Overview

overview

10

Static

static

3

2024-10-03...it.exe

windows7-x64

10

2024-10-03...it.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    03-10-2024 03:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-10-03_8f4dd5ca9a4a562957a3db2bd8137ff1_icedid_ramnit.exe

  • Size

    475KB

  • MD5

    8f4dd5ca9a4a562957a3db2bd8137ff1

  • SHA1

    a7afbcaa1b4019bbc0d1d689255446d2b9b5c804

  • SHA256

    d6043b2dfaf5353a6c3b0182798d7c46bc43e6ca8a23f928889b1332e373a79e

  • SHA512

    69904ef398b229d3c3c024e69bb04aef14bd97016bbcd941a656d0a8a139226e04c6b326a5f402c1e7e90e2c974aee6abf63ad0b19b33dc89eeba6f3e7e299fa

  • SSDEEP

    6144:3aGlIYUIrf3M1Nnpfx58Mc+WOcclEaPRiZ2UC73OAOM+h7xmy8fBgFb4tz+QGWw:3ryP1zfMeZnO23ay+hUBg5wz+QC

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-03_8f4dd5ca9a4a562957a3db2bd8137ff1_icedid_ramnit.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-03_8f4dd5ca9a4a562957a3db2bd8137ff1_icedid_ramnit.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1384
    • C:\Users\Admin\AppData\Local\Temp\2024-10-03_8f4dd5ca9a4a562957a3db2bd8137ff1_icedid_ramnitmgr.exe
      C:\Users\Admin\AppData\Local\Temp\2024-10-03_8f4dd5ca9a4a562957a3db2bd8137ff1_icedid_ramnitmgr.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1488
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2400
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2400 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2696
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2108
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6f76fe83d8abc75b39430a23141f669

    SHA1

    0c5d67fb679f539fe0c6b9996409d0636be8ee2b

    SHA256

    c884bbf5103b044fa7ca8d24a2ec8e557903e2a014a765a3364dd1923f174347

    SHA512

    f22ee92d7ce3234b12fe132871302cc08e9c276e0998abffb6a3b6131f4185cf38adc4ba355ebf2f8168b1e7f50abc7072791e7d7a6cede988ffc36e21836d4a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0f389470050b75f9b7d08b5ab32eb8e5

    SHA1

    9eaaacad49c51b6715dfb7d2ee6d5270e9f04c81

    SHA256

    5a8e8469f651a97062b8a047ed626bae1f66a7e95a7e6804edc320c30ded89c4

    SHA512

    9e55f7fbb8f35e20f1b88c216ab24804153123debab63de6fc21d274230fd999f38e1135b0dc9b8d367f3dbfc54d501d8a0a09bce6693289066b6bc2c5b6fb19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6fa2c133870e3c31360726a2c1135fc8

    SHA1

    eed34ed6cd8998a2478fbd6931e6ee4d660f9aa6

    SHA256

    daec1d831525e0995e08b6ebaf93c821206b4c8d2eeee3f4b61e2b689ad6ae6d

    SHA512

    e4ff1f57c23a9cdcb74eac017c4b07cca41c2b7c29c19dbf4ff93f569d126a801a15afb572e9efb3854a3b68b59403669aa538bcaab4fb6bb935c45626167d3b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7db1227a5647fb0282ed7d92e539756a

    SHA1

    9e16e86502c4c13e99f63a4dda239b53dbaa551f

    SHA256

    359eb6089aed91f5a0f23f44ab197598784d5c1d237e89087cb81fc71f7ea7ec

    SHA512

    55cdd086401bc27ba94f3d48e130fb9536d26ce21d98822b38751748994e8b332aab018a6faefed5b1416035ac370e8402ffe87804655c50c554b523fa33b5b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72f4f02af92260410885c25be9b22a9d

    SHA1

    df8865d55349efd211655a2c9d9b451743392760

    SHA256

    c31331a55c802b4192f8e66fc7b8f8fa4c4a979764817335638b9851cec5a849

    SHA512

    5a47db975504b977b8ac0b710388da450164db7c6558e270b80c8eaf1ccadc430f0b0a282cc36cbbfd5d317eaec0fac2aa7cc1c6c164d034906ba334c5f73f2f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4deee62a96ad06947be49a50a206e42f

    SHA1

    5ef5a00a962848b545d386430771e5d40ce66ca4

    SHA256

    e9c5ff86ffdf6a3ce78ead61668959a64f4282f1d4f7b06a6a43e1793a3da579

    SHA512

    cdabe7cd8abc8f163ba560efe1bd0b889314524dfb8653f91403f8ac678e51a23934fab2cd1452b8eadafce0d2989b8c8aabc6939b8f257953e76cc604407514

