip2Srv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:1072
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:932
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:752
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:752 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1940

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit
  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit
  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c39f392f93664085b90d51a14af5b72d

    SHA1

    1a92c6b567a031c2363a770c5f220b8c5a0f2727

    SHA256

    09ddcac5967bf07fdc9588692e2730410a879e9b0beac08442f8aac428620ecd

    SHA512

    2715d38c2b7d9912d1585d79f19a078bb2dd9477050411510c476662f6e87a05dfe65d269fc257c05532e66f9020ca5848474f5322c453ce535e19ae66353478

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    613798e3949d50735013dcbbaf6cf92b

    SHA1

    be3c54370bc6949f916aac85f187253cfdfe2b21

    SHA256

    f47d28231c3bc9ce51bf6a4c46e92cafd1dd4a4f333fecfbc543b290944b2034

    SHA512

    0842a0c01ccff6211cc5715fda8fd419438d8a269558d67ca318e04e50a482ca5a5a0b9c90d94ef4525bcf830391313cfaa5c058150fcfceb1dfbe9c5b4504b5

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4f307caa6988f0e577c1d7b118bd7ddf

    SHA1

    c52a81ee5b6f9df720b9817e970e4515e297a812

    SHA256

    73b33a5af8b68a62f350583b5160718bad84525cc2886d005b1d056f72dcbb3d

    SHA512

    7c5fa5e3b3a8aa4b5e3ca3409fd9014ce8139bb7903e3c70c2166e92338c00a5b6a476837803847306199fc2666ef32db786bc5f296d3507c619dbf2017bb6c2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4cd7258efce4adb47542198b6db0f1af

    SHA1

    43a175bdca845af6b2dcd31d68d9f7937e9fcf6c

    SHA256

    6d2269c4e2d69a5a55e1da640904e90fbed73934202050e3f2d61b6af8e6d29d

    SHA512

    70a03fb1f6b6f867f0399539dfbeb17447071b7e7b6e379c6870ec875af9d5ae9493290e72fdd1924da381159359b5df8e838af136db00cbeedfb7a8a9e8d340

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    de2e1f22371104edc3a05f6f1fd6dcc3

    SHA1

    6ea562e07803f8a8aacf195a1a2541a90072d545

    SHA256

    f32ff566ef9f2865449b97dddf231ed334d3cb18a8f46957c8b71cff699027e7

    SHA512

    4f7471e61105e57c6e96c514d6c9aec2918257114990c8c0ed9add710959a7017d667c552ac2e0aac7eba4ed590dfd9a1f32d7c843d5efefeadd68cb05d62591

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    195b727214e807b518a2935f83f81949

    SHA1

    a347628038f6f96baaf93370f57394fba343e2c2

    SHA256

    ba63db8a3f856545cecac1b9bd406700902558c4cc3acbf7853aaee5583d7a35

    SHA512

    c3eef6f39023d6b7d64c7a1584f8484555c9978723d71db69a7b3098e34ce6bde3a1b14ee086d2f5bf29c626e52ce336be7c0522540aa82077f68625003f8c14

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f7a61cf7665ca29f32d590e6875243bc

    SHA1

    8ac8cba40567d11f9a542720dc7bd924ee7c621c

    SHA256

    2491ef428390c6f31953894a8eea790fe36fb18654121ad3581293e03dd80c8e

    SHA512

    29c504209983cc532cfda0934225d8d39e6aa55fce513b8880e478dce627d7ff31621e2976698ba69621982def55305f291b54dd794a01ae38453d7efb322a0c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    df6b68838af03e11eac03c0f97dcae6e

    SHA1

    c52c8a596427b42d5a50279f172e885e622c4bfc

    SHA256

    26b1066ebcfba730fa97cf23f66f1af80b9aade66c2e4e986f89623ce44739ea

    SHA512

    7327fed9cb87dac64f9e6a4a3729fa680f8949a159bcca8a339242c71a157cebe7881d582c2cbaa67893362c1d4dde6a2fece6892d6a0d54e847f80bb89ead37

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    58af4661d572433ae5b0ae6bea243c72

    SHA1

    4784f794e177acecf3cd9af9a59e395c6f35ab89

    SHA256

    968f2eec50d97e1c178f54eb44f31f40c779643f7cfbcb210fd19fe0e019d03d

    SHA512

    b68193928642cfd229408be08922a3228fd78e03dd3d7dd336db9490cff1c6ad9bf794880a9b002d55baf8346152e253c61ef9a4c3dd8dca82db9764d169afba

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOYUJSME\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab404F.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar41ED.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\usbip2Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\usbip2Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NVEIK5TQ.txt
    Filesize

    605B

    MD5

    95153e73cb15ab2ea0f8aab3cad0c141

    SHA1

    1b6163c0a742dda11db259ae61439a9d7f8d9f98

    SHA256

    e68b2e6bcc0a88e2885cf947bb27017d85c3267b44bd720614a136fb582f10a1

    SHA512

    8c33d1ccaf1541ae85bd0bc9cec649e069b4551c76d676e9a7ee6cacda74f3afbc97c838c1c975a96fba31532235bba463f6c57dd2e4562f5498b60011abf022

    Download Submit
  • \Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit
  • \Users\Admin\AppData\Local\Temp\usbip2Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit
  • memory/932-69-0x0000000000400000-0x000000000042E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/932-68-0x0000000000240000-0x0000000000241000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1072-65-0x0000000000400000-0x000000000042E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/1712-60-0x0000000000910000-0x000000000093E000-memory.dmp
    Filesize

    184KB

    Download