Overview

overview

10

Static

static

10

6ba13f8615...ff.exe

windows7-x64

10

6ba13f8615...ff.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    70s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    18-10-2024 22:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ba13f8615f2fd53949fb243d901e453c0c0ee789e85e29a4a15596e8a2fd7ff.exe

  • Size

    225KB

  • MD5

    2bdb5081020a5953fbea8672f5f51e64

  • SