Overview

overview

10

Static

static

3

b446e37b52...0e.exe

windows7-x64

10

b446e37b52...0e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 02:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b446e37b527a4fffd8d9eec94a221f0e.exe

  • Size

    2.5MB

  • MD5

    b446e37b527a4fffd8d9eec94a221f0e

  • SHA1

    e82ba07d879af9072eb034cfe204b12d4f6e5de6

  • SHA256

    971b7d00e89d22171896189f44d898401620ebf46e343c2102b306a5e3cd4d85

  • SHA512

    8e35e5bd80a68f27f3b527083de6342f8abf6fc608e0bb7ffedca8400c5f7306bce5e3457053f9918f4ef87984586725f75386f99ed09662a02e99496f1707fe

  • SSDEEP

    49152:0r52aGByXObdJaHN67eZOWnsUC5MKsz9/MQ+3I3QwK:e5x+bdJaHxZOWnsE9/oz

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b446e37b527a4fffd8d9eec94a221f0e.exe
    "C:\Users\Admin\AppData\Local\Temp\b446e37b527a4fffd8d9eec94a221f0e.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4124
    • C:\Users\Admin\AppData\Local\Temp\b446e37b527a4fffd8d9eec94a221f0emgr.exe
      C:\Users\Admin\AppData\Local\Temp\b446e37b527a4fffd8d9eec94a221f0emgr.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3468
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 484
        3⤵
        • Program crash
        PID:1440
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3468 -ip 3468
    1⤵
      PID:4820

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\b446e37b527a4fffd8d9eec94a221f0emgr.exe
            Filesize

            157KB

            MD5

            2ad7467eeceedd64b8bd4f6e04c3cd49

            SHA1

            d6c5d9878dc49ae9b531d61283609e207154a921

            SHA256

            2aab17b2f18dfb70cd737b27b1a438ad8878889070a6e025b3684483054f60c9

            SHA512

            7a647d4a8de90d11cd5afb82ace8354869af0893f28afcf9491d1d4de421315d9a394a5d3462d88c0eff6c5a7a4ed41897d8d0498b59b4b7428ddbb61786be2a

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\~TM3364.tmp
            Filesize

            1.6MB

            MD5

            4f3387277ccbd6d1f21ac5c07fe4ca68

            SHA1

            e16506f662dc92023bf82def1d621497c8ab5890

            SHA256

            767a3fc4a7a6818cdc3f0b99aaa95db694f6bcde719d2057a88b3d4df3d74fac

            SHA512

            9da199ac69e3c0d4e0c6307e0ab8178f12cc25cb2f14c3511f6b64e6e60a925c860f3263cb38353a97b55a71ef4d27f8cb7fa3cfc08e7c1a349fd8d209dfa219

            Download Submit

          • memory/3468-6-0x0000000000400000-0x0000000000432000-memory.dmp

            Filesize

            200KB

            Download

          • memory/3468-7-0x0000000000400000-0x0000000000432000-memory.dmp

            Filesize

            200KB

            Download

          • memory/3468-5-0x0000000000400000-0x0000000000432000-memory.dmp

            Filesize

            200KB

            Download

          • memory/4124-2-0x0000000000400000-0x0000000000683000-memory.dmp

            Filesize

            2.5MB

            Download