Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    26-06-2024 04:34

General

  • Target

    eef68e025ef63426f5438cccc9ea7ad2c8f64a4916b3756b533eb0e5852ebaa7.exe

  • Size

    126KB

  • MD5

    0fa6bdafab779e2a36ef87db5219229b

  • SHA1

    e8d481bbfee3a1c6a45d3f672f996cfd59c042b5

  • SHA256

    eef68e025ef63426f5438cccc9ea7ad2c8f64a4916b3756b533eb0e5852ebaa7

  • SHA512

    4d1be03ea7f8bd1c60282597f7a2cbe592fbf6390f497808eae1dff82b5b5800a77991fa9d7e038862a3a852b95ad5d97e3359eca054b2984d0c165e63a5a970

  • SSDEEP

    3072:tLLVpImRqLOUph/3FhIvLwV9jqPEEhHdKk:FLVpOjvg8VxqcETJ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • UPX dump on OEP (original entry point) 4 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eef68e025ef63426f5438cccc9ea7ad2c8f64a4916b3756b533eb0e5852ebaa7.exe
    "C:\Users\Admin\AppData\Local\Temp\eef68e025ef63426f5438cccc9ea7ad2c8f64a4916b3756b533eb0e5852ebaa7.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2416
    • C:\Users\Admin\AppData\Local\Temp\eef68e025ef63426f5438cccc9ea7ad2c8f64a4916b3756b533eb0e5852ebaa7Srv.exe
      C:\Users\Admin\AppData\Local\Temp\eef68e025ef63426f5438cccc9ea7ad2c8f64a4916b3756b533eb0e5852ebaa7Srv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:2060
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2292
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2616
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f4eb7a7a1bceacb61127eb64a24f8115

    SHA1

    64700e0e05b690ef1866f1b3fe4c2cb0aab43967

    SHA256

    ed5e994f50faa9eab64f054efbb0191c595d7ed15d4b62c48f614947cc7c881f

    SHA512

    5d1dbb9dd52d2c8996ec53f46bfb3321b4c9bec4152cc64990e10b07d1d388dbd91d220a5230aa8892db43980053626fd4324fa98fc41d297b0a19bfe4c50c78

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    35ac986d7cc57a0a5e87ba37b07d6100

    SHA1

    517c213e4692c1d3822bb1e744466e78ffaafad6

    SHA256

    9544d0be50e9dcb0dac12973db11ce24213ee620720b9f5b6298b5783b3698f5

    SHA512

    3cb1d48b46227723a4f52d377470fb209f2aa9a947b84e34f9315484778251faaae22828a2684a0859002fd0e65fb4fddf879912d9a4f57a03b8eefad5daecd8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8fe20d3d69603aa4ed82ac249943a9ba

    SHA1

    f63c89e913dec615568c7a38393dffa2800a234f

    SHA256

    e6e4245ff32087a782036913b51ae58892d38b5d2d909f1b0f621d90d9c1c75a

    SHA512

    679f458970f2936378543f509ea574f0f6bc101b9470ae96f42dfdc3f96ff901d06ec6d6f8c22dfc7a0c727883aed558d33014cfdae687365d8b13b77c9b6549

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    04647a52559d0620a811869125b967f0

    SHA1

    a8de51b6ac455fd18306ad5ac72a1b5b04f3e04f

    SHA256

    a1c5c01cbdccbcbab8f56660b78a83247c82d2d9e3b918f7a0d25397b9864616

    SHA512

    071793cdac0f0943f774c8c0a6fa0d7ea35a6eb1c6b96388f80d524c854efc922fd14db5c6a081fc606c1f0357ea1d2b5a4a0f94e87a6c8ffe8348d8049b1dba

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    da521fe55ad44bc49bfdb1525e54fb2d

    SHA1

    3b3a866d08008528120f8a26f48c54fd79241b21

    SHA256

    cc45cf7ac280272f18f05783f63855f3bde9e05b06d3265d04e59521d6a445b9

    SHA512

    9ab4344b8b34894ef358acf14ec67285d8c646827e7cb2129253064e74b04bb1fdcdb73161d1b6e45a03be205b8940ee7efb29320077b37f3ac8afd0f0d8f629

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    26d48fff0feb491c16cc8af4d8d32a06

