Malware Analysis Report

2025-01-19 07:09

Sample ID 240624-xe5nbazgrk
Target 10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2
SHA256 10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2
Tags
ramnit banker spyware stealer trojan upx worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2

Threat Level: Known bad

The file 10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2 was found to be: Known bad.

Malicious Activity Summary

ramnit banker spyware stealer trojan upx worm

Ramnit

Loads dropped DLL

UPX packed file

Executes dropped EXE

Program crash

Unsigned PE

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-24 18:46

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-24 18:46

Reported

2024-06-24 18:49

Platform

win7-20240611-en

Max time kernel

135s

Max time network

133s

Command Line

"C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2.exe"

Signatures

Ramnit

trojan spyware stealer worm banker ramnit

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{256B5011-325A-11EF-9266-767D26DA5D32} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425416691" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{256B7721-325A-11EF-9266-767D26DA5D32} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2100 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2.exe C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe
PID 2100 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2.exe C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe
PID 2100 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2.exe C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe
PID 2100 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2.exe C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe
PID 1112 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1112 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1112 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1112 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1112 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1112 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1112 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1112 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2600 wrote to memory of 2612 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2600 wrote to memory of 2612 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2600 wrote to memory of 2612 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2600 wrote to memory of 2612 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3004 wrote to memory of 2744 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3004 wrote to memory of 2744 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3004 wrote to memory of 2744 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3004 wrote to memory of 2744 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2.exe

"C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2.exe"

C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe

C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2600 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3004 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.bing.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/2100-1-0x0000000000400000-0x000000000042E000-memory.dmp

\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe

MD5 84b7783804fa7506672a409e9899c6be
SHA1 2da8a6e9c04662564e18cdf98f73e224a5662533
SHA256 b26a93c17ac6a412c6c191aa6a1543537f3185fe813c24153c6dec736fbad4ef
SHA512 8a867296b05f45dd79ab64b11b6cc0cc8fad835b2f5ba9b8469981cc9b3e15c91f98b688cbe7addfab7ea2bd55a1d475fc853c004afb24be1b5691f8183c897c

memory/1112-10-0x0000000000400000-0x0000000000456000-memory.dmp

memory/1112-11-0x00000000001B0000-0x00000000001B1000-memory.dmp

memory/2100-8-0x0000000000400000-0x000000000042E000-memory.dmp

memory/1112-12-0x0000000000400000-0x0000000000456000-memory.dmp

memory/1112-13-0x00000000001F0000-0x00000000001F1000-memory.dmp

memory/1112-14-0x0000000000400000-0x0000000000456000-memory.dmp

memory/1112-15-0x0000000000200000-0x0000000000201000-memory.dmp

memory/1112-16-0x0000000000400000-0x0000000000456000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{256B5011-325A-11EF-9266-767D26DA5D32}.dat

MD5 4aaf0ec1eb980c370a2a84b5f9e8771b
SHA1 9d573459f2894adb032e685b983a75f6545ddbf5
SHA256 b6ef540092517b61cd654ede92d23951138a859be6d5807b16889778a694d730
SHA512 c59fb75bc3a7769a88d14878439d33281ccbeae075b7590a56f5ab20a3c0895605b927d46f612771c225ffe8254357eed7954f3414aa690e72dd62643cede90c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{256B7721-325A-11EF-9266-767D26DA5D32}.dat

