Overview

overview

10

Static

static

7

Device/Har...dF.exe

windows7-x64

10

Device/Har...dF.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    100s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    02-06-2023 09:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Device/HarddiskVolume9/RECYCLER/S-3-5-01-4621304173-6055156028-813125507-4057/TVnHnIdF.exe

  • Size

    185KB

  • MD5

    59157bcbfe97f9f8b00af1eb39c87a53

  • SHA1

    63f11e1730237a17d71bb1927e67f561a7dec607

  • SHA256

    d49df261cebcfdc69c73a485002786c0ace31ee0c85cbfe45b830de3c737b941

  • SHA512

    034a730883b0436326b67e996182e0749513f2e1be8b554ff91cfc121d0ea38c7651e0b2dbfadcb34e7b43b54b2fecf35cf8135b227ffe6717e356c5f17ca65c

  • SSDEEP

    1536:+OC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfBi:+wV4OgSzBmh04eZFkz3Rr0gwGj9Tf8

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 55 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume9\RECYCLER\S-3-5-01-4621304173-6055156028-813125507-4057\TVnHnIdF.exe
    "C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume9\RECYCLER\S-3-5-01-4621304173-6055156028-813125507-4057\TVnHnIdF.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1324
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1276
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1276 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1292
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1980
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1980 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:340

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4ff38d30a5e8b424aa48f90fc37599e4

    SHA1

    4a07d1e507dd3cbda46ab741176bf5b063a823bb

    SHA256

    92d802807a72d5b8633a82e09d00d5cbbb080d0e69c5286bf62522769d7aec9e

    SHA512

    ecf27b56939a8c6aafb1f1762ac858ae4373ea28af6598ec868d76dc5cf55a0d34a94ab74ccba86341ee4946f471705bd6b2132a651b731ddb49fa4b9bcb272a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    95eb4cd6b8d832068e3bca48e7640947

    SHA1

    a6a21d1a9140965fadd7a4bf1f3ada0963cf8424

    SHA256

    7dd314c17f3e2d9ee86d2686673914bbea78d2f8704b910a2742095061ded528

    SHA512

    51217a689691f81b5e84899b2f5dd0c449b13196043340753652f167872455a85b4f4b49cba4c151f159d3b7624c7d0f403df89013061e82ebab2e5846d1f86c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3d02abfcbef4e775220c8e0da6fe2c04

    SHA1

    ea77b0a3fa8ef42e49d6ef6d8a40a94d40cbce77

    SHA256

    d6e2dd136762fe7831d32c5d12bb3952950498f02914878978a8837c5e8a5eb0

    SHA512

    402b1ee0151cfa9ada9658710199a43b496eb823ef85e3ab896d0d157a0eb96997f7297f64b6e768c85892a44055c30b61a0ddf1804b521e07a8e2aabba2db0e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b69a88e771171ff7b96e7a90c826209f

    SHA1

    ee0176cd0374799872d8226caa401bf97dafe758

    SHA256

    3b6038650f925819deff9d4bbeaebda440c62c917581ef8dda7cf527ebc31efd

    SHA512

    5a7d2aff7d934a31cf4ba6c6f4fc157097cc96e8b2587d9731b07e23f99c0bc39f5470f6f6314534bee3d47f6ae5d7da4b304ca169c1db2217157e35ae0c1146

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8e1e1b9bbe7db4333ae5b291cd244df0

    SHA1

    b6a9f3ba6dab57cb22330402ce110b52f733734f

    SHA256

    e7e952890c578392001bde4800c8700afd788739e9414b49a109d0d8b774ea58

    SHA512

    34fb38c3a4000b83401245d9ad37ed620f786915f875c74c7a24e6efcb622235f36cc4116aef0c8556577c6e8a138cba41fdd050c4a5f9aa0de1abad9668f424

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5aa9c57cf02d642646b634d2ff19edda

    SHA1

    4a1125393f738476013245a660d4fedc3e9398d0

    SHA256

    7a026dad55ae1fcb129439738115cea86201f70175de756fca0e2f42dcb55722

    SHA512

    c697396b8827ba3ef8e5b5884f6ecef47d84762fef94482e22ce5a5abe44a10d624ed44d23ae126ce514539cb4443bca45c55171be12d9411bf5ef5945e822a9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7beae88bffb9231bbdf8550c4a13c259

