Analysis

  • max time kernel
    67s
  • max time network
    68s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 01:25

General

  • Target

    adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4N.exe

  • Size

    392KB

  • MD5

    5a51d6865b76ce63e74287337d325280

  • SHA1

    230f340db773e333623d4395aa7f16891178d71c

  • SHA256

    adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4

  • SHA512

    ac8d1cd497118311304766d60529d7f6e591d552d235b593f46fea92b6f5d11cb4c8c7a4ca43bad2b69c0c5d84debbed964d86fd062c49b35c1085eb58c7e0de

  • SSDEEP

    6144:CDldgu1z3giXJqSmP5Y1LykRw8bvNbiiM2jxFmj7hDqkt:yLgkqSmP5Yx3RfjNbfJF+hekt

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4N.exe
    "C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe
      C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:1968
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2716
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2972

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          cd53eaa44ae52c2ab2aad846b966d439

          SHA1

          dddcb6ebc3c4f0cc5f28f993c081f36e1d3e6eff

          SHA256

          f0c0ec56191510c2991e3d27bf7301d5ddf4e4450295f3d5913dd9c175c4bc90

          SHA512

          71ceafa2d356a37e10f26504085350c8288528ede31d7188c351a93d65c9253c23a7176001697784ba4da4f064e9e722cfde5af31aa046061182b3cb134dcecf

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          58feab3dcf45ef3c3c6717a7efe41508

          SHA1

          1e40dd6de1b9391d8223ec8d2954015b3327592b

          SHA256

          7e450dd98429e34fa4062adf5febca9bdfaa539031c42fcc66c697dc62bb583f

          SHA512

          98d641e6f1596217104b29fece3f14f36e3cff977dfc64011edc3916e5deceefb6f2aa5886d842a88a70b2543107f9443c48dee11e892f494c5d13a64b147178

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6c70d80205c6b02e3ec31a8a16277ead

          SHA1

          81072bc4aa72c72069c094358b7f44c1f8ab561f

          SHA256

          758188c5311af7bee4802bab37c780673b037707fa27b55edda9ef13d7286a61

          SHA512

          020ace290268ce49d6e8dc74f2f0f3de2c9f551102ef8c9a8af572192ebc2516114eb1309d4cb53d9966c143f07f9b59646110ad0d958ce2d42bf6aaab8abd70

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6ff10c2290ffea8259ba3ec114fd64ad

          SHA1

          4df26456a32b89237a3b06f9e5a53ec75896fc9c

          SHA256

          4dbbee0f06aedb9bba20e66972eacd9116c2051fd9993c8725147045a9a88fd3

          SHA512

          e2baddd01663e36dcd603ecf5b53ca571cf8128b8e20923e1b923df866e6a44cbc7f884448cf7416c9530673c9b4d37797788f13cf0b74f6d91ce1d50e7e552b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7661ecda248ea05c2749ac9d84cd40a5

          SHA1

          1e51c4b2db156b8e4479c187139f61a106daf691

          SHA256

          a9c6f0616b092259cc2cd704ea1674f1beeed0186e6c25fedb9ba71d78ceb4f0

          SHA512

          abbac84972323b52449d91345199701432b4beced4780532f219b6dae4d5106b61d551a78e4957c1c64abaae550b3171223ad05cad9a08319f9260f659de3176

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1f4925b2c32ce0b76fd603e7deaa6b72

          SHA1

          74f34554e68c9188b256f5860f647c4464df6d49

          SHA256

          170daa20c79db39b2a97f651261711d834b53a7ef13cc93a9de4db50d2d42b8f

          SHA512

          c126ab1f945692132ba9bd488adf6d56e0c4e8599c592ecfb7cfd93d2ac4219c492f48d0d7dac22600ff544d8546c35793f50ea0e0f80756511c4bf8f6de829e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8e61b1424f013ce6e402d5ad57b0101b

