Overview

overview

10

Static

static

3

45f43bc1c7...64.exe

windows7-x64

10

45f43bc1c7...64.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26-12-2023 00:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    45f43bc1c78fc9e1fba78f27dba63c64.exe

  • Size

    157KB

  • MD5

    45f43bc1c78fc9e1fba78f27dba63c64

  • SHA1

    ba1162946fcfa02165fd969722c35a45d9ad0abb

  • SHA256

    71fe15ab3232c4c7eb39546b329d8e1f021a8c39e5871701c9f43f4682addbe4

  • SHA512

    d41c2b3a39c4ee9323976f1b637f6f8d5e7b6fbf2981dbf9e41aa495de5aa6f7a25aaeefdcbd648e2fee823cae5d71f83405bf4677da11a689d276675d498b02

  • SSDEEP

    3072:Pr6W2wIcju6IIXlNPQmTh907Y6lP/8qkrHK:j6gI4u6lXnxh65Q

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Loads dropped DLL 2 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs

Processes

  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 180
    1⤵
    • Program crash
    PID:2264
  • C:\Users\Admin\AppData\Local\Temp\45f43bc1c78fc9e1fba78f27dba63c64.exe
    "C:\Users\Admin\AppData\Local\Temp\45f43bc1c78fc9e1fba78f27dba63c64.exe"
    1⤵
    • Loads dropped DLL
    PID:2528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\~TM168D.tmp
    Filesize

    85KB

    MD5

    8039226982f64446b6733fffbdf49e5c

    SHA1

    2c6502cd5fd5f9ed9e643ccc014a062202b1c34b

    SHA256

    6afcdb7c086d0a25b711cf0ab5561d23d26a72de75d87ef2d67e728cc79102f7

    SHA512

    5f19dcae260b4daeaffcfba5a963e2ce0ebb34c94d786a50210723603c3ade0d64ab8809782c7b50753d84b27f600d2ddf5a99954c4273e2513520ccc57ea85d

    Download Submit

  • memory/2528-9-0x0000000077170000-0x0000000077172000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2528-13-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2528-14-0x0000000076320000-0x0000000076430000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2528-12-0x0000000076320000-0x0000000076430000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2528-8-0x0000000077170000-0x0000000077171000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-7-0x000000007716F000-0x0000000077171000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2528-3-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2528-2-0x0000000000220000-0x0000000000263000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2528-0-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download