Overview

overview

10

Static

static

3

06fe771d38...e7.exe

windows7-x64

10

06fe771d38...e7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    3s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 05:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    06fe771d38554d76d8062e77dbf7e3e7.exe

  • Size

    380KB

  • MD5

    06fe771d38554d76d8062e77dbf7e3e7

  • SHA1

    9b1e9b74f79e9ffafcf9bc05edad17fb2032ff00

  • SHA256

    8efb1e2bfe1fde6640feb7ce70f3235a9cd7f474cac06f2414aead965d107c69

  • SHA512

    6f657686fd867a7619bc903b6dc4201b9b2ee5501eb41c03b0cf8b5075043930c5cc591386df8cc564995400740944f144edc3b8f3b64501de09313a26bf2e18

  • SSDEEP

    6144:eMTi0+lfh+L5qe9T5q4GAFzWTBPMmC1UC6fOaIajXBmOWhvP0k2Nw:eMTi0uhMqe9ts2zWTpMmCG7B9mOWhvPV

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\06fe771d38554d76d8062e77dbf7e3e7.exe
    "C:\Users\Admin\AppData\Local\Temp\06fe771d38554d76d8062e77dbf7e3e7.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3620
    • C:\Users\Admin\AppData\Local\Temp\06fe771d38554d76d8062e77dbf7e3e7mgr.exe
      C:\Users\Admin\AppData\Local\Temp\06fe771d38554d76d8062e77dbf7e3e7mgr.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:4832
      • C:\Program Files (x86)\Microsoft\WaterMark.exe
        "C:\Program Files (x86)\Microsoft\WaterMark.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:3156
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          PID:1260
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1260 CREDAT:17410 /prefetch:2
            5⤵
              PID:4048
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            4⤵
            • Modifies Internet Explorer settings
            PID:1568
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 460 -ip 460
      1⤵
        PID:4616
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 460 -s 204
        1⤵
        • Program crash
        PID:1052
      • C:\Windows\SysWOW64\svchost.exe
        C:\Windows\system32\svchost.exe
        1⤵
          PID:460

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\06fe771d38554d76d8062e77dbf7e3e7mgr.exe
                Filesize

                92KB

                MD5

                c78fb1c82cb6daf7fcda217496d84f50

                SHA1

                8817b84e5673cc4176916a223ed27ea1508ca6de

                SHA256

                f8b7cec00450a562c23f1f81f5ada865695627d6dd947db0b36349ff121fca99

                SHA512

                13b08418707f434408f05df51cf4abe5baaa9b3136c4fdd8f8d5e12fc25382a02a930058c25521f3a7b1e2e6edbdcaa4be64d8276e2ab56e03e090660d932b7c

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\06fe771d38554d76d8062e77dbf7e3e7mgr.exe
                Filesize

                92KB

                MD5

                da8e2b7aa75981fc5d51ac8d68b7a797

                SHA1

                35f1a313cb40adb505bd301b87c89f489447b181

                SHA256

                005400a62b8008364d7b059a09adf1b344df6ae3f37f3828a47d7bacdd7cda96

                SHA512

                cd361dc8a1b6bd3aaec931b8caf060a59d0f4df4f25699c54b3fd5bbeb5df45bc5d40eddbe3cc99c72d5f32310ad3fd98c3132ecec963d774cdad905979f343c

                Download Submit

              • memory/460-40-0x0000000001200000-0x0000000001201000-memory.dmp

                Filesize

                4KB

                Download

              • memory/460-39-0x0000000001220000-0x0000000001221000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3156-36-0x0000000077992000-0x0000000077993000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3156-38-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/3156-34-0x0000000000900000-0x0000000000901000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3156-35-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/3156-25-0x0000000000400000-0x000000000042B000-memory.dmp

                Filesize

                172KB

                Download

              • memory/3156-43-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/3156-41-0x0000000077992000-0x0000000077993000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3156-42-0x0000000000070000-0x0000000000071000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3156-44-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/3620-28-0x0000000000400000-0x0000000000460000-memory.dmp

                Filesize

                384KB

                Download

              • memory/3620-0-0x0000000000400000-0x0000000000460000-memory.dmp

                Filesize

                384KB

                Download

              • memory/4832-13-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/4832-7-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/4832-6-0x0000000000400000-0x000000000042B000-memory.dmp

                Filesize

                172KB

                Download

              • memory/4832-5-0x0000000000400000-0x000000000042B000-memory.dmp

                Filesize

                172KB

                Download

              • memory/4832-8-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/4832-11-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/4832-12-0x00000000008A0000-0x00000000008A1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4832-14-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/4832-17-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download

              • memory/4832-9-0x0000000000400000-0x0000000000421000-memory.dmp

                Filesize

                132KB

                Download