Overview

overview

10

Static

static

3

23c573faa5...ff.exe

windows7-x64

10

23c573faa5...ff.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    01-08-2024 21:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    23c573faa527b3ec1ae07bde1c45c12cbfee04884dda82bcacc6c9e4aa411bff.exe

  • Size

    129KB

  • MD5

    14658e84c350235c8505f508a829960b

  • SHA1

    bafe740dc278ee83a52191b21f0635ef53f3053f

  • SHA256

    23c573faa527b3ec1ae07bde1c45c12cbfee04884dda82bcacc6c9e4aa411bff

  • SHA512

    7cdc3ad8032450b4defb89c79af415e1ffd073dbac526fe589aae95d363623c58b748545de1ed65a5759bc0d07a5a5ef345a54f8e101900fa37c6f181ac4800f

  • SSDEEP

    3072:v3HDU8VgE9KzlcmDs2U0ezrcRqwGamSRLkPmEZpVarH/43ZJiOb2:vXb+zlcmDs2U03RHzUbVaU3Jq

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\23c573faa527b3ec1ae07bde1c45c12cbfee04884dda82bcacc6c9e4aa411bff.exe
    "C:\Users\Admin\AppData\Local\Temp\23c573faa527b3ec1ae07bde1c45c12cbfee04884dda82bcacc6c9e4aa411bff.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2604
    • C:\Users\Admin\AppData\Local\Temp\23c573faa527b3ec1ae07bde1c45c12cbfee04884dda82bcacc6c9e4aa411bffmgr.exe
      C:\Users\Admin\AppData\Local\Temp\23c573faa527b3ec1ae07bde1c45c12cbfee04884dda82bcacc6c9e4aa411bffmgr.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1124
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2296
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2296 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2732
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2976
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2976 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2888

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    93e332bfee8dae2b37c76c94fe846345

    SHA1

    c8f34374a01eb28205246e24b78c8e4f0d6cc25f

    SHA256

    c52e0980ff96305d5048cea8c85976572d63983b7a4e96dff0bbbb35f5bf39c7

    SHA512

    3ebf78be32e1b3f1917b1a7624493b6c65a10d0ea883eb26a452589bdd5296fbfde630cd0b1dc398a2b9deb225173dcf66166b8e2841363d86b46d038af51924

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    9ce225c786e7b96558db284003fe2d82

    SHA1

    13d2e2652a133cd1d248439e2a5e7b89b25b07a5

    SHA256

    f2c25fc3121e951a5e27bdb5f7d9ae46f73c922b234f9ee41e0fd61253aa60c6

    SHA512

    8ad3d1bc63b27a036048911716dfed86207fecde7c5923b55fb8d6fd88b1c1952619fdcfcb8d6dbf622052feec4f2ef759d07b67e72714e3834fe3f213a3caca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    5ebab31c3700b0f9ca0cd3a25db47983

    SHA1

    33108a384fc403206716dc1b84b916f54a2f6793

    SHA256

    ded7403e14e72f2e6104fc0b94f09b28c08934ebd39bdb0d93becf11eebb7967

    SHA512

    1ba2f053f736f013c2dd044d22f0e4ac6bbf91b4fb2c9aacd2c8d036392385e1c335f0eb216767962c3d88d9b13eb1d2baa4fbbf6776c647417f94eb5cc8a0a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    10af758479fea683b32b4a440a5aecd4

    SHA1

    912b20be685f2c60e83d4e9160de9c0df6d381d5

    SHA256

    0e29cc351bb93b58ef3d22a1095d83a6278f9d1155600803eb2f2d968a775874

    SHA512

    11b1cfd5ac9c080399fe8f0d54cbdc33321d8fd67e163afd6689e7e85316c8126dd012532f4973aa663e4b5cff643aae887e899e6710579955d0ded03295b399

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    87d008f70a2700134a79e7e60f25a704

    SHA1

    a4e976610f0b0effec6acd47f2727b0d8cd29212

    SHA256

    ffae59da566ad7c1ebc7dfa03de8c894e31000e7e95cab369ed116b4b4a42d01

    SHA512

    686dab596f16be7c2326665ff41beb7cbedb507015648b9953e3883cb38dea21af2e81ef33a9f933837e95f55f2d1efaf45dae61bdcae4d1f67e0998a0568f58

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    d9bc91981f8635c337bec265d35e3ef1