MD5 8a2e266800821a7d88cade70a2818448
SHA1 6ce72404da741bc8fcabf9a0012c154fc816013d
SHA256 b5df526c2fd6ef11d83298089bde388667589e954264a693e10e9e29762b6c2c
SHA512 6297a3d6ab1de8213aba2b8358c2cc76754bdb65c228b4fe12515b15462f7d4b81bf81d9f569260b17bb74f5c7dbbfb3be27ef09f4c86dba69052631dd8d1f74

memory/1112-19-0x0000000000400000-0x0000000000456000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab735F.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar746D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c52b33142680a516cfb4b97f8b8732d
SHA1 997bcbf588d0bb9eea06db32f242b217181efa60
SHA256 78bc83be0568d29d8c50a0b553ad76cbb1b4e8d0290ade9de15b6d9e046b7249
SHA512 70eacc360f2eb20b0582b866639b5e7c99cab1aee07c1166fa0238ee7143d135f23b3df5ec3166f6e59ac8ae30bd139367e0b612e4706bde0ff33ddc89fbf1fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1363aeb4e0c7f661bd497f81c984b4f0
SHA1 4d5bc2eaf5f7fe1fdecebcfe6bcc95ccb08ee1b5
SHA256 36067dcabfe494c8e06347482d0b6465f61afceec21b8b2aeba816f702e93a56
SHA512 4ebe65075f716e3665467e02c2327dc6cb236611284417f88e8452b70d5ceb9a1a9d7f704af3046dbed92012b7cd4620a086addf8199214b5d2a52efdf708bab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c72d608b698a767378500fe42e319c1
SHA1 50daf1c1bb68eb83977fbc086192ef72323247ba
SHA256 bd025fcd9ea476eb4d1b36bfcd90f6de93cb6d315957e5c0b876a1b7ac8c858f
SHA512 af18c7854d7b44fde5b9a7b76e5e0e38cb7482a7c7821bef925209a004cf6a6a6d967551d99f707d16257b4840e339483a35cb0d43437b7efc9ac38e0c771184

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a799401f841f3d844183f98d0962edd
SHA1 321910d117e4d8b5a30a22062caee20674faaa4b
SHA256 bf3024c917fd31f2d5feb00874f56973c811be3d14cd33a0161462c86d042937
SHA512 ac57edaef14aebff195704198b9c2af96c19b184741de2cb4e85ffea2c0f8a434b89482b283e08781c4fc2980d2892ddf55000733c4b72dc540dd47fc70508bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d32c154781acda471f5e1a45d0b222c5
SHA1 212caaba903d9b407605ef99b246e5287c63e61a
SHA256 9b43625a21221fd6f559ea82aff7af96f3989a1634b7c71d7ee536592ac69ae8
SHA512 52e7b7992fccdbe01b30091cc6e45f8248ebcbbc6d56bafa6994d87500c37d38e027a65eb91ca6115089c9271255533d8bdbaadca13818754a4fbdc5a4090901

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20bbdf67ef7524dff970da8e23ca76cc
SHA1 1738d0232eae7063bd605155fb9c54ddd2ba740d
SHA256 792d8031a134fb472bcb858220ccc5d1af1a8e3b95f7feabf375852358f61085
SHA512 a8abecfca0925d407490e608e81e17c4c8c36dd07fa5739199b464dcce393ab1c0e1d2f4ce7992c367ee93d2ce80482def4aaa42c3a5dbc784af82f9002335ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4219f5a7cfcb14aabdc56a5d44887791
SHA1 c7e15ac7f429f1ff3989d42b0c5c2e37d815da02
SHA256 4f9926579b0b7f294d93c4878bdca1398984dd77666729f9f23e630855bbc22b
SHA512 c6b73be88631d8fbe67b736396184ed79ec53a27bd22d58ac0f87c1bba4840bd64a2a2fd2432b062430ce1ba2eda00a07882148ad9afb4e6b3fc6ce75604c7ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d21201e4ee77f8b4990b6faaadf58bfe
SHA1 3395665439ae0030c23ec2502500693fe4e172bf
SHA256 7b665495eb07ea2f9ed5c58ab4a86a67711402f78bf1cc58240a9817499e8eeb
SHA512 90dff2f240551c8405d1f0920428e2706d8ced13f3a30f8d6078c9a77c54471d0aa07d71afdf2695b52a7ac739050869b86afb4a99a5f067fddec373fcb59dd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1c96c59edf72dfb249f886da33ec6db
SHA1 a901077f3320f2d75a300f97647bd367f6ecfa63
SHA256 7bdb303a986ef08ad3cb42a474682c456c4601e48d2ebe177a215c6642d03efa
SHA512 961e4d874959d041d656bb63db685d38ee68f817804a5ecd9896223506e844d56e82694d91c36f11ace66b929cd86a9d96ef14cb697d9d04079861b5c24abcff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 137d31ad8c59362cf8617caee182d2cf
SHA1 1041f9cb937bb5513e110776272b64286ebd10af
SHA256 51714b000030fc1b1d66324aa42b9f7270aba5febe0253bc812877d19f223073
SHA512 ec3fc337ac9a9778dbefe3674926ae5a0bd7a0786102efad6a9ba1d2694ed37d84addf0eb5c5a8af2ab08ba8df152ba0a8c36337fbdaae042b00f1aa206ff242

