Overview

overview

10

Static

static

3

Client.dll

windows7-x64

3

Client.dll

windows10-2004-x64

3

Launcher.exe

windows7-x64

1

Launcher.exe

windows10-2004-x64

1

MHPClient.dll

windows7-x64

8

MHPClient.dll

windows10-2004-x64

3

MHPVerify.dll

windows7-x64

1

MHPVerify.dll

windows10-2004-x64

1

Main.dll

windows7-x64

3

Main.dll

windows10-2004-x64

3

game.exe

windows7-x64

1

game.exe

windows10-2004-x64

1

main.exe

windows7-x64

10

main.exe

windows10-2004-x64

10

msvcp100.dll

windows7-x64

3

msvcp100.dll

windows10-2004-x64

3

msvcr100.dll

windows7-x64

3

msvcr100.dll

windows10-2004-x64

3

msvcr110.dll

windows7-x64

3

msvcr110.dll

windows10-2004-x64

3

msvcr120.dll

windows7-x64

1

msvcr120.dll

windows10-2004-x64

1

ogg.dll

windows7-x64

10

ogg.dll

windows10-2004-x64

10

trz5772.dll

windows7-x64

3

trz5772.dll

windows10-2004-x64

3

trzD978.exe

windows7-x64

10

trzD978.exe

windows10-2004-x64

10

vorbisfile.dll

windows7-x64

10

vorbisfile.dll

windows10-2004-x64

10

wzAudio.dll

windows7-x64

10

wzAudio.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    133s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2024 16:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    main.exe

  • Size

    4.4MB

  • MD5

    27e243244a463df81e04d4da2a6ef587

  • SHA1

    12534044da0cd25b560bac98947948dbcc487e0a

  • SHA256

    b68d6db558167d66ed3a18b939a1a1ea8d1a0fe421e756f0269cf3950fb3485a

  • SHA512

    973ae8da9ff652baa6617f5cdf7bee67f3f5bb01093e0422e30670acdeb11655527d687822840ffb763cf691069b20f1166d5039a8a22d449b21b3822a7456b6

  • SSDEEP

    98304:JrSxPnI2HnaMixxuAeL4ZrDjDDUKtgEsrDXwYG4ENS2iK4O8SecE5ljRdPZq:JrSxPnI0naMixxuAeL4ZrDjDDd7WXw+h

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\main.exe
    "C:\Users\Admin\AppData\Local\Temp\main.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Users\Admin\AppData\Local\Temp\mainSrv.exe
      C:\Users\Admin\AppData\Local\Temp\mainSrv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:2236
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2852
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2628
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f9d3c2f1b63012b01f562a8843286f90

    SHA1

    c9d0025877575e47cb2e193ca1700d90bf850bff

    SHA256

    3608376556bfb98f873d7cf27b50171f1a3b6df4df6b4c3c0c17505f8b65b747

    SHA512

    a08bb54ceeca8258af16112313e6b909b2f381dba4c2333b2726aab85b470a72eec38b4d533714f35eaa0ab26918e7eef877759033268b4a1122b0ee8a38f3f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    936b10c2db1cbd44407079f3c6fa9744

    SHA1

    7e4e725ce6a532a1f91f42c946286ecbf9a5d358

    SHA256

    2252528c0c1c5468cb2c9b0c87ee259a92997a22d832b84677fd575109f56165

    SHA512

    1785ae8e5ae5d585938407f02cdc45a41c5365673359380de11e048dcb82857829dfecac025716b74e19a63a5a8bc47fbb1dd67b58c63c355da2e79a185642f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4d8be2422b8a8d62e5c52683447865fa

    SHA1

    858b21b7857d254fca5a6cc101acadeb07b89e7c

    SHA256

    dd1b4f31a369ba8d5667d8270231873d82cb5b8b6b59d04d4412c538b239405d

    SHA512

    fe58b8c7cdff8d239dce74b2f1e95c0a418d95cfad1c9d15218831ba2ccd0ef0fa38b5df2000ccde0a19886375f3a36c6b4b7f461bb36f2f5aa292140d8b90a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f501d5ccf8c7b7d8245d218fd2bb3f7c

    SHA1

    ec893e210aefc7df805d48977ae91e81c1348bd5

    SHA256

    8349249d46ba3d3ecf58afb101233bfb2da07fa3f2c1e103afb12ae57445e4f1

    SHA512

    b9b38c6ccd0c35fe53eec23a067a5c9ce1fe2d5fd67fa3bbbd4603487c90aad629199a99842f01344ee204aeb7c4a2909cfa64ff5b72cb75e99192bf58b949b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bf2773efdd5d039be4647fd0f5fc9da6

    SHA1

    c88471d12056262a99875eabf278d25284185826

    SHA256

    088bd114a4c0baa45fdd60b333210807291ecd1ae8b335e7093a3f45543930ea

    SHA512

    4ecf5fcd6fdb8f279cc526d6e56c91c8524970dfec85c02069c49647b06dfd801386519ad3c53a61187357698dc3efcc4dfe7354e131825c07dddea45882e88c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    38b9d73f88f52f4cb28e4f995b896160

    SHA1

    cce95caa8af695d1ebcf9c3758f6c394a86e3ad1

    SHA256

    8b5f27715d7970d38583b4028b650b21d3ac85be79fb2b1d97f5df3c34b7864c

    SHA512

    18a2252af4604e1cd8f5ed1aaee38d5f1e32c0ab61f37c4301649666ded7a1d7bcf3cac25e81ab1301d0875a2fbb1968471e90df5b01c03e2ff079cc15b225cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e64960cbafae903f9f977a9c2718acbb

