Overview

overview

10

Static

static

7

f3ec0b50d3...a7.exe

windows7-x64

10

f3ec0b50d3...a7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 03:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f3ec0b50d3f95d16b30a94775a535ff8cb3e88e31059498b3d2e5f87f8d873a7.exe

  • Size

    132KB

  • MD5

    95c30a1d924dc5c277deb888d9b52c31

  • SHA1

    25599a48187f227eb0ab548d2428de3d956b5f79

  • SHA256

    f3ec0b50d3f95d16b30a94775a535ff8cb3e88e31059498b3d2e5f87f8d873a7

  • SHA512

    5d662b7218d7a26b553f0b79466b2af734ec0be11e896272862bbe828aae4ba87902fe68a33ad404fc93d75ed2bf9217a5192a300efc258bfbd4706a5b1581f1

  • SSDEEP

    1536:jOC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfBi:jwV4OgSzBmh04eZFkz3Rr0gwGj9Tf8

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f3ec0b50d3f95d16b30a94775a535ff8cb3e88e31059498b3d2e5f87f8d873a7.exe
    "C:\Users\Admin\AppData\Local\Temp\f3ec0b50d3f95d16b30a94775a535ff8cb3e88e31059498b3d2e5f87f8d873a7.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2096
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3036
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3036 CREDAT:340993 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1864
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:328
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:328 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9d9d4dcd7bcc3d87e912836d0b7f668

    SHA1

    66a959b70d30d055dac6f90d1fc8fe81060f3ef7

    SHA256

    c9758c99be1cffef20b87ae7b6223242e16c7a98d743ca67d6a348fcc09b8532

    SHA512

    938e27e82b5148d96218946a4025b39c2037f388ad2d9e7c0e1e2440bf5a1563a5dbbf75c6e4110a3ecf4915207523e74e996f5f31a8633fc81e5452f81ae54b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e1ecb832a1dcb8eedd49c50f69d6601c

    SHA1

    054565f85493e1936db40d1d2de7d5d0ac030576

    SHA256

    2f5a8e7dad4f9740fa517a20343ada31d48ef63e7af3be9c70a5e24ba158105a

    SHA512

    567099ba34c6810b1e9b800d9699ed11c5260679ad4820a6876c54c1c387a04c16e1550df2c6740de770cf4a2f77e7a2326a409a2517e60328121b18380b3696

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8d3aae067a93a046355e9f2fb1f843b6

    SHA1

    630801304331795787640390b9f13dec9b308050

    SHA256

    d7d2aff273248af49ed2c220bb3986b23220cb4ed2f7946e1751db1d37198a61

    SHA512

    f087830d142379645850403389d85f30d3c9246b6165ef5fbaaae1725402f7a1afb379590f599c651d487ad896fa73153afb3c474e0c57c6d1e634995a957c3b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c40b6bd2ab685cdbc50d06e5f554afc

    SHA1

    2df6e82dcea78f9ff3f64c736f291dadae11be5f

    SHA256

    3ec26bdd2886a5e14c00438cf10d823568653faaded5cd2b7e76d72c2908f46f

    SHA512

    d8214c6b3b835f7d952e82d57077e462e971c4a8d7926c47898587293f7ab5ca4973709a62f8e1c5db6d17676bf9565a0d7a8579b9e11085e910c09f3ae6cbad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    85ecc5e668dacbf19149efd0675c9f83

    SHA1

    0c330eb71087d9e99fe1708858e407fdd26ef22a

    SHA256

    0489cc0970f2f83bbf9d79dcd0e0896fbb22276b0d39148e15aa6d7505cf3af1

    SHA512

    b933fc0dea87d2b41aed75fdfce5dc1833eb3f2a28f30e950a433aadf72cfac110cd343b1fff12b98dc68d189a0a07e4a4b7999802c81c7872afe3522efd9429

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f7bf42c571cc3cdc89adad5961e5a3aa

    SHA1

    f99cb890af0725d2d8241b172dfa72bca143399a

    SHA256

    de3b70c7284e9644ce6c27a327af54bc818ae6ca286aea652c2e3f91074379ec

    SHA512

    52f7bdecac8fb7d1fde4b7683146e1509716449e8753dcf1879455ccb70c2f02a9307d4a8039a80efc978dacad2efc78f35d6bdae5fbd850edef82162fc1dbc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    475997e6a3cef4d325746f6ef089d671

    SHA1

    b6c7e8334b2404c206312a6a48cad067f374fc4f

    SHA256

    eb033f4774e28c04cf508b444e2a149ce2a0555c8475b2189ec54e4d9b5271ad

    SHA512

    ad8541b775cfe315e0ebe3d662f792d4643fa0e702196839c21dba17036ee7605b5d9b5b3f48e61e89a66377fe661c2341fe04943dd62f4cd2df249b3fc02c6f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    84e978f6dba60d22b52d73ab545ecdf0

    SHA1

    6b8e037e8806782733dd57b7318eb2f96bf3462e

    SHA256

    967825aac3668e30d388819c09a27255202fb361658e725469187dee7166e380

    SHA512

    a26a9edb771094201837af67f54c1ab5fedbff310d38260d508fe7e9c4714caae34280a932c908523aaac0dabc738ff0cf0d0312750aaf395b8e27efe54d3a82

