ramnit | e5989273e7c025a7dd2801cf410667e84755f17dc9cc9a0e6e2f5e33dc01c29e

Analysis

max time kernel
122s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 22:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1734abe3407f61e9ae95c46ba0f94b2a.exe
Size

84KB
MD5

1734abe3407f61e9ae95c46ba0f94b2a
SHA1

168ecd346b31b10dc710b9bef26ae62a67888ddb
SHA256

e5989273e7c025a7dd2801cf410667e84755f17dc9cc9a0e6e2f5e33dc01c29e
SHA512

61dba6e7aa79482390e480a6d9d9e4e87d73eb02be5146f99e05247de243864e7f6302c98841e50ed5d63b4fb64369f6e3755211977f683eb90b6d77c74253f1
SSDEEP

1536:3ODUngi71V1f8TjQDkF2l3BPoesXv8So3fpl1hFasN:eDUngiD1f8TjQDkF21lHO8SkPhp

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit

Loads dropped DLL 2 IoCs

pid	Process
1232	1734abe3407f61e9ae95c46ba0f94b2a.exe
1232	1734abe3407f61e9ae95c46ba0f94b2a.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1232-1-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1232-2-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1232-4-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1232-5-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1232-7-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1232-6-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1232-9-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1232-20-0x0000000000400000-0x000000000041B000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2692	1232	WerFault.exe	20

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
1232	1734abe3407f61e9ae95c46ba0f94b2a.exe

C:\Users\Admin\AppData\Local\Temp\1734abe3407f61e9ae95c46ba0f94b2a.exe
"C:\Users\Admin\AppData\Local\Temp\1734abe3407f61e9ae95c46ba0f94b2a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
PID:1232
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 128
  2⤵
  - Program crash
  PID:2692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\~TM7262.tmp

Filesize
646KB

MD5
40fdfeab8ef96c278fa43d3a59f529f9

SHA1
0e41be487787bc17a16c26fea6f2045d775893f4

SHA256
bc2948a9d09e442b383f7a762764ccc82447fdf4706892c6f891bfc8eb6b378c

SHA512
9ec64e3db41f4aca0b2c0383a9856b744e5a22b5e2601705f66db8a7942718910c980dba5cf91ffbb5e5c6245a10b486f7b085521f7be729d29bd2e96899eff5

Download Submit
\Users\Admin\AppData\Local\Temp\~TM72C1.tmp

Filesize
428KB

MD5
610dd3d51d7d98946a7c0c1b7e0d1764

SHA1
46dc01359169baa1569861d06a83a27d067823ef

SHA256
2ae30036b7f7dfa4cc579db9bc19d91f2915f72965e137ce39134d87ca31eda3

SHA512
cf9da5a3c941c549bec9ac6bf9cf135ea38edb5338ca65f4b26b7dc8d34fc95b4fbca6c1de3a2cb5c5bad6e40c44caf44df585ff767bdef0fb70946dfe39619a

Download Submit
memory/1232-9-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1232-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1232-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1232-3-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/1232-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1232-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1232-0-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1232-4-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1232-13-0x000000007758F000-0x0000000077591000-memory.dmp

Filesize
8KB

Download
memory/1232-15-0x0000000077590000-0x0000000077592000-memory.dmp

Filesize
8KB

Download
memory/1232-14-0x0000000077590000-0x0000000077591000-memory.dmp

Filesize
4KB

Download
memory/1232-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1232-19-0x0000000075010000-0x0000000075120000-memory.dmp

Filesize
1.1MB

Download
memory/1232-21-0x0000000075010000-0x0000000075120000-memory.dmp

Filesize
1.1MB

Download
memory/1232-20-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download