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39a3625c6d8b80e2549f7fa8f75eaec3
SHA1 8f009c7b198fe22521ce98484ee755ef511a16ba
SHA256 0a48bd413aa55df9f151c15db17416072cdc1d4928faf1390c26d9130cfb6068
SHA512 44f535dfd4f465c76782eb3d9f8488cdc1aa543a4b258958bcf238614736cbcd87834d84182712fe050c5c9da64d0b91cc22f833079519e153f21f19f7a36edf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3cef9a9d60225deb75dc5d45f6c3a32
SHA1 33e103572e026a75e1efd3be11bb9c1db548d434
SHA256 31d377c8869a942c3f818017493a15924b99459e524bd1c045850971685f4a03
SHA512 91316f87dd0d36e2213c65f757cf431bee7993da4c526eb15b2be55d7af0721d9353535eb5e129fa90b42ab4124e22da5684e9b8ce2f0c9aa78a88a829a0a4d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3af08531720dc9c76d7ddd95fb554b7c
SHA1 59303286be2360a94ff4209c0e6485d471160398
SHA256 98196bcad04759c12ab3742668e1076134ec849214df9a6a9072246b40072b38
SHA512 42a03098691ca80a524ab592b7895a548aa395c844a56a1e4fd2f0d9dcee3763bd0aaaee69526ec817fa2d4616aa2bfd5ce13d945bd581b733d4208177a8fba1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51f7cfa51fb7a407503923c95f9426de
SHA1 74e43bb03380927a43251f180c62f0e6e00ae8c6
SHA256 31a1acc286e810ba4774d4b12325a5416e72f0c12abd33d86eea1fca9af1ba0e
SHA512 0bc95ffb8025ec0001d6f41fbd03c48fb74207316668ed25bce6ca09cc2eacf5040196dfd9abce60b781e340db4364d7b1ea4edf8916352811882cd9321bc2e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bbf22fd65430486cae2650bf99b4b981
SHA1 2ede00c606e804d5140f6451839ebaf3718d9eb7
SHA256 714ac47c13c3e9f542ceeeecba01cca454ec173712ce66781cac9247d91999b5
SHA512 1641da1d0e4540093cb0be566410944a463ad2a1c2f826b84b805abcbf6dbc4c798d7f935f6991fc235a207246c7b3fd8ca70d8f68ef2a3c76a95bb2f607e0bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7754faabb9db0378c29ce3d1c8c46091
SHA1 dd2233f0aff3f13c75096ecf106e72d0e21b3a2e
SHA256 81b377698e7071e347d77709b730a0c0173c43852a67651453bad2ef8ceb3a2a
SHA512 0025c583d5cee0a0065819f963c55fa76b910cf8ca0c1442dbb4781aa2cfc4fbf04cd2d4be39292b8c51f6ad415494ef1f9552985bce7b9604565589a8f403c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ebf1671c1a304ec0e216a6f61d80b94
SHA1 a69d40e33452954639db32f01594859021f28fef
SHA256 59c3cb1c3ea61d5e5534a66d988f7f9ae25d14563ce761ecf6db8dcab44a8c74
SHA512 b2166f49d2cc8864f15fb518cae9ea69127203c810f725ec1ecdfa963a58c97655b7f60fe7f81e162633efadc5f5691a5a3a01ad01c60314943cec0f7811ae91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d01bdef4d402b4d5bce7b3e8c88fccab
SHA1 834813dae5fef8cba888a20d05b60426928940fa
SHA256 14a3d0d1cdcee1b192e03ad250a3821bc831fe4c1eaafad8ea29e4aa8d43b5e1
SHA512 1251bc57f07e74e67a2a831f807bc73d60fc2bf35ea82d0371dbfc58389408bcb941be7e8cf90c868bf970b112ff189a7b19136a1b7d077468cc201877b5d464