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    617578ac2a20e9e7479d2afd04c6bccf

    SHA1

    cf146dba5055b3bbcd07c2d58caac3efbee852a9

    SHA256

    ef450360c7744492a5e66b808914e1ed84ac17a44259684f61569c6f4e5c8b7a

    SHA512

    564a49356866f029759d61fca8b6ba69b7cb003a4647866dbfc6582732a8284acbe6ef31cb36054774036bc914357430db481f5c4b202dfcc167c2ea0e933ce1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d02cd0f7d335305dbab7e5a82dd6eff2

    SHA1

    940743b45b391a60061f7c0d57487a8c42250800

    SHA256

    af794db232eed200dfee58c6f0b76c46b1941ae5e29cc73a8ae42b616d2682cc

    SHA512

    d12daa338210751d16543d3add6f9e868b92a8407a17ac3c4a62755d2a80b45c18bb97951b48e1cd7fc4e3b7a5ef8f6e0c4ec05536a1a220b594e4e343ccc1dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc2149683ba99735d19a3fb7c4f7b627

    SHA1

    2670d5a1efcec19334236c879a7ec93cae86a3ea

    SHA256

    499dfca6c3312fc33aa6e5b6b4d67362eefb21c7a909c05305fb3dc599457b88

    SHA512

    436aeea7b2d5b0165be1147116204b447a8ea5679acde694cc5cf5e5d8e3e180a326b3c625796165b8b2bf87cce00db9071b0c21e90eefbf299af388c40c0e9f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    014418b5b92d2bd3eee29b195e1c07da

    SHA1

    93a167c82b13f092ce9dcac2acdf35f42bf043b0

    SHA256

    56e1dbefb4c07cc65459bcf1761151281396fc5cdd4c3e4f11fc757878f6c47b

    SHA512

    5e88f797e974f9496374c26d05112cd4b1d81d4d4f2f77bfad8f3415a72cdc7773e7a32c1696dd24a9ef4d40b7d31a480e3d17dd63319deb20cb89e1e7df640f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28a3abe61741f02a0e68cfa566d421cc

    SHA1

    f2b85daccd36b09e3e77ee7305168ad127270315

    SHA256

    1e162bff925ef9c1d97b056f235d2660533e36f7db437566b1cfefbf45616c8c

    SHA512

    87e3c178daef07a877f6e216ca68e1441815c7f0e586d68a5bdaf7253c960e17a5b809c00b92e4650ae3cb30885f1e5acd4ca297d190c88a21eaa8d785e2cee9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a715ea5ce2afc784f73e4b6ce28e959

    SHA1

    2607b1c95f9380d266391bf82698fa1058c380a5

    SHA256

    d35f78ec91fab8a4584c9cc61006c9dd7ff40f658f7644048403e485748f73af

    SHA512

    7d79ab405c498d9eaf1d6b0decc6706f12de7438d5f88cbd1febea9fb53536ac4fa590cb2312335c4beff638f1534af6ab0aaefab8e70ee8d231af9fce381acc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d3f621f1ed5d1c95d2beebab26402a98

    SHA1

    fb336d4616cf953eb3502cb47f925b5ed4e0a7c9

    SHA256

    99d3860df9bae8f1ad1ec6084c6afcd0e489ffce9d164ecb35edbe90ce318be1

    SHA512

    eda7ef61a2bea4c5724d2f84c4432d86f29d1dbf71f1e20512f66d98acef8a9a4ee558dec47d1a50fb21ef2b67f46da7bfe242607364426ba99e347350850f54

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da833ae12a9044a8a8a1a3f0d8676d2f

    SHA1

    cd0484c521ddea294fcf818e8791fa541d8fb951

    SHA256

    fed12935db3b9622cda8cc916168d4bd2d09b5836ba4722297dcf3b27953cd08

    SHA512

    0a51f8a5c6af547bce13e82a068e286c65027b1ced0d90679ec134ba2b876484836ef9dd1e8c2ba7b7768d8384704d5e7498542d75aa7b696f2ba8d543c93964

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc98d13934f5526ce3921465952a956b

    SHA1

    bcc5bfb02ae3e16e2048ca8f8183cb3c7d194c33

    SHA256

    080005e59058bd34e081923cbf98aadbb41e50615e36392fdbbd860b4cad1939

    SHA512

    c9b21bee7d48fc8f45286a973af36af6e0498927f78975ab6b09e01f5c6f54aed19620663499dd13b69d88142a900086bd568d9c50d243c997dde84ddead1035

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C02AD9C1-7636-11EF-98DB-E29800E22076}.dat
    Filesize

    5KB

    MD5

    15168007e2d685d5a4d77ec35254cc30

    SHA1

    3cf00e7eb407afd94dee1d44a7b96acf3b8a7673

    SHA256

    40a25a0173ea170dd0b5845bddf8016ff5572ba4d595a7952e15f5a18b7733ed

    SHA512

    dc03cd83b627a8bc7c7e7ab0c53b6c8d3e0a9e0e0399fa1eb84d292a4b02b819f27ea343c5ce17b2f4715e095b0171e98ae4b00178bebd00658e58a09d9def71

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD26D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD32D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2096-3-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2096-0-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2096-1-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2096-2-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2096-6-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2096-4-0x0000000001CD0000-0x0000000001CD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2096-5-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2096-9-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download