Overview

overview

10

Static

static

7

633067d8ca...cs.exe

windows7-x64

10

633067d8ca...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 00:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    633067d8ca13e7bf73946596e2392680_NeikiAnalytics.exe

  • Size

    127KB

  • MD5

    633067d8ca13e7bf73946596e2392680

  • SHA1

    0753fdc23fb4fd60ad69827c23639b45f9635f12

  • SHA256

    9de098e4fef2698dfce1d1bf469439fc0201ab1d1da54eb61c383f75792a5194

  • SHA512

    2e2cdb674a0351839d6eb2e1620add1274b4df1ff060188aa00936f6340b3d4103ffd82cc0acb8ceb8397be344a2c1112a0ccdc13dca6bedd83904b91b07921f

  • SSDEEP

    1536:bOC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfBi:bwV4OgSzBmh04eZFkz3Rr0gwGj9Tf8

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 56 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\633067d8ca13e7bf73946596e2392680_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\633067d8ca13e7bf73946596e2392680_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2768
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2768 CREDAT:275458 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2996
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2948
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2948 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2500

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    cc1e15a1fc83211c52f6db63a3cbc2d4

    SHA1

    1cb4e2a93d8d3d3d80528961a3c02cb8cff662b1

    SHA256

    b444abe1b09b2881c6878f8f52fe5b582b919ac4368e94498e61520e924833f5

    SHA512

    16bba785765ca93f39ceb3da44d1df9e5f56972fa3f72d5504aef6537303be86a82340aecd4d464e48b3b60713b364bd745f2b55ccb8d4a294eba4a338fb470d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f731f344d1a269cbd165bb73fc5c71c1

    SHA1

    5c905fb51a51d18bb6cf991760024860a94963e9

    SHA256

    bafc5e399bd530394c44525e483853c0a4b67c0ce37f617e2a89254690b20498

    SHA512

    ece7b5ef56b7bb2d3173cd5839ff3f65f7434c7fd60f2487db07c9c63b19fa88f907bc120e78ab62896001ba6e744f28653d821db1ae2859608386ee8bff073b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ddf55194e86b83fafb219738b3a3a79f

    SHA1

    656d47731712ac67292086184b6cf7d9d67f3ff2

    SHA256

    3c6521034c53c152933510084f98e7a2cd3f03c8f15013d926d62a4943fc5b12

    SHA512

    9fd9afacf4e5beef75a4a199b5ad3e5fca70169b39114a4a78d49d2dd8c5cf2e336b162299a253e49ae86d7b5f81be0f6c54398efbf1badf4b8d60613eccdb1f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b41587f5fc6939aa7eb0fd69127a8f83

    SHA1

    c9ad55ab83ca33c42b3cbf977abd12a829515869

    SHA256

    f05220a3415c100a58937575eef5bcd6d2b476eea2e5e9485f1031dce1660b3b

    SHA512

    2e0ac6fa6c313697653a71df7ae1f7311d26b873765460f3506401339a9268b80d4f0a1b2abcadf123268d79281e0d3d4b6c1eebd4a773c23a8494d623352f8e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f5b681a3e1f1b9a7b7f680c22175a722

    SHA1

    4e3cac88c1da46669aa4c3e5bd6f9f6070616785

    SHA256

    098700b5b97d9e6640fd02c60a2adb5681971bfa3e2a33a45af0bb7e5c4a0275

    SHA512

    c26b0b49ee5d1052e183777691060a97f80354c4c2fcd82ff7a877e6e926206bae3d925e6b9c624b6a68b29bbd0052db150edc4b7b2c9c146b6e154f2e5cbdee

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    990f7318963a048bdc3738a5045f834e

    SHA1

    d62f45a8ed958ddf87b39255883865b99d2e518e

    SHA256

    891440dc1d26039c2a3faf0fb1b649b5fcafc78e7e3905f6ad67806d7dca54fc

    SHA512

    42c4acd570e28c8a672956c09c63ed38084c3cb88ef978aa723db8573f0388e1d038f1b2e4f5b92006059dc7eae082a67a94ff2a9555e1fbadbf682e2cd283d6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1b746d678c3897f4f822ae2c9a8783c7

    SHA1

    e1d0ccd3dbca2cb40e34048aa0e2166fe0f6ceb8

    SHA256

    0628227444fca9ff60ba5ed61cf64c62afb8a75aeba93c8d84b9dfc42e3e6174

    SHA512

    a079c0e3a09afdc3ba2eb72a7ad285b471228ddf7231e509756b2e268ec7090ae18048375dc2ebabf880ad13b7f1615a106310c48efe4df4805027dae2110885

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c66324a1a0d3b4f52e0e7874d64857fa

    SHA1

    27a7cd362cbb34731fb56f8bec57abdec42b62d4

    SHA256

    a7ef614872d5955f3484d8354e576e33ad9df875df857bd8bf70f5845fdc2e83

    SHA512

    96c9e191a1153f08eca938f1271b0fc59ea0f7e21ac7d73f73a7849584a9b55c43bfeb14b1c4bf8120f047912563fc07ea5575fd3e589ddf2a8386dd4cb2d220

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b7e56ac4d8f8bfcd86bb037487483b25

    SHA1

    0566779df828c1fbefb757418f656ef71fee5051

    SHA256

    74dfe658a11ac98671207efff23e8a3dc8a9986f949ee48b94908025718b791a

    SHA512

    37a291e357ed2a1f42edb8070758557c8e569e108e67257a4df3684c1bc30b79554cd080770b04e234b902cb2ca8d5bbd0f2948aba602dee91b308d404f6eeeb

