Overview

overview

10

Static

static

7

Device/Har...dF.exe

windows7-x64

10

Device/Har...dF.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    100s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    02-06-2023 09:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Device/HarddiskVolume9/RECYCLER/S-3-5-01-4621304173-6055156028-813125507-4057/TVnHnIdF.exe

  • Size

    185KB

  • MD5

    59157bcbfe97f9f8b00af1eb39c87a53

  • SHA1

    63f11e1730237a17d71bb1927e67f561a7dec607

  • SHA256

    d49df261cebcfdc69c73a485002786c0ace31ee0c85cbfe45b830de3c737b941

  • SHA512

    034a730883b0436326b67e996182e0749513f2e1be8b554ff91cfc121d0ea38c7651e0b2dbfadcb34e7b43b54b2fecf35cf8135b227ffe6717e356c5f17ca65c

  • SSDEEP

    1536:+OC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfBi:+wV4OgSzBmh04eZFkz3Rr0gwGj9Tf8

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 55 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume9\RECYCLER\S-3-5-01-4621304173-6055156028-813125507-4057\TVnHnIdF.exe
    "C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume9\RECYCLER\S-3-5-01-4621304173-6055156028-813125507-4057\TVnHnIdF.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1204
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1804
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1804 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1992
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1272
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1272 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:568

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    acadb0008cda018122a6f3608511af08

    SHA1

    9547b4dd45b2cec8c8738c05e9a7344e44404910

    SHA256

    b020a8fb81c7644dcae8c1913f1fcee23d244db5966c428e3d0eb69b9d37fe66

    SHA512

    585464019f64fd85fd0764047360fdd4d295f42d54a5132d57ded21c632dbce8633104f99095c7a5626c193179676801c8cbff769f206cf1297638ddafbecec4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f0cc8e52945273b567f4b954889a395d

    SHA1

    301c75b008f6ab1b639a29ded4243b3a04e1c35c

    SHA256

    d422514d2ea4f69cee511e0f734e7c73eb351e9be74dec59777ce344555543a9

    SHA512

    5701b98bb7352a38a91b6314c0dc8bae60c33f7d44975a8088f3b3881042e37085a217fc4eaaebcb14f5e498aefe6f02d171f995e3fa9934c9cca3087b28d5c7

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    02983f94c4d0a38bf1dec93ffba65c33

    SHA1

    35b0b63201ef1e4ca905b286303a98e4167565f1

    SHA256

    c16d589fadfe8628ce4b298e6e8c8ea2b4bf3efaf32d5ab49762573c0feb8177

    SHA512

    e68d60aecb145596d92acd051bff85617a8c96c9e55629518d7897402d76903e9f8892b219127a78a8be3fbe888ddb66eda2656a61529b81e3835b3f862e5840

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    352f02c279a92287754a0e4062b8bf8f

    SHA1

    1cbb242892fb36c3c6abf717b6e6dfd466f058c3

    SHA256

    b3d21ebc5d702e80e968492d5a62a338da50411b80fda91349858a2d1b4b83be

    SHA512

    0d5f8488d1f1c94182aea07a9a20b8adf8df703a8b3df337ee229dc14d122d0bfa68d48d4957384da8ee068625d11a9f47d3b4ca4924d48eec7ff896fa770a66

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bd6822386b6c03288f1a6a1d65712ff4

    SHA1

    d1fdff64ebf6253c16dddf4bc7ef99f54de50660

    SHA256

    e373454dd32810b278c1a75c2686f25b0a70bea745bff43603ffe68863d915c3

    SHA512

    ba5befb046c73f86d6051f129381792321a3b339cb77ccbe094f4dd740c60c0c3c86be78694734748d0c74b1fe8b9f68d8a7506678268ec40e977ed4b654474c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ce0ae82612195ebf0b6a13a18a001e17

    SHA1

    b89e42999cec6572d8807ec66169924cb8979b53

    SHA256

    d844a4bafe2ed2d8f44d2b91d58e483fd05f3ee8e0609a1c78327d3b50aa7c29

    SHA512

    e416f0b8385ff629ce2d5275d71ee56bfa77c2a3aaa95f5f9ca68b77c1ea96ac042aca888923f2a26fe725c442ca3ffc77d4621b7377788cc73bce1b1eeca3cf

