Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
19-04-2024 21:47
Static task
static1
Behavioral task
behavioral1
Sample
cleanrams/CleanRam.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
cleanrams/CleanRam.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
cleanrams/SkinPPWTL.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
cleanrams/SkinPPWTL.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
cleanrams/cleanpro.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral6
Sample
cleanrams/cleanpro.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
General
-
Target
cleanrams/CleanRam.exe
-
Size
824KB
-
MD5
9a4ee0a28b496cc1b9da6296dad4d26c
-
SHA1
2ff4ba39a4e9046c11c7a92068ddaf64dbb0b4ee
-
SHA256
3ebe944f0047166b30b027d8d302478febbfe22228297892395c9446a9d47df1
-
SHA512
98c0af8594d9b37015da707f8a1b9e1f40ab065ae259edb8b7a429948c89ad959dc3f6935c25355f2995166a42492cfcfec2e1777e4c4d74a04d65a44ee50066
-
SSDEEP
24576:PPiHLq0mVa0lcOO1phhhhhShhhhh2hhhhhVLlTbJNculntYTt51MbKiERMg:AiVh4plTbjcuc51Mk
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe 2868 CleanRam.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5e4e8209e99ef421dc8549ed7fa9d909a
SHA11bf715720581b395644cf0a9e210fb9f89586a81
SHA256c188056922248f0178bf6035de313dcf642a1cb825750d7e7925ec8352abda77
SHA51253beb5b7528920c326e390aeb7b507f7e9d530bc6e7cdb83db1fb0e961ff465a99fb55cd1c2ae97fb28126357ccef1a47fd70aec064f0e23eae6168d3fb83ca5