          SHA1

          9b2ca2e8e89757b47cd294077b544e180c549060

          SHA256

          e74c8b4f880eff9be0d9368d48f40576f1102488663330a4e6f291b7bb269eaf

          SHA512

          7c2d359d864f87e95339da2338fddc8777dc002b966b67dd3ee56553efa9fa7f1a4e2deda3b2b9dfeae2b13ea343577b24561a80f0556cebe1b468056c1dc20c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          98f2537f2e0f7cff5359ffe92e3267bb

          SHA1

          d4fbfbd2a6e8e39f80ef0c6d4f53e8c4ab2de074

          SHA256

          2e8ea20abf33a9ca0112f40360ceed2e244c913016b255459e6eeb23e41528cb

          SHA512

          4dc0242865f01fa300e479668319601c280b333bc4c2846d1f8f90cc2967873c28b0265c21563d97cf4a7e013d106f47f4a5cdd16b1f3747e994ac4f3756f563

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e51d312c2272e2f8bc36af7cde07183d

          SHA1

          495ec796cf05cd4442ba5b48d09515e9d7a07a66

          SHA256

          6a0f8c79c0c08526bc4216a2ea455e2db8440069672b1eedb99dd47b8407e7e0

          SHA512

          08aba62d39debf8fdefa5d2fa4b96c5b3cc26d602b1c3dc675fc5abba4627997a0557861612482efcb3c5328560a8bb681d64dabdb1f3f52f28d21cbc2bb37b1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4d64e3d7beafe20f0e34a09900503df0

          SHA1

          8c7f963736acd1226ea72a65093dd3d157b2d7bb

          SHA256

          0748b4d77d964aae690c469fa3771b98c3abd8fa2b0be43ed16bd51f619f4284

          SHA512

          7de45b75c1949249e54e6b029e2e25810508316b13e8e595be1a7e410830680416eccb8fe2ec32526282e210087ced2c36d252b820bbff32dabe031b47acd4a6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          88e587151c087a72f1a6f197ae2df1dd

          SHA1

          e3bc251afea041b964b77cdd3a521fe9a9e398f6

          SHA256

          a48c5eb081b9f390289eadc9aaba7c7ea9c76628bf06a0e5ac9411dfafe453f1

          SHA512

          90a05f26cc5525d2ec7b5ea82d0c4c029d9246897cdde90e70150030860f4de90997b59ca3a5c5fad355289836fcd3842cd897b3eb42cfb9e6b98b46ec7315a2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          095e0bd8aaf0b5150ef1bd3ba97f1710

          SHA1

          e42e77cdf619f511939d7f7c6e804fc48dced32e

          SHA256

          027111a34a037f2562d50504c2074dc667b14c29b75084058b3fc45d2300b0fc

          SHA512

          ac9b163db874e69c40b58762ccc3c1adf7afba27ba5f38f79fba3c1b4d7774de0809392dc71c86c312e2e7cc31cbe8df6a342c2a4cb98e8c3355c62eb30c6499

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9352b874fc13cc1a54ad3da803294cc1

          SHA1

          588e8b4e7b7cdf968acc024a7498c1224f0c31f4

          SHA256

          bd8b6e8b4a509a0ca669cca83fb0033355ec75fe8c1e40f52ce7733d135ba844

          SHA512

          731cf2714d4d667b7071c0fca0ffb04bcefb6c3a87597ac77905d79b611cf530e1e16f196fe780a78f7ff0804e82b01cc1f132a8a3cde7ebf71964ffcbc25235

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c20d37fd39a075402cfb0c6ae5fd2239

          SHA1

          f324db7e93d7c4d09b069f0e0f8501ee465bd3c2

          SHA256

          b3b2c3ca420e95c6d402ea26348549247d1b56796732b38660f2f5a7d0a73874

          SHA512

          3d0f0666f7d937eaedd9c005f7fa464f9e2aa66c79a7a70d10602a16ac1b4f3a8763bc31dfd7d55894f273731a60bd93b94543b256d5df2dc1da4ed06889e6e5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          94bfd4b7766c359ea1cfd5b631aa7db2