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1df0c5213e33db47ce7e3ee5fa6d83cb

    SHA1

    cb8b7796888d244ca03da26a724a236b454c02ae

    SHA256

    0597e2d758b7c2c16d080bce29b8df964445107fbdc2717199fa4ce5319c2f91

    SHA512

    1797b726ac83888caf9070d08696da21a83fc75365d318406469298a13fe6a85541ad6fb61f53c3d19e85e5b7102eb5d48465887fd5b3261113a1fc8dd3ef47b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d11cc9c7fee1a52139cb083d860e80fa

    SHA1

    cde691e6075d81f321161ec4d0eb99a883bad195

    SHA256

    877df4ae226c18bb0b3a4ad76e1d94cf0e3ae68758166c757b1af147c74a22d9

    SHA512

    8d305b57f9621820aa16b4ed1a995f4668bed4694e5fd60b1dc3546494e283625358d17b1186e448614b43d47651a3fab06b23b317498c8dfdfe2a67c1edc6a7

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    69791728492b15ff6606668a7b4e5c2c

    SHA1

    0014c7f2d02ce6ab023df79ac618be613e270b91

    SHA256

    d2a0f0307b8f6a23011c2f5c529e91d3e6412690f26582b8cc8b9947881e81c7

    SHA512

    5b6a242012e247be92cbfb69f8ecbfbd0a29459f87e0cc8dba45f68fc491a311159803e965561434634467a6b5e3197be09c1d8c77c4481bc4d8103c4750edc9

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{92E74DE1-0139-11EE-98CD-D6914D53598A}.dat
    Filesize

    3KB

    MD5

    a2e6f6cea69ab2c9c56e3564c5464e3c

    SHA1

    e3a8b5633154e659095d7d538c4a7b27c3d296c2

    SHA256

    45f665398f98b3388d7fc0c59c8b2ed8d6352caf2c267bd322759d9be632ec1d

    SHA512

    1fc089edd450512fd37777e799ceb96b5c243954575f4cffcc213bc33118738663a34585b0a16bf04bfa08c5ba6571f93b030bef42158ff8abafa48ca38900f7

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{92E85F51-0139-11EE-98CD-D6914D53598A}.dat
    Filesize

    5KB

    MD5

    87130b15424b9f44e0c3e99c6568c119

    SHA1

    54cb6cbdb4b32848ff7c506d30fae10d6e8c027e

    SHA256

    6411ed6e72b244ecd7f5b3fbf2fcf5de52b2616ba93fd5a10743e1f52ee41538

    SHA512

    056e7c703e173b1c6047ec9f93bd7a94b4bd7a2bfc655f4e00468424ed91706d2391c1e8ee6ce7d918d186d0a18ad8645bcd853a3be3385e65cb85a1cc3f3d4f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACT9UUKV\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab1D24.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar220D.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\JNC0D16P.txt
    Filesize

    600B

    MD5

    4ddf12f90e4d6b485dcfea5a2c035524

    SHA1

    6c5fb111f78e2f1922ab81acc9a666d8684b26a2

    SHA256

    33499e832f97f1ea80e3aa49545e81d399ffd868f6978690b7c720d55a73d6ff

    SHA512

    83e88edd1b23b7114fe247bf700bec88c2ea799d42344689369537a97d259de2f06d04ddbf07cc3ad6d1f9497a32b27e2a95b8fc2e44ead87e977c5c14f9bd07

    Download Submit
  • memory/1204-58-0x0000000000400000-0x0000000000472000-memory.dmp
    Filesize

    456KB

    Download
  • memory/1204-54-0x0000000000240000-0x0000000000241000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1204-59-0x0000000000220000-0x0000000000221000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1204-60-0x0000000000400000-0x0000000000472000-memory.dmp
    Filesize

    456KB

    Download
  • memory/1204-55-0x0000000000330000-0x0000000000331000-memory.dmp
    Filesize

    4KB

    Download