    SHA1

    616fddcce4aa96b03f06809c57483e40c105f9a1

    SHA256

    3cb17038c168060f4ec9457531eb117111f8411edfecc30af3b30107b380f979

    SHA512

    21df3ee5dac1591b7a1136a0e03c27b5d7f38d75c5d7e4c5104e4fc658d18eff1d5148fe4ae8f8e8d629fc8513a6c74130c44d0e95570d3f48a0bdfd166430a1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5ed55cc6e6d5dae98be018f8ebaace69

    SHA1

    0e22fffe823671d99cdee684f635dad57d0cbafe

    SHA256

    ef0593f04071fb31e6928169129c4c92b31543912def30e37189aee145c104a6

    SHA512

    98c04bb4fb586bad8698da04f8a14a5495f7e38b0a0217dc0e52c3ce6614ccc729ad9ca284f43102d89221e9645a35bc47ec8c65a66ab478edec517c5c1923c0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8d94023d7f56d695b97d503d9c16b69d

    SHA1

    5f5f559b758c97a7de916edef80c14c6fb417742

    SHA256

    c556fa2e34ca9c8553bae616c72b88b6465f970cb5f62e0e486825456d0061f9

    SHA512

    2cb6a9b1474fabf6e71923ce318e02f1017be1b3b925f74eeb2c42b6f5f8c50f8ba700b57f0c355829a3dbbe7374512d19dd8b31783d6ab2de578a0663b6833f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f0d36d6cef4f4f9b6ba4cc2fe3480b9d

    SHA1

    ab093600934353017ded7d2afbf671c366a524f0

    SHA256

    d0fdafcfb995ef00cd52600178132312d68776bdd74c9e9868d70c6751c1f6b1

    SHA512

    7173274e9a26e893da3c2d94ecc6086e5ab5cfa34e035fd904f1aff230758d663de11bd1e423fde90cd06df972c55027c1cbb29f41d4089d002b984cdb0b4e0c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6ebfa25436b1cdf5f697f459ac632618

    SHA1

    e1438babd96bcc03b80e127cbf15b4b8cb374d23

    SHA256

    232cd68dcd64e9029f569d6f44a8813886cb42fd3b761b54f53a7eacf0ce71f3

    SHA512

    cd2511db54fe3b48f3438da434265c778d4f501fe91bae0e166516d9b21d44ecea25d5da9cdea31bf6073a9485bd5b8a4c36f8b77f408aecb2ee23f60fc2ee85

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    83a80d148938c16039021f2445ba5f70

    SHA1

    87c1664902224e97e2e633ec2c89296b1ff4039a

    SHA256

    530bf11274bc55ceacdbf4ac0a22d44b09b04b3cd23c0fa08050543d8b746412

    SHA512

    8442b41b09cea0a993d4dea96ce34f3af23ae66b050a426448a04111affa9be6b5d5a14c82ac57cc534503451a302ca2dfb92f3aac0503feeb150f0874074147

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7ced9a2ba042bb4c26c555a66291b569

    SHA1

    be73fca67894324edd244af3b72f556bef9271af

    SHA256

    3d9d7bdac15862ff8956402aaa4d8351b25ce5d3a10d3507b36b7dcedb78a124

    SHA512

    e55a1fcc6f8136d07711e0513e95089e927481aff7b188b6e7c0e23985e8dc82c8022f55fd00e40f59067663d6855947610d1f5d25c053d3fe424ffde22b2b12

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    14afe4b0be720ea770819f972a89d12e

    SHA1

    ff486017d3e68aed279cd2afbe6abcac9d5f2803

    SHA256

    71be51ac6eb3df6e95090b5b8d86bcbf36f72f182ab605602a1b16939812b8cb

    SHA512

    6c95785b07305007f5f3fef751dcfb68c6c905c357412ca3305f1ec33ab18a300dc8450891c35789f3ba0c26b2d5247b930a31354c7a9bd44a59b3609fcbb8dc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    05f30e2ca47c0704624ecbb1c4d3ee08

    SHA1

    8f2d0101193bea096911f34d411b20701d9fa010

    SHA256

    7be72f27f93ada28d4c9d33e7db79b77a5cc668accbe517c01291ebd138ba2c5

    SHA512

    be1ef668df57c537bd90b74ff17b411b6fbea7cb6f45db9382857ab7dafb8e5195ea6e50a870b9dd772aad6c719ad782e5881a1fa9fb42bb57afc93e79c5ac3f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b60dfcccf724c35d4e4cd64026c0218e