    SHA1

    c1f8a3a8bc1997b7d628d8bf08d348dcca3ce301

    SHA256

    8bc41a1428ff229fa2a3dfb288f76176758bffb5d7caa18e63777d9d6e44d58d

    SHA512

    ec2d185eb47406d24de49fa3c348a597821c31767d09fb99738c898d5bb63fa51a37df51f8eaba1b299204216da4d5dac46d3339251a26a1b7039aa89c1ed80e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4c1a4e0c5e38d66bb6e3e9409102c4cf

    SHA1

    b3d210004602f02f4f8c710863e44665c8f5a87f

    SHA256

    75ab508fe7a762a5c941d33d85f8a4b1ff00c462730a10f461add256d08f3939

    SHA512

    4f86ac83792b0f38244d1307ea03add10df5c8ca236433d65febc3410863c40277f1c00f8e6fbd5dc05a690ab72f36fc6170c32fd0863b276a92a56bb2865748

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c3b0ff2ee407f1bfc5875f940835c629

    SHA1

    b0a4d65283048dfdd9e93d50e8fb968cf80b0b08

    SHA256

    6e3953698a3e9ddd0aaba74b6311084c7f97491fa48b0264d975d91bbc5a1332

    SHA512

    67122c734bb56629602f10bfc57edde1bcba335231d6a1e1605c5954411fec503b85e9a0aa3d6d430191962d80bcb968fcac6ea6135b2143bf6e712c2168eaab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bdb5edd60405f17a9261529a77454225

    SHA1

    92779f68f90593989809ee69cd506bc58a2f7bdd

    SHA256

    88cc39e870d49217834bfdf6c11590be2eb72b832353da5bd85e3b831bf75416

    SHA512

    44e634b5f01f002456e66de4dfc3f8a911d56e7301576ee64b5374999d939b0a1cefc8500a73f6d78a5d377360dfff9e1cba92b6fa4999ae96837fe330cc7832

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1e32c532bdb6ba6e817a48ea2e0ebc71

    SHA1

    b31675e115a52ea43cd45cfbeb870a343a3d7e3d

    SHA256

    0d1c351351662411bbb90917c6366bea2c9eb2834d6d4581c0ee3f43b4477cf1

    SHA512

    9d1a09cab4fbca81f98fc4eb07850f7ac878b96bc304f34a11563f9b8622460ec251961e9207b51e4a4b3ba495bf9a415a58d1789e81b61a4f2c1e7e0bae0e4e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5e5b9ae18c2596e03daa02b1d4481b7a

    SHA1

    0e16de1057c5a8e334d238a3dfa52cfcd7f9751b

    SHA256

    b8d5d8c9378ee2cd4f0a7d5a22157155ace957361ce42472e97e919fe44be3d4

    SHA512

    574e4228e63901d6434fdbccbaf16b4c52627b87db184d37c6f0086dc58b355a19a5a771af3a5c9c73d6ae587b5a7cbf3bf263c4f06774b2969314009c35972c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    921fa3eb5fa85b879d188cbaa210071b

    SHA1

    e1c7fde543b2de6c76b16918799c42cf714e043c

    SHA256

    5fdc8864534848d69c635a47adfdce7e4aad7ee9b3a2b09527104b62a484d3ac

    SHA512

    6ce261b0454751d9689f2f1e32898f85c4df80bbf016b20202f8f1f0d2a5b460b3302111510e2eac0f803b5f92fd5d21b17ddaae92bc2bc50505fd910d94db10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    40ab93b227ff7cd1fea939b4c954db61

    SHA1

    53782433ef759c6348d19db5dedfc08b5d57bc6d

    SHA256

    eb83c02cb7b01fb70002d4f2a9b2765899ae9737e322e8a9c1e7b0f1b88be683

    SHA512

    0be169870c60e8c2a087fb9b2c8240f2b9cb155e42fdaa2265df4c6b3fbecc7fa59629f08175a408337240bbc3203267a10fd7778e1392e70f8d6aababaf25a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    40a8d427dc82130e632a90b6803c2e38

    SHA1

    a053302658c6c647f7e16b76af32d7d0e930bb62

    SHA256

    f5fa55e9e52755e1f7808ad68dfe17b15dfdd548a203484c387a9c908e5c1842

    SHA512

    598a76e2e825cf1c4380f4153511b0fbcc6c8d545f70af476d927c2fde6e2a6d4ccc8e7cace08a620cabd2c451ce913e12f8646c37a31eaaf7c02f87be957c1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ee0c9e30dc3c04defe1736492e6e3b07

    SHA1

    dd4fa67de43a829ba7b0512442e37436cc93f375

    SHA256

    853b51e6487b8b0245db27d264891ba70370a0c94273ef2361ddc0cf18b2d3ca

    SHA512

    691c081505a35904ca052b09fc00bf32e9a38e17da2400ff735bb4779ed45d1ecc2650414375b6a5d6175390d6eae13a1e681bffb1a1b5154dbdde5c5bf05ea1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab42AE.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar431E.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mainSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2040-1-0x0000000000020000-0x000000000003D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2040-0-0x00000000082F0000-0x00000000083E8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/2040-17-0x0000000037600000-0x0000000037610000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2236-13-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2852-15-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2852-16-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download