          SHA1

          034c06eb30e2a7baa0cd0d6be7dd86cc9bad8e67

          SHA256

          4b7043a4afe867d3b82c4883ddb3cb6746fc9af8d0202906cf55bbbca9251070

          SHA512

          0e6fc294ef61c1294ea71d1deb6a1a993a5610aebe82a2e61cbcbcc5292217ec96503a16a2a259870210bab9334109a88588f5f575cba1743c619fb16562fba1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          93b137ac9da1a5834bb6d8c46d705cc6

          SHA1

          44d6e51a8982d6df52b04e30a523c619027f8894

          SHA256

          5220b344f1a97400f511cc8916f4697da5d256d13162790b135d3290a0962b3b

          SHA512

          8d1200982d0437ea8eeddbc4a55567cfc13a81ffdb4f2b8cb4951d3e1709779014df71081c9320f280d284beb9acf756a556ef8be848908a6fcfe9073cc61fe9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d9c3c09931413b3e76a741fcc5197bd5

          SHA1

          21f0abb678fab4b8b68a94c30acc344202ae10fb

          SHA256

          084823a715cd24d739f89a08585182fae186c7cb12629d82ec3351273e29847c

          SHA512

          e2ff6d31ce11738b45a2344c198930cf0712c8f3b244129ca0ada64bc65dfbebbdf21476ed89bdbf711c65e454be4d39c2d9b96f5ae365b00e5e96fdd083d5f5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          dfc5c5ad6407a16e78633817d4b71ab4

          SHA1

          34ef7accbd3607b49e118393469eb4a6fa9a42c1

          SHA256

          1f3ce5a096ae1e67b4d6b7ca8c290d09efc98e03d7e0ae9d926623138224e4a1

          SHA512

          be54ad709819ff2d614a28880446225c62190fc3506d27cddfdd0e22317ebc79729cf221c573ba08af5729e0a9b33b0b147b9b209a628cac9cc7a9d9a7842a2c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b311396abc2bdb9a343176c0206899f8

          SHA1

          5de996f817b1dd0bbe9845327a64a01e55d92384

          SHA256

          cc0b759bb0638562947d155591302a37253c7a9f25c37d3c9e30cc7dac14ad84

          SHA512

          f1c7b92e96df60a84381ebc137a4006d8dd877ee2cd8deb563479292c4599d536354a29825135b0233c181430aeb0d6f77e13cf34e81145386632139866677f6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1843d4bc68ebca73cb3df4766eceeb22

          SHA1

          700374b1cebfcc8789ebaef6ad084dc2a9975b2d

          SHA256

          fdec5d04dcf5476c528cfed57f140405bdd92e9dbc1b5a109718d70751a5806a

          SHA512

          202ed9ed6526106584793fe3469c1fcbc7184b711d4639e49a2d6357c54149c67c6903273f4fb44ce0eb47efe7a76bc7e8afeab57c4a5397752fdb1c8c27cada

        • C:\Users\Admin\AppData\Local\Temp\Cab57A5.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\Tar5844.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • \Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe

          Filesize

          88KB

          MD5

          a61ea5f2325332c52bff5bce3d161336

          SHA1

          3a883b8241f5f2efaa76367240db800d78a0209c

          SHA256

          e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

          SHA512

          fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

        • memory/1968-17-0x0000000000340000-0x0000000000341000-memory.dmp

          Filesize

          4KB

        • memory/1968-20-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

        • memory/1968-13-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

        • memory/1968-14-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

        • memory/1968-15-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

        • memory/1968-16-0x0000000000400000-0x0000000000420000-memory.dmp

          Filesize

          128KB

        • memory/1968-12-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

        • memory/1968-21-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

        • memory/1968-22-0x0000000000050000-0x0000000000051000-memory.dmp

          Filesize

          4KB

        • memory/1968-18-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

        • memory/1968-23-0x0000000077E3F000-0x0000000077E40000-memory.dmp

          Filesize

          4KB

        • memory/1968-19-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

        • memory/2360-0-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

        • memory/2360-4-0x0000000000250000-0x0000000000270000-memory.dmp

          Filesize

          128KB

        • memory/2360-11-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB