Overview

overview

10

Static

static

3

1b4b0aa9ff...c4.exe

windows7-x64

10

1b4b0aa9ff...c4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 11:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1b4b0aa9ffe391ce1f0602ce7a9f5ac4.exe

  • Size

    105KB

  • MD5

    1b4b0aa9ffe391ce1f0602ce7a9f5ac4

  • SHA1

    adcfc7a487c3f94f7f6f9f4868a356ff421e4aff

  • SHA256

    27b11bdfd932f227da05d78c1f77ee5f4f493f93c1c031236483f440fc8c8a29

  • SHA512

    3022589001293cfc4b80584f0d6e029170d99a1968ce34c4017b5760762c93ce7a392e7713d982c3eb60e78a21779b7b99233c0c981bee2ae3249bc24020d915

  • SSDEEP

    1536:1zZZpp48Zd0lo+4EMMyO3OexOSEowTwBjzvcmJoxDWqfqNII2Ca2:tZSlI/HUOjSiToj7CEqfqg2

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Loads dropped DLL 2 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b4b0aa9ffe391ce1f0602ce7a9f5ac4.exe
    "C:\Users\Admin\AppData\Local\Temp\1b4b0aa9ffe391ce1f0602ce7a9f5ac4.exe"
    1⤵
    • Loads dropped DLL
    PID:1320

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\~TM517A.tmp
          Filesize

          1.0MB

          MD5

          f053040bb6215c3046dc1201bbe2bf93

          SHA1

          d026d3e44eab4c0548163c759ab61bef0ee67378

          SHA256

          89c4fb404dce26abca72ec82af5ab67d03dd356369aa0116dc028857a7ac9434

          SHA512

          b7a84015a2dde9190a616f04d718e081e766fad7ee12d48061af95ead13fa3b457eed7e1957247dda78190d312595bbd0f57b89a040eb6deef255a85fff2cf58

          Download Submit

        • \Users\Admin\AppData\Local\Temp\~TM5207.tmp
          Filesize

          466KB

          MD5

          6e8b30833e340db70f0f57f4cc61b449

          SHA1

          a039f641abef2f6beafc5627f006e895b0de2bb4

          SHA256

          cb23fe1978c91b5ac4e9238ef4e4c74013e4fbebe9b0705d234b1679871ac8ec

          SHA512

          fbcfe07f19ccbe4a1f7f0e2da19dd86e7a2f96ac09a4237f7a5ad844b98a0c74404c6e78a2f878f37d7886ac7711b5acfdab555f044bda9658d433ddb4eea204

          Download Submit

        • memory/1320-0-0x0000000000400000-0x000000000044E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/1320-1-0x0000000000220000-0x000000000026E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/1320-3-0x0000000000400000-0x000000000044E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/1320-6-0x00000000778CF000-0x00000000778D1000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1320-9-0x00000000778D0000-0x00000000778D2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1320-7-0x00000000778D0000-0x00000000778D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1320-13-0x0000000000400000-0x000000000044E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/1320-14-0x0000000076F90000-0x00000000770A0000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1320-15-0x0000000076F90000-0x00000000770A0000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1320-12-0x0000000076F90000-0x00000000770A0000-memory.dmp

          Filesize

          1.1MB

          Download