    SHA1

    555a6a08305f4b3ceda5fbf237c27ef8e5de1be3

    SHA256

    05fd058fb6fa864ee51c6084456b68422ace37c6d9013c395103a85f7b3a7ee1

    SHA512

    cb3640cba009099fa067560067f6b18439f4f855eb20662785d19945fcb155a96a34d14927c6a849ba547facc6604120643433abef9551da7cfbe582c072c1b3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a1292f4182a9e231ea36f8a0cc468da9

    SHA1

    30f39b04bd8c378a9629a69eb496e14bfe533669

    SHA256

    172700ea81bdad90b3c97307f775c0b884b9837c2a09a16c2ed0b0fd37c1671f

    SHA512

    da5842e7ac9fd951b607b7ed9ae661c11f556328db745ccdf765b523aa8fcf9054c7632d944f8b6bcbaf18bd52995d93e4d0cb7b724b8ba4b28f36773d5a927d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    58a96d9ca097a1ca09e3348e949eb9d5

    SHA1

    cceea63ee78af87774a87d2ac66de1fce8de4984

    SHA256

    9468dd4b735255313020d87674373269ac4c4c109e07775454ebfa9a3d3532d7

    SHA512

    ff2855f2084b0508cd352f3f52e4dfcaf9bd543146d2934445db8b3e4f27c3017d2e4507e26b92c248d6db10cecc9827801c351bb3a60601e25995f54dd61a1c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c119554480deee0d2ed9d1b8a0b0b52c

    SHA1

    072dc6f6501a1dbbe54fed820daa55ae87001676

    SHA256

    4fa63cf7e8b6f3f6b61bf3b423d31ecbc02d8ae40cb20f71543fb77933b6abd7

    SHA512

    7010fdb024f666af634804708191dd7add721afae2c8b0c71b50e2d983c9c277cba05cf5ccdb59b8b93f5aa8bf420ce66e0c1a27f2ea29004fd102f86c2095bb

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6E07E981-0139-11EE-B88A-7AA90D5E5B0D}.dat
    Filesize

    3KB

    MD5

    f43a1a7749e891d9d19836d4eea8c4b5

    SHA1

    f6275542135c6bd57b51aa54133dbc8d13e8ddec

    SHA256

    4895b2d7146705a8275dcff51880c81a42aeba06bc8a7c88e170f87e2bbbfc09

    SHA512

    98505c400c48d287175b48b13655977e5d14eb6137b3e66d384f43616f895903172d2a2a2028ec8c30f57d2d09893b9174327ef38dae6189374c6ec9f0fd7918

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6E09BE41-0139-11EE-B88A-7AA90D5E5B0D}.dat
    Filesize

    5KB

    MD5

    4d009228c4b74b78c03becdfea990ec9

    SHA1

    289f530c2bfcc90b970a768d7bd282d12f58804e

    SHA256

    82509985d0b931d96852393cd6dafaf03c6fcbc8d19be1b67eadeeb49a6b9f11

    SHA512

    db7470b6e25fed3e2506941020c061ed3ba1637d8edaa2d37c4e6dbdedd6f3f2c53e958205df05a746444e66d9847ab869a433ed22353243822ab3190959a328

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TOS3MI7U\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab4684.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab4745.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar47C6.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\N9CHHM2C.txt
    Filesize

    607B

    MD5

    c0317b24ba8c402977943ee2a52d1c0c

    SHA1

    8a27cc445f77a3ed3ee37680819f260b7ecb2b88

    SHA256

    2ebe414bf46f0ce662c5df0f950dd0ec8c1036266b4c128cb45c54dfca4fa1f1

    SHA512

    11011844f1c9b0199fe846554a06eee567268ec1d612793dabf8261a6418b23262946568e1ae8acbef9a1c608059b8a8a0920d9b9a2af40e5d2a86ca01c9b470

    Download Submit
  • memory/1324-54-0x00000000003B0000-0x00000000003B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1324-60-0x0000000000400000-0x0000000000472000-memory.dmp
    Filesize

    456KB

    Download
  • memory/1324-59-0x00000000001B0000-0x00000000001B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1324-58-0x0000000000400000-0x0000000000472000-memory.dmp
    Filesize

    456KB

    Download
  • memory/1324-55-0x00000000003C0000-0x00000000003C1000-memory.dmp
    Filesize

    4KB

    Download