    SHA1

    41d8fd90bbb7387d09e8e83d678df60fd908294f

    SHA256

    9be02c17fefb43aaa801d0003bdb38b870ccf8aadf9b05835d620dc5ecceaf64

    SHA512

    5645d3c0bf91ab88cbdc1d1b20cbbf3df349924d04d8823b78cf0edd49084f5a33d591726478c07ff5901cdb7f330e497e00ca45ec2b49847a77b17509ad6576

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    516cb5050b0545651f5b894a4b4702c7

    SHA1

    8c02d790af065d59e09d5e654bf1ee8f778ef201

    SHA256

    e5041d7604fe142b6c7ed685765636bffa5079c8f6f4fd7afaf983b3cafdfd8e

    SHA512

    824c550363eda192a459d7b9d32f14df1327f7d9a15b337cec2c471aafe30f448d6b9a7b37c2ed7aaaaebc6675cf4b9ee2e1902fc62e401cd88a7a3ba1ad05d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    100375ec82eb25123899b5f5dc9af488

    SHA1

    f8fd9b0a91e7e624a2450085f7c9178c65a92934

    SHA256

    28dc2849be2ad07957cddb518cd8798f4e250619b4ca67334ea7a807c140b445

    SHA512

    9ecd6750c586fbdeb3222b9bdb24d3c931d8196bd439d6aa08d0f81eb1ff1c6649c7de09244d9571a054078ac96528fc3a09e0b2f6f680f4bc01a6c93b9534bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    3dc520e0f4e74278f3e05c68e6a2af45

    SHA1

    92f9b3a3747ef07d6510816f01e57e8b9f27604b

    SHA256

    ac4bc70de9272474ec25f02a445810f0a01c05c1fd6c2bb8b987189a9e1c1391

    SHA512

    fe81daf42f3007c3820026b381805341dcc0bb16583d810b77feea8a18be31294afb7827c3b9ac8ca17ccdce24fde28b7ee471a01fd7aad96a9a0dd817f3f143

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    690432c3f7e3dc7a4940d6d5dd75bf97

    SHA1

    101858a4dbcabd38f232ce87026cfefd7d9ec20f

    SHA256

    c057aee491ebd92c269802f005dd4098df78e3542b7faa1c40ceea1f50565953

    SHA512

    745fd0ae56f58de12ed38207387977b7d45c4e7c1bc6d1d4a344c2b26e60c12f814c1e68795eb2693476579dbcffcfa1cc70986aa5ba5a811df028ea61a73200

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    6446c73d078b3b5c77356295bf2d2fa8

    SHA1

    9d377226099dd7399aa0940dfa535052dcf33ab5

    SHA256

    1f54644e41933b9ffb77e3423cc4d6bf5aad3bea1832921868cf270b0e4afed2

    SHA512

    a01cf2a9464d62d09f9d8e049ff86f608a301394c167eda322c6f99320d103b7331cc633329c83fa2ac1f16281cc4d02719fb6a8f959375031c2136494b221e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    633c29c80fceba875cdaec6a8f550fed

    SHA1

    c6aeb26306eec44ae11b81389ede3fc95285ffa1

    SHA256

    d11c1e53f3046edbc1116d5355c39e629b7e38713c0c4419f0e60a2b62484c12

    SHA512

    70e99ef05454bb7922640cd07c8a9bd84e08b0eeba4681fb33edfbc5c01d0389991151a95e93ec735e8d49675ec774ecceaa57560292649682cb0eaa20d5abf7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    1ac244f0b486012d76e877de6ca01290

    SHA1

    522ca3cc0a4f06df295d6691d2fc09edba898016

    SHA256

    52307456f554b3ba1f4d0558e97de337d547d5741f36052a01130610ceb93de6

    SHA512

    7913bc27fdb48579afd20551bd0e84b7ae8d6f5bca5ad753a3069f91b43d2255b014c11d7ba6ba966d865b2c395a4f80aba4abd65fe9a4f411946495c980011d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    56fd671b24b149dc1791f78158ae38d7

    SHA1

    cd36f8965cc1a702882030332cb2af4c20e5a2f1

    SHA256

    514800e8c70f6161d1dcf226508b0f4018f237032cf9bb15f5a3d036042a9429

    SHA512

    7281df08e66d41bf997cad47820b310757f83e2e22066e1535b0f834ce9de89ea12548d95f6e94a4eaf8e3af39be0780d1857dfcbe898ec18b85faddb7fadf18

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    da41f116c1f791a19be865f12d6f771d

    SHA1

    796ae3d601e63806efcd29010b8d600072b19881

    SHA256

    e169234c097426f16e0f896ad0fa1097de6cf3b50710607dd35c036f0f4897e9

    SHA512

    9e8ab415bfd2a84ba1e83b206f393ef319c1ca435dfad6524879ffa60bb11f0161104a5190eda868556652e8b82b3538d391afb2391c14d5f5dc32492291220d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    af9ee68c5eb948e1f8a9caf84af331b9

