Overview

overview

10

Static

static

3

NEAS.11867...JC.exe

windows7-x64

10

NEAS.11867...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    31-10-2023 15:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.118674738c34e0537a8f49a4413ab9e0_JC.exe

  • Size

    123KB

  • MD5

    118674738c34e0537a8f49a4413ab9e0

  • SHA1

    c597a09a99aaf5aefe76e919e21a468ee95b5d15

  • SHA256

    faa9073fbd0b4f73d02d02950e83c3b30c63b5eaa58a116ac538f2c21d7af41a

  • SHA512

    3930e253b8dafd7500ec3498311c4fe28752cb3c40182071b2f36fcaa1994f30a1f6016076bf7b370eebc180a47e3fc323d46a219a950b663761a839039f3ce2

  • SSDEEP

    1536:Gobf9jL6nu2X5o3WukErANXzL90+wU3sK5QYE3CmKda1Wk+VrlAiyxXUUfTFJ/1:GobBqJq3ZruXzi+wGstiuAVR5yxXt

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 10 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.118674738c34e0537a8f49a4413ab9e0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.118674738c34e0537a8f49a4413ab9e0_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:876
    • C:\Users\Admin\AppData\Local\Temp\NEAS.118674738c34e0537a8f49a4413ab9e0_JCSrv.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.118674738c34e0537a8f49a4413ab9e0_JCSrv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:2216
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2240
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2672
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b76fd7257a6fc96aa822cc377ca62e62

    SHA1

    74f0b4d7973c5b6b642858dc0897a2c83c531405

    SHA256

    0d2f6b771be2792559ff4725d187edfa792a361591e4ba333f453de85ab5ae89

    SHA512

    f0d77e102e53b17407e0bf5e2abb1ff00a1219f7fbdef7888983bec238567e94671c5af0e357439b2a2e91be23fe2e663221e856460c3581c9baa67d9564d6fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    07d74834647d4914a8af3137d2533117

    SHA1

    78b30bf779dee654c2bf7ac2fa960986ad8edb64

    SHA256

    d4d4e3a6b92811dd50fed4e72d2dc09c26372cca7766d33430531184fdb8d8c1

    SHA512

    6cc86b2fa162957ff40a9f19aed7795d20186a47d61a63286801d36912a1701db8054b5ee340515d4f4ee72d3184cd3ab0f34e887915049616d81b6b55f1802b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2c5952304e2efecb8e1f215c4f966018

    SHA1

    03f01fcef5b5a5d544fda8a1032366844b32f20e

    SHA256

    663479289ef59e68f4c51e762a768de7b19c6f761cdeed2dbf787de50b2bd208

    SHA512

    f58679f509a862fbd98cf8828b7b72217a0ba2e18732c1a4b2f420468ad6a99348278935f4fe5964ce621367d10858791d5036c2f80082851f57854b3d26eec8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4bb81df95dddab104aa7a3e1c72f446f

    SHA1

    f811cfcb528da2673b510e621b3c88129520a8a1

    SHA256

    4f083bb7ebe57e46ae691413b8204f9f791cd7b0d18663ac1ca071cc83a0d521

    SHA512

    bb369e32d29f70f3b87db8c9a05b577f7810ebcc0cda9ff0c32208b1a6832ec5522c5e7966a3b4dc5907525d2538d2562c5eaeeaa30f453d80e6781c84d18c8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fee252421351227f575835594956d3d6

    SHA1

    cad895922a6683e92d477cf5e83ccad6b28021d3

    SHA256

    a19fa06ff098407304c71a2ad38032048db7362b04e6371eca8998ff3675e82c

    SHA512

    ac4a002e3af6e2fc86d5ce3c3228c6472132b94b364608e95b27189ce7f0849f919bcbcc8189bf55544d8de6b47db2662603b8e223ac6a1cbcd52b5f3a8ae886

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ba594b905e3aa75fccc839f5db49c698

    SHA1

    2854788c55c8fa4b09981f8b31193414c2b63e2b

    SHA256

    21e7ed750ba1a7fa3b4f3e94542c0fd1da9118f25a71a3e30aa365fc2d0e7764

    SHA512

    a44def2da4628c049318ac2b1baeba7949da47c98c7e3c456853e4faa510986783ad51243d8d86b3a7eb94220db95afb762046a14f26b72e783d555dce210b06

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ac7f9aa618e791b711bd51481f59a6d4

    SHA1

    7d82c82774c2b038549236ec02b5805a170d228e

    SHA256

    e7fc5f3210775931e79af5d50f2249ce6097dcda08a73e610e328e59da149f24

    SHA512

    8265f579e2dee36274e665bfaaabcab7022adcd6945913bbbb0d44d6bbd9d015edc5769c5da399f597c03b93eeca939a284257538e8106582f1b9cff6a2b0e48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b513767110110af8e75716eebcc52202

    SHA1

    7a6d718df14771997f137611ae2b347e58c72c87

    SHA256

    823633ce52899b6b9b1aacc3dbc67521dc5124fb9ee8e2610a9c1e90b30fa169

    SHA512

    4a208d9424e59037a5a499d34633245b6b0fb8d97b59fe1a4c7937cb3d180c179775cc792ce9cb70dc289efe451da9ba5c5811529d4c90da078d7991ee6f8abb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    99f70be0bcae36ac011f7f061f582a09

    SHA1

    0098b226ac921f381575be4a9f65c642bbb2ff37

    SHA256

    312e41bec164b431d1176e72630eec086b8b8a0d67701614bf60a0613085c4db

    SHA512

    dabcf96ab410109b35e587c4af1ee573a49d83bd1118ef1f869489fc96e260609efa5d476e32f96b160e9152ab61a0d3ccf47c30801e42582cac1385bb35b061

