Overview

overview

10

Static

static

7

0da24e9a4f...fd.exe

windows7-x64

10

0da24e9a4f...fd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 07:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0da24e9a4fe58ac5beb38be8ccea52fd.exe

  • Size

    149KB

  • MD5

    0da24e9a4fe58ac5beb38be8ccea52fd

  • SHA1

    a6d12e8ad8e3eead695c490913d845f5e586df68

  • SHA256

    15bdce9489d2c74c5c88a5a8f0140e60982c038c8169977a1a2c1f0aebab50b9

  • SHA512

    8dcdcfcf1b13dcf11bed9dc0040fb832df7f4c154a34a4f88e0ee38c1c38ba7c357397c711797644ea9bd525d081987521d1cf001b96a96026845c87442c7237

  • SSDEEP

    3072:RROzoTq0+RO7IwnYZnSDADeak7dJHB/A9ouUljtQnjPtwi3gSO8EeL:fkdNwBGnSsQLH5A6uzPtw/j

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0da24e9a4fe58ac5beb38be8ccea52fd.exe
    "C:\Users\Admin\AppData\Local\Temp\0da24e9a4fe58ac5beb38be8ccea52fd.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\Users\Admin\AppData\Local\Temp\0da24e9a4fe58ac5beb38be8ccea52fdSrv.exe
      C:\Users\Admin\AppData\Local\Temp\0da24e9a4fe58ac5beb38be8ccea52fdSrv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:312
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:3016
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 120
      2⤵
      • Program crash
      PID:1596
  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2708
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2664

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    12a8a4b272bc1fb01cfe900b24bec847

    SHA1

    fe6926725db01042d2d486be183b0cb1cc3f7e57

    SHA256

    048f18b896e3cdf7fe463053e865b0245d862265f9a045c5b1605ed8589d877a

    SHA512

    354753f4749bc1800ecea22f9b74cc1b734000d9fceca8b9bc2e1a54a22ab223064d13506a4426a3e8f9f1b1e5e688ff24f9bdeffe1023b0a7f90b35a41fc3a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a6e51da0a9509459ec8596909637cb5a

    SHA1

    468ba6ce1a78b45f1229a283e6fe31c9db247c40

    SHA256

    5b3a9241c8ded96962df9148b26ade3383e614337bb1160d8517f478f5db42d2

    SHA512

    0014c37ec518dbc7d6f79f61ce9d39efe72e55534f9d704947955699741c3f691142ec896215579181811c697752a6d7fad82c35253002beeac5e0e437b3a7ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8ba648828df90751485f25e17b0d5c58

    SHA1

    79249e59384508a6510367b1752a569e3f546e4f

    SHA256

    dbfdb2d0dc0f1e989084ad26c01467d82d798d8a5b3105c39dcd85bf323958a6

    SHA512

    38bf570bdc44e9b02376df2c8274e9b308f34b16bd136d1ea6f9f28598abfa6f1d1758a464e05429bb58289e60c14210cfab8ce4ca56639aec45ff8a907fea5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ceec2d347bcb9acaba72551034ddd580

    SHA1

    eb958045fdac5c778deeac4350dabe08ea02e90b

    SHA256

    09e34cf094f7179bf7bfefd8922c54f20831e4e746e2dd7d3c7fa821ab90e764

    SHA512

    ef38890db1d826f0d25b6a78f3be1855ac609024a28566333a54d34b5da2449d455cf53018ac4a5d1575fbc0a507eedc26448ebadb61e2e5a9c0e5a62760e9f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d7cd521bb6200fb6bfe6dbf2eda93e8e

    SHA1

    5749615911a742440d30ddfbf2f88d210eeea87a

    SHA256

    eacf8851671fa6dc2a0dedde1310ec73c5bce1d563dce3e3da9d0365993cffbf

    SHA512

    f1357c4b5745552bb74c52aa1a212a6d19cd06121ce46c353581b6774789bfd039349c6e9705097d6920c9b415fda3b9361327a670268c3dfc131bda44de2546

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4195.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4215.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/312-17-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/312-13-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2460-0-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2460-340-0x00000000001C0000-0x00000000001EE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2460-339-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2460-8-0x00000000001C0000-0x00000000001EE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3016-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3016-16-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download