    SHA1

    12ea43ed6f439e49c5b4e09e41493adfbac40319

    SHA256

    0578ece9f31652b5abfbe034a9fae68dbc73353d759861f9bffafed0cc57c812

    SHA512

    a59456340a1c56aa6cb8a94cb9662b3e372a2f283858d5d4ed8d12785e6b461d2b733ff49e5db20bcf3bcd42486d9c918a39da0fabfcede351f94221116cf740

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    d1962e8521c88d959b73f4c3d6646cfc

    SHA1

    5bf583b73d4893b3f73b18c7b832ddf40842fb59

    SHA256

    2a1c154cad54017df5ac1f06c7f8142cea480b0eb13aaf673a5db16abd5708f8

    SHA512

    e59b2698cc270e0046e2160dc57d43de8d87edf631cfd16b7efda9eebdf9eb603b8f7c9047756ca0c6e9f93bc955a2b634e41530bd2fc8edea90b43ac113c79e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    98527d719adbc6dfc96b8ee7bc5dec18

    SHA1

    b484292aa6dc58954636b41afe9824b42507e4ed

    SHA256

    07af0958b89fdc955f6cfef0fdbbd2996a583e43559a12a7a81963f6c77fcb79

    SHA512

    d1818468da796981de0146ec704eb1f104977a3cee38829bd6f867726d230a82816f9cc4a483c8226254034fb76eafe3e6fca90021f0b52beffe16ee7571f93a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BE802B31-504C-11EF-AD79-76B5B9884319}.dat
    Filesize

    4KB

    MD5

    4056918d8e7f1cbdbdc38380648b5549

    SHA1

    665462e5ad35112f5d60505c83292bc7ec7ece52

    SHA256

    5931773267d8e3d6d48312530eda998b2163758a21eaa4ae5c3c34c3f105e41c

    SHA512

    f19c48aa7eb1f68afb0099e8dad1a55b507cf16fcee69a24888e3e106ebc76b5db8486a95c514a1ee66de889c7fda6dd4a7b318cacf6d144062a2c6f826960ca

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BE828C91-504C-11EF-AD79-76B5B9884319}.dat
    Filesize

    5KB

    MD5

    0dd9943fc88fe04d19b2938c9c8ed7cf

    SHA1

    d7edff056abac8d4bdf77b53ba45b2c94049f1d0

    SHA256

    fdfa0533c7fd0677d2347349d041e5fb1e0bae6b989365ba6094543b528c507b

    SHA512

    9f8922a30c6e5450a95cfeee38ef8366937a7b5a4897993745e0243c824d754fbd3462f59ed89daf5a40dbe5cb90d59164b68745ca74d8f069b037e368b2cf3f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF460.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF50F.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\23c573faa527b3ec1ae07bde1c45c12cbfee04884dda82bcacc6c9e4aa411bffmgr.exe
    Filesize

    99KB

    MD5

    f3873258a4258a6761dc54d47463182f

    SHA1

    fbbf8bca739ca4e9745e5224662b33b437a52461

    SHA256

    63b02a3e8e7e049d1f29cd4cd79fe5c8905754da6c023df72aa5cca351d0d5c5

    SHA512

    eec16bb41fd05d9acd5d2b17eb5218057c3cd97cd706e0782a64eb2c32f8a57f1206fe0268be7f37a9f1c3f7b8eb09767cf2724951eaee4be03c4d509d4b3dd4

    Download Submit

  • memory/1124-16-0x0000000000230000-0x0000000000284000-memory.dmp

    Filesize

    336KB

    Download

  • memory/1124-24-0x0000000000400000-0x0000000000454000-memory.dmp

    Filesize

    336KB

    Download

  • memory/1124-20-0x0000000000320000-0x0000000000321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1124-21-0x0000000000400000-0x0000000000454000-memory.dmp

    Filesize

    336KB

    Download

  • memory/1124-19-0x0000000000310000-0x0000000000311000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1124-17-0x0000000000230000-0x0000000000284000-memory.dmp

    Filesize

    336KB

    Download

  • memory/1124-18-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2604-0-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2604-6-0x0000000000350000-0x00000000003A4000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2604-25-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2604-1-0x0000000000200000-0x0000000000224000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2604-2-0x0000000000200000-0x0000000000224000-memory.dmp

    Filesize

    144KB

    Download