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bcf8e58156d18952cb776ce6b0f48035
SHA1 c95e3e582e9ed47772fdc2946098346d0e7b5b62
SHA256 28f1ec37e9a64be64a90ff41b1c7ac52e7cd33095a2952b5f1914f7016244049
SHA512 24417d3c304e06245549959db81dcc2121cb69f57a642066b7875a6d6708f50621deb18537872d0cec355ee3952670ec1b5bfe4a936e9399243e924cb8cbf485

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e0253fddca9a81d8252e872ce415462
SHA1 8083c425b4438a04ce52fdddd26bc21e9ef5912c
SHA256 99a261f48bba80ec7ab72a27b2b2f70c1af0303b797cef2257b0c8069b39be8f
SHA512 e9d1d88931abea3386471d8b29e6099acf6176e3f4bd8a5f47e8607d29f3e8913fdc70312d10e2e9531f00be7f17e554a9b55aa1c0280026d0efaf184ff9dc56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17080b1135405de62626a1ec5e1446d2
SHA1 e40c67a6f31e452c4819f63e5af75ca354404bac
SHA256 f76c53f1c8306ef9c17a903b18b3db307dcf974dc51810150d8a9e4537d0b762
SHA512 c7f2bb332fba6259573b891ed780e2cb2e7b6cb9210beecdad4c95ae7daba7b5f0e8f3a55fc0c7ac7f884b49f5154e3d66a39fca63157a93546de7c03b038998

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 258f4e02926077efe2b65cef1cc3c3ba
SHA1 ff403a972cc8d233ebd8df849cf89f1a25883dc7
SHA256 13ddd71e1044e2cc7bc6968cd166cf49a1f2a64cece0ccc412dbbb72983b5c15
SHA512 257bdaaf64cf025dba849f24aebae9e63611af832b7a19dfc033b6d3775ab30f9c3f1860284bd53de3cc0556a6c77a8e99d59d635905f1c3846877ade0ac7f9e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-24 18:46

Reported

2024-06-24 18:49

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2.exe

"C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2.exe"

C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe

C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 1072 -ip 1072

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 264

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/1568-0-0x0000000000400000-0x000000000042E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe

MD5 84b7783804fa7506672a409e9899c6be
SHA1 2da8a6e9c04662564e18cdf98f73e224a5662533
SHA256 b26a93c17ac6a412c6c191aa6a1543537f3185fe813c24153c6dec736fbad4ef
SHA512 8a867296b05f45dd79ab64b11b6cc0cc8fad835b2f5ba9b8469981cc9b3e15c91f98b688cbe7addfab7ea2bd55a1d475fc853c004afb24be1b5691f8183c897c

memory/1568-4-0x0000000000400000-0x000000000042E000-memory.dmp

memory/1072-6-0x0000000000400000-0x0000000000456000-memory.dmp

memory/1072-7-0x00000000004E0000-0x00000000004E1000-memory.dmp

memory/1072-8-0x0000000000400000-0x0000000000456000-memory.dmp