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f14bad60167a9a527e50e05436fdac58

    SHA1

    1847a1d375881389ee6689bb7e1f6186d104582a

    SHA256

    7a4a5a64d22a1dba8d8c193c172db5c5e768d505f64b360c770f5e89999cdab8

    SHA512

    9570d2198202f82c282393a49bb1dd321fd5a3b826a29d441bd0d4b287b5484982e0d8361776aee53b2717d1e3326bcbf4d3c82e16ee678265b40b6d35245303

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2393640ed48a9717f743b2f63eb5e934

    SHA1

    131e0701654ea4cb314b2b521b9fb1a174dfdf67

    SHA256

    29a7c0cd8267a0a587e01c230822c19fa1db9af15e2d8659da6ed00376d137aa

    SHA512

    b623584d90c8633b66df3375eddd5c17ffb611e2f63b1651974ab002b9e0537477d4056ffb18c690b4cacc6acac4a93e1687c71901bd47292d6b76da5a767bc9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    18c08fe4427fd590dd49dd7ea9d7aa0a

    SHA1

    40210c3c87c4d338006f0ceaf1473732951b41b3

    SHA256

    c80e19e2627b0591f9d0e05d2252873e27f2481a097dd843b0d59963435cd2d6

    SHA512

    ee4182a4bee400ec16e704e899e32ba55c3beb04f25f80973ecaafe6e1f3baff8fb04591174e709107d9e00cfe15c5ce745eae381f4799c4082c388984f5f844

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    75cb9f3fbecaab9744400a199b74cf32

    SHA1

    095c7cba63a6aedb17305f3d0e78c775f796cc18

    SHA256

    1d286912b1ebb8562455cbbfb64a9bddd37ca00240a9b9b02b39fc8f970bc6fd

    SHA512

    6fccfe21206f08d08cdf2abc8a639f42047a566e2ba7237fe21a549e4f1b2edafc12a1e3196c7014224e3e42496d111951517527cc8b0a753d8ab68dd206ee5f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    08e7e359a12710773c1796492da467f6

    SHA1

    478ecaa42ba715fd7b3d120ea3f9e658db324aa1

    SHA256

    7542708f16a14cfc80c369d9fb162df139579f1c47d8d7746006bfb6040f00c3

    SHA512

    7d2c75d96b35f3d94766352269094afde664accf9a01ed1893d3047d063f56cf144d7862f8aefa21d81dad8cca6010c91532f23248758ecad61436e575fe38ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f79326dface62c4bb869d035be0ee37d

    SHA1

    c41a1eecbaff9110fe8833564b191bd955b085ec

    SHA256

    b4f2360f162cfa8e9b8353f9a8e9824c5034774a9826298d8d216737096ab55d

    SHA512

    6f96e65e57f0611028feac31447b9764861d5f34ea6f6c630fd1510e563340ebe38ad202708a1175453281058792489956629d0feaf1cf101faf7cf37429ea68

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    582ba1c1f00f3fe72a7508f21debed17

    SHA1

    eaf511cc6fe2620347f77b1b438d07f022e8fc22

    SHA256

    fac70cc5d48b4d5bb509f1499f990302f593cf99995ef88b9ebe398a996adc9a

    SHA512

    e529105fc98f7195d28cbb0b461da66676beb7d7d26942596e884515823cf34015d14e8c8baa3b3e381721c09784cc8399737783f61c2b121dac9af5b3c8855c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    21cb512a65592f3cbb646b00fb40d7eb

    SHA1

    95bb7d74cfa574759270495a0f3dba1437263daf

    SHA256

    2328a5c3fee4a1da0b5d206c1115c403ac251290772c1ce5aa32a2181b806a5a

    SHA512

    d361108d1cad1620d4189e248b7f6e5892439206933bc0aa651cb071a75adc9a8f1bb9b36a8beb8815a59078221333aec6241edb84ff6d04a9b65a7826f6c873

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c341c4733d17aca3f1f7b21a5c963179

    SHA1

    24a6420a2ed30360e5884531907d86acbbfd300f

    SHA256

    99e82e0052155727ab1d53af68afd49b2adbb02afa25f1fa0d3387a79b3e36c6

    SHA512

    96ddb891f53004219639277161bb0bcf1e93579e8f7a23279212e71d6f1f15281d19a56ead57c0bfba18d4cf2b6605f5595127d6e8b9f5482c6c991fa5821321

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    722f84b8a64add5f6089338e9c5b9d93

    SHA1

    ebc84a5b7d27c5e23bc0912f37b5adc991ebc787

    SHA256

    91e3b8d55df421a3a7bb66b7b1c774d0ab78d274eaa38cf8a6aeadc00d58e13b

    SHA512

    207ad8fd500b6d22124ca8ccc028d95de0c1f46e8f3e4c29d87a5fe28162c554ad56b2ec3f54ccf401e427d39b5df27c2f23187799d2bde8c4fdbfe84f310860

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabAE0E.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\NEAS.118674738c34e0537a8f49a4413ab9e0_JCSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\NEAS.118674738c34e0537a8f49a4413ab9e0_JCSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB023.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit

  • \Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\NEAS.118674738c34e0537a8f49a4413ab9e0_JCSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/876-5-0x0000000001360000-0x0000000001384000-memory.dmp

    Filesize

    144KB

    Download

  • memory/876-233-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/876-0-0x0000000001360000-0x0000000001384000-memory.dmp

    Filesize

    144KB

    Download

  • memory/876-6-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2216-451-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2216-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2240-452-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2240-20-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2240-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2240-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2240-17-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download