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d91d06c0bb38986392a6641340fd51b7

    SHA1

    ba146cc11d1e2d84eac3f5f2a53e50ab2a428048

    SHA256

    a4dd36dc4f9f0bf0c30cc15f74a189502d59301a0f342c47bc7c977b9181a293

    SHA512

    907f253bc2bcace8d54017f63f69d1355f1f22cfa97fe2a8147df3bf4a91a4080bd72a1d89773dc274d5ca1b27ed0a3d69bb04407956b80b01c3eb1080b02df5

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    caef112015efe67a25cec4c7bf852e38

    SHA1

    a55ffb1e396335461c3a76bd59342533bcc34efd

    SHA256

    6782038cf869eaecf1ac83e22bb2f103b00639bf0e0c75f365db67cf7c6836d4

    SHA512

    e12fb2c47d9afbc5cb2eb8ec51be6abceb9ee64380b6e4cc4767eee47a007c063444b8664237a875c0739b9176bea94cbc41ef151a13238caa0ca8ba09da5d16

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    44037f18e1496a3384481d836b9d5c86

    SHA1

    056bf2535fabf08742d8d38bb209f2990527086c

    SHA256

    ad7910359b4cea080e7c4baf1f433911f8f856a4167a84c69744670fd0a8ff53

    SHA512

    4fbc743ac64c8a196abce2424e5c2c8106b5ccfca51b042253114f2e6e3e6defea9972580f7f6df7f3b8c404b582c08fffd660210a3bd0371d63d6beebdc3563

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    42d08ad95bf4725dfe346b74cca9a3d9

    SHA1

    e51dca79057dd16a1e86d6cdbfd68ded19e88e80

    SHA256

    c04d2444bbc1fc90b75ef4a802f7e0f60680677aa64b0c18210f6ef73572c3bb

    SHA512

    eb3e9564844d4b081edf050dc72956f853fa9000d045d69dc46f6615c296061ab73307d296978f47de512f2a47d012bd89860d0b8adc50455642fd593b7a63e7

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    507491b63472183226baf7b9a034d1e5

    SHA1

    1dc50c31207800f9c5ba4f7cedb379997252b806

    SHA256

    13fab4818289a1b434c6daed3d6599f87807e6214f3f10f23a547cec1cfb1646

    SHA512

    0d38b20ed8929dccde711a1177db02de02cc65a9656a7827835dd026613fa5014282d4ac36968fccc7f32cb9a3dfaaf3dc3ac3f315e97fa62434a77e617cb0a9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    abb67b88584a16092d7886ab7bea1785

    SHA1

    0d34b87f6a0ce42f0bcbe6f14652ce863e185ea8

    SHA256

    df3644adf4e5c792d026e865b055a0e897dcc6d3e5bcfbcf06fb84295a794b8f

    SHA512

    e11e172926038381a267f1df38b74901cde96113bc1ada80e82afaeb095633cdaa0617a6f93be3f3a4c6ae1083435fc821e95469a86c663547900cdf39315f5c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0f609cd34085dad85721cce8b1ee9d9c

    SHA1

    dc30ff8b63980d32766eb5531b0d639e26654175

    SHA256

    23832002f4d659b9ad5e6e473834289c4b52447a42c6e514ee8216e9a6d33201

    SHA512

    0eac25e982c7daed913325b9a9181a9f3e5f1bd048b9e3e4d4cc438637ee795620abb7ab58040dd3ede7c784259bc7158cc22723f2a96fc94c4126ac82eb560e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    4ae031807ae17c3d6d80d0207309c59e

    SHA1

    b51e8dc62c31cc186d0c8cb10f605ebabc638e08

    SHA256

    e89a79a2f5dbcdf92a658e2701cebe2ca84ed21a1f738289109925c41bdb1643

    SHA512

    72acbdd175dc613d6d87454fc5102a8925a473ec0a7ea90c7f5d67995b71835781d85121afb7f65c44bb16d4988767de0749b52c28143f7316af6f8918f0a2d1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{46D15741-189C-11EF-8857-46361BFF2467}.dat
    Filesize

    5KB

    MD5

    c525231aec93225cc650e8793c7436c8

    SHA1

    d41b4899425e650e4f7d02dac9e2e7bf1dcb26dd

    SHA256

    0ddf55b9246d0176b5ad0dfec5c84c4a963b5f4634dd907c6033b406e21c6f6e

    SHA512

    e4c2337cc0cb60214ef869ce3db69fafdd0ab41984e4f02d2d498feffa10f4e666e245dd37dd0a4c98efee9119b5b43ecde37c36b8ca75130296c5b6880adf49

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar2938.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit
  • memory/2896-0-0x0000000000400000-0x0000000000468000-memory.dmp
    Filesize

    416KB

    Download
  • memory/2896-1-0x0000000000220000-0x0000000000221000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2896-2-0x0000000000400000-0x0000000000468000-memory.dmp
    Filesize

    416KB

    Download
  • memory/2896-4-0x0000000000400000-0x0000000000468000-memory.dmp
    Filesize

    416KB

    Download
  • memory/2896-5-0x00000000002B0000-0x00000000002B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2896-3-0x00000000002A0000-0x00000000002A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2896-6-0x0000000000400000-0x0000000000468000-memory.dmp
    Filesize

    416KB

    Download
  • memory/2896-9-0x0000000000400000-0x0000000000468000-memory.dmp
    Filesize

    416KB

    Download