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d62ee57d73f5a06dc56479e7878e94b5

    SHA1

    efa8e8a14cd2a038617870f2d2dfdc07c51d944f

    SHA256

    4f9f766ddcf04e2e7cd0e6688229d79213748bc9a6df06a99d2739bfc62fdd8f

    SHA512

    701b668240d875cba233995e7734e9f95a8199e5b2b160204e941b3123a40b0d715785ff1ded8bb546cf63c4a871480e310776ff79a6ce8e3645bf8746461286

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a17c9a5476b3bacadf8e43863b7bc89e

    SHA1

    322c9528279409d3fcfb42070ab2c711b272da58

    SHA256

    a4494ea1fe3c2daec1a51de1b2b758755bfac74fda9193efd36fb30a77dd278c

    SHA512

    d60f770bf0275014ef6d2b5acd2415667bc7d4bc624ad2cd6b7ca66a1836f99e33752d4532cc551084670e5da10c407dd3f586c089b1efd27d99da6c7fc6b279

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b759fe044ca1e7a0ef9287790aee57a

    SHA1

    9e21350764b1a6e22e1a7fd171c5a70e88b208b4

    SHA256

    8d65b8011d7e5e09250656cdee790604d0e44653bc26771f4cd1185d0a62571d

    SHA512

    769776970920efd03f16025ecd5acd4e720ccd5aff4980d209314c3790a0ed4da1dde9dea68af13235dc245b40bb429d1b0dacf32f4385c46a7f53812f768a19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    749faf115779edf68d8e4726586d49eb

    SHA1

    0c942764fbf6c6320f81b9ee6415352c45b19cf5

    SHA256

    813b30cf741e6216c67c8774a7dba9ba7141e7a5c8b7e2f4662d8f86ee31e77a

    SHA512

    f3bfc0bec6efe182312eca8fddc88936652c0c4b86a01aad6cc2bf8ae2a199cedeee87b8b30e2d77e1822862905ccec1ea61f43905f695c29db4f21cf8bed745

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43d576e807c21e8c892629f56a82b340

    SHA1

    cf75999024aa3410b33b7e9ca8fe2d573c20f252

    SHA256

    2c0cc36f66f0962ca5cab2c41a746a8616ee2fb894f762d2c8aacc8d515520ac

    SHA512

    fecde9b30740e6075aae9001a4b2860e147e859317e04a4c732783c3bff8b35c96d36237bf6b23b2cbda459b9077a8ebdea5b0ce06179f813aace7b83eeeb810

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6c6d1962e30379a4307a154f802df445

    SHA1

    347aca458a9d69621ea16fd40e1e2dd525639f83

    SHA256

    b1494836c27130d6d7c95badf578bf9e90ced8888179bd06d9c1d92ab1ac5698

    SHA512

    92e17662549c0042efc320d9f5343c3a84c1526a31f8f3b68b68b5d10d4b610bdc7cc854407616e8878cc68ee7cc50bca02030c602dae4c21343119225261a69

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2fd0b5623bb5a5abddbf99eba682ca66

    SHA1

    577ce737cb6d98f560500775ef045132e32be252

    SHA256

    184d8b63e99076f1f7090ae5efe325e6402b7d735e727cacb4d271f1051455a5

    SHA512

    f3d6fd4d3afacde25abbff6278109820a88a47196e23b16eb21380d155550ea3ce2d3c31a86f94a2ca59357535d2b19e9f831d675198b8c404522a6ccbb7a6bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67696de828e78b1c357c8b7f54725d0a

    SHA1

    a1425444a4889f5f20931c27fd9a0c32383ebd41

    SHA256

    0bc1a99d9addabda8fc14a77b9a8197fd81d9927d337a616358b816e45bd6aa9

    SHA512

    0072734e6c1ef593c406b973faec263016ff05b28101c71f653863868982046640a5f3a5b65bbefc75ca81bff037287d6757480c5bc4e8792471b8745d22c982

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    88ad660d44674aba9c45be13e9aee128

    SHA1

    77226b72c2bab4bb4712d570e39eb82aa155d6c7

    SHA256

    114c9940abcdc2527c18671d56a02254cc5d43e2f131ca2ceb0865eac09e628c

    SHA512

    5fb29c5a1072f8417a8735e8e74ade2aa293faa1ec58c5d27165763376d515043ff8d620c6e86d2501310feeaf37cdc11a5747550f28a606b717391a89e9e0ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    66e9613931c4460a10cb0db402e6c85d

