Overview

overview

10

Static

static

3

6c4d1e3264...d1.exe

windows7-x64

10

6c4d1e3264...d1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    25-04-2024 04:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6c4d1e32647f1d4d0278ceb4ab0c9a3096e1266bd709bd97bcbb3ae836e3bdd1.exe

  • Size

    780KB

  • MD5

    35e232756bc4d30fd77cab54e27ab8c2

  • SHA1

    55d49ace6a2e6bcb41d68b8030e26fa9673e54d5

  • SHA256

    6c4d1e32647f1d4d0278ceb4ab0c9a3096e1266bd709bd97bcbb3ae836e3bdd1

  • SHA512

    965b51aa1dcaac9aa75ced89419a79d47495d285d5561df4d6605e81cbe410086beff91aee94116428e4eb4f42fad2608c101987e2a3f8e426efdbbb348f8c88

  • SSDEEP

    12288:MOqhqlAEH2QBblNWl5VaFgt6O+q90kdX7ThOH:1qwlAEWQJ3I52g6lq9DdX71OH

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6c4d1e32647f1d4d0278ceb4ab0c9a3096e1266bd709bd97bcbb3ae836e3bdd1.exe
    "C:\Users\Admin\AppData\Local\Temp\6c4d1e32647f1d4d0278ceb4ab0c9a3096e1266bd709bd97bcbb3ae836e3bdd1.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2860
    • C:\Users\Admin\AppData\Local\Temp\6c4d1e32647f1d4d0278ceb4ab0c9a3096e1266bd709bd97bcbb3ae836e3bdd1mgr.exe
      C:\Users\Admin\AppData\Local\Temp\6c4d1e32647f1d4d0278ceb4ab0c9a3096e1266bd709bd97bcbb3ae836e3bdd1mgr.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1840
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3060
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3060 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2388
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1620
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1620 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2564
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://121.204.253.47:88/xx/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2660
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3987bc3844d19b2a9bb55ecf9631b80e

    SHA1

    f702cf6ac92c2ed505089d25edbb1fffc0f2cd64

    SHA256

    c3f40090435fd8c0f9c0871a517d6aa2ecb3cfd6f453021d49d604c7ca216694

    SHA512

    a238ed4c503a31b9c71577c3e2fde47ee2e861e36fbf43c47c9c3c973c4c33a9456142143dc931a41a9038339a8c514bdbc5b151886eda3d3b9fca417d5eac12

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a1080d53cb712b28e8642d6bbbca2a5b

    SHA1

    00cedf1237794b7ac0e5683a0ad3430c847fac15

    SHA256

    12a83a30c941c89cb0c96caea44e680c7fde0b2d50cc4a9bb5dabf82aed4dcc8

    SHA512

    cbd7dd86c98d1d29fa06e5a1bb5e00cd87c159321ef0b00e8da9141f878f3dabffe0561165c7e5c114361d35304b9627b4d92b131ffa10b24a27cae364513bfe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dafed6e9f7e8c937d9ccf982bc8ae8dc

    SHA1

    fea3e23c61baaca1b6d0e36a263a9327141999ab

    SHA256

    ffd0b065c720fa57336a033dfdf034a733b8e1e57c518b8d19f34ab5dbeb49f3

    SHA512

    280df8453c344ae5ff821b320291d0f5bf2b1e3539a740c2acb19022152ff845465ab6505f9c57072cbdffe35ba5a78f7e911e1ced863ab8769b53e91e8ea47f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    238a7bf7e19218615a22578d0e99b7dc

    SHA1

    2a6d5522dc924e78dea658a5e1c0db93e4388b1f

    SHA256

    aa627be019d8ca4cae8aced77485940de23c93e0e5b5df2eb6da0b76dd8fea6d

    SHA512

    2e6cad75797e4d99fcf0678771d89d89d86e1ab9e9f9a6553debcfdffb178ba3774ee507dd7155d474ea2da428934e3e886b8e0946f1f2e464c1a01e333b6400

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C259DDC1-02BB-11EF-9FEE-EA42E82B8F01}.dat
    Filesize

    4KB

    MD5

    400cd42332c05956b32198bccc35cd17

    SHA1

    1058f82d4fd35e96cae02b94a09ed2608c5af158

    SHA256

    179c915c97d341a3b8d0341484f4d57cee9447c2cad9789eee8b7ed704d39a0d

    SHA512

    2d75c73a0a5e90df2760ed17d08415e80eb816d8adaf4c93054b6ce78ea5436063a0a735919f8c2de5e758c7d62395ff2b45f40e64be3f951fae699b79b5c831

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C25C3F21-02BB-11EF-9FEE-EA42E82B8F01}.dat
    Filesize

    5KB

    MD5

    3e8647438ecc8c571efb3c925709caf4

    SHA1

    1eb8454ebdd1c499bbebbc031268e2790d159658

    SHA256

    de412120925ef86e36cd59cccf5e35509673c4252793850e6c9402ccbed7c945

    SHA512

    1aab9e089149e7ececedb9f31e4a85b5444512241681c653fc3950bb18db071d1edf9673694add4b7ff74234172c6079e5829fd400e18ed71d0999ae2b189de3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C2682601-02BB-11EF-9FEE-EA42E82B8F01}.dat
    Filesize

    5KB

    MD5

    254c0950821b47276abb332507875422

    SHA1

    ca657934966b68e747adf52cd603a6e2425cd801

    SHA256

    399dd6ef9764167540d8d3929d76aa10a34f353227bf595c70aed7a6ea1c2908

    SHA512

    6065dceb565d5fe17e4dd7d9a2219fbfd8119f73b5be889efddfc785a950a54e39fe05246c6a77665d7698d1c17ae3826be6ef5aa72e46b86820e803eb961103

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\6c4d1e32647f1d4d0278ceb4ab0c9a3096e1266bd709bd97bcbb3ae836e3bdd1mgr.exe
    Filesize

    105KB

    MD5

    dfb5daabb95dcfad1a5faf9ab1437076

    SHA1

    4a199569a9b52911bee7fb19ab80570cc5ff9ed1

    SHA256

    54282ec29d4993ed6e9972122cfbb70bba4898a21d527bd9e72a166d7ec2fdc0

    SHA512

    5d31c34403ab5f8db4a6d84f2b5579d4ea18673914b626d78e458a648ac20ddd8e342818e807331036d7bb064f596a02b9737acac42fbead29260343a30717e8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2C70.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2D90.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/1840-13-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1840-21-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1840-16-0x000000007704F000-0x0000000077050000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1840-10-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1840-12-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1840-14-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1840-11-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2860-17-0x0000000000400000-0x00000000004DC000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2860-15-0x0000000000290000-0x00000000002EB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2860-0-0x0000000000400000-0x00000000004DC000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2860-4-0x0000000000290000-0x00000000002EB000-memory.dmp

    Filesize

    364KB

    Download