    SHA1

    a67c56d1e30875ade48849eafe7d11ea9d4cef57

    SHA256

    65620a82f4946f0a130995dd8a72c80ed3e9dc43be46dc404705292319b6c223

    SHA512

    8575819b211d015ee60abcb54077e20baff1b6987e2c82bf4e03bdef403d643c2cbd8a794b41a3bfdc967b6cf4643a4510634cae685c00f998bf666db20e95fc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c20453a3854d82d89f941b899f61d3dd

    SHA1

    d40280149d824da9e076fb55101ac5ba88c3c114

    SHA256

    7d2967aa4ca59b0614b46805ce6f6397ffa5bd5233c6eba0ac25db44ab2ff98b

    SHA512

    6a1e1df53fa74004a20f6dd54f17f6901b90ad37192514725891e845a35cc719c3218060daa3ab33f21e8ecdec4eefb924c88dcd9c799c1dc9c169e78f6e90c3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    62c80a858879fa5536032c4f36cb09d9

    SHA1

    9ebc276c00dd2ab80ad014a97a5132c78cbebe2b

    SHA256

    c7a8c846f18768e961f1f55e5c91a12fa370b620777343f7781233a05735323c

    SHA512

    f1a20d9986c0ade65232be8c813e2dd9451ba8780a71349660502f564297814ceabf6af7ddcc240d243c5b5f744f1255ae50d11f05647c33289a833290316953

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bd05d9015ac622987b7a2121cefd0b5d

    SHA1

    c1afbeb17509a88b2b5fd8d354f67ccd5956725b

    SHA256

    eafc3b356bf1cea90b2b0ed00bce6f9f63bca0e669f5a564ec6b74d45d918280

    SHA512

    2c3b8fabb2f3d6aee3bd459aca135be0667b66bbb0cbd2453f768d49d871a88480420721f0206a9353ff268cd67de1598259ae3f6e6e1a815c31c65cf0a4962e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bbcf52ed167769ed961d11ea82dba1be

    SHA1

    5e0353f752d2e12dc1241888ecf0e910f8b4ab20

    SHA256

    652eff8f273739d3a4f6aefc968bde8bc04ea5c52cf4dc43360f168a797e9c24

    SHA512

    722f18bddb33abe308bf08f954b2cdd62eac75f17c9c703ef4bbe2416cdd8823aa04445238548bddf60fdd9c384e1e789cb206efe937cc1dca7c3d1225f78f5d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    abd7b7468dbd3e83fdb353bd2b2de4ca

    SHA1

    f9d36de3765f5217f1737dc2fccd98143728bb51

    SHA256

    8078338cc805ae20e1098904ba31be53d928ff3ef2345942ef4dc05d081a9786

    SHA512

    d9e238cc83a7b6dab114dbd6222cd156e7a1dc96cb595cceccfb826ddd39925808d4fc9644dd5688dcdb02de2089f0a2efdb941695f6d42647ea29003f50a99d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9d70105675b2d23a852e6b4b5ed167e9

    SHA1

    2094fe3b18c9adec1a3f969f293ef00402ed27d9

    SHA256

    2bb2bf56bfe0705885ed30fc2d2c42b81b2a27258c4418179db984d68f0e033b

    SHA512

    6efc13e0f4dc4b9399d8ea4636484ff0e1536f51ea3bd26d71a4d5bd86f272153f7d77f2584cf95e0741522b46e8ce903aa532aef37f1fc2418f2b669c031970

  • C:\Users\Admin\AppData\Local\Temp\Cab630A.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar63A9.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • \Users\Admin\AppData\Local\Temp\eef68e025ef63426f5438cccc9ea7ad2c8f64a4916b3756b533eb0e5852ebaa7Srv.exe

    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

  • memory/2060-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/2060-10-0x00000000001C0000-0x00000000001CF000-memory.dmp

    Filesize

    60KB

  • memory/2292-17-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

  • memory/2292-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/2416-0-0x00000000001E0000-0x0000000000204000-memory.dmp

    Filesize

    144KB

  • memory/2416-449-0x00000000000F0000-0x000000000011E000-memory.dmp

    Filesize

    184KB

  • memory/2416-448-0x00000000001E0000-0x0000000000204000-memory.dmp

    Filesize

    144KB

  • memory/2416-8-0x00000000000F0000-0x000000000011E000-memory.dmp

    Filesize

    184KB