    SHA1

    562de1e6ecd912503f7e65e2f58a14f8e96fbecb

    SHA256

    d973cf365ef18b93e71f1940930aee224ad7b1125d94a32eb0fced835d7ac6fc

    SHA512

    d88965cfbccbc7f435f289ad986aef0ed8dd76e243446a467e7d66f79cf0c2b2c9eefd1d09ab181080b1cb77a4843b017c2e6357b20837bfa89ef5f217f7a332

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e4954389f755ae83b9f095c2605f28e0

    SHA1

    227229495dc592296cd8d3c8e5aae23225573c07

    SHA256

    088d9d89e6067a63772b9a18b95783a35e6bbbd82b719e88918ea90e873eef86

    SHA512

    5883fd33f3402cbdcd439426868541b53b7a14049d2069cb6aba89ff73d1378eebd10f08d33b6ec8cf2110c6872a4371862cac3a642c10f96af32e37698629db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1c2cc68f0aae1e74fb3c0cf9e933e582

    SHA1

    59a86f9a01df9cdc156e0135d261c31367ffc814

    SHA256

    7ac744d3b56bbff5a179eee031a2f477f6dcedd2a9e61a0b254c482efdf3b5d6

    SHA512

    6f5c669f22061a44d5ca87b301cc25f4fdf00f6dd846a9d40e49fb86701d38b87cc6098808e25743efc587c5a0fbdbfbefdda5d293c598e9e22e1425ebc57eaf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ad047dd3331c4f1fceedc52a5be4759

    SHA1

    5dec21f9e6485f4123de9666504d4179fcb7fdfd

    SHA256

    93a003a9ab4916e68073716560ebb5ed50f5f639dfbdda88c535bd0316f2a660

    SHA512

    f033aea58e0697404982085472efb875e90d6821336d34f438bb1acaa1be715a7b29823cf02521cb64aed820da570a5e271a31c1fb1748d7e8c81d512f17c072

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CA0757F1-8137-11EF-9438-E643F72B7232}.dat
    Filesize

    5KB

    MD5

    18a51c52e74efbee6ab3b5ab3eaabba0

    SHA1

    5fa89c6765dd6bb954654c2e6ad1cc7ea28f819d

    SHA256

    82d2033b8625367244a8715fde61595971ba956a11159d1feb0270196dbb8d06

    SHA512

    c0530b48340bd5869f6add654ea5dedf8ca669d7b0a16d804e6c12dfbe99e063d771c5b43b604927cd6de47286db4c331b6f07a1e552a919f37169accbe0cec8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CA1B9B71-8137-11EF-9438-E643F72B7232}.dat
    Filesize

    3KB

    MD5

    248582d02cb0568df45bb1baee112e24

    SHA1

    5c8be783de276ef1b7ffb27fbb21e0a2d110b207

    SHA256

    0e7d126149195d6729d24475f4e7721e796d1c111a684c8e7b15e2abde575c8b

    SHA512

    23a1fb3a7fed85933c0b01ed7995dc982b1e251d401190da3458d089e05cdada65484ab474880be77be6afcd457f02d0bfc025e34511e2f7c8a247dcaffe1ca1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5DB.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar62E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2024-10-03_8f4dd5ca9a4a562957a3db2bd8137ff1_icedid_ramnitmgr.exe
    Filesize

    105KB

    MD5

    98a8ced05b34189b8b36760049b2ea36

    SHA1

    a5271250fb91d891c7df0cae7812ed68907ae076

    SHA256

    e50689964fa016ff34ad6517bb863e26e571f907635e719f1fe5e70a61763d95

    SHA512

    8548b7dc08007fe55e2b7f9bf502c7271655edff52100bb8445a321f37137139c0cd54f7f85558a2f99b38dd574c8435371adc07f8c365bf8a8561c63fe6be45

    Download Submit

  • memory/1384-16-0x0000000000400000-0x00000000004B9000-memory.dmp

    Filesize

    740KB

    Download

  • memory/1384-10-0x0000000000280000-0x00000000002E3000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1384-9-0x0000000000280000-0x00000000002E3000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1384-0-0x0000000000400000-0x00000000004B9000-memory.dmp

    Filesize

    740KB

    Download

  • memory/1488-13-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1488-18-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1488-15-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1488-11-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1488-17-0x0000000000340000-0x0000000000341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1488-14-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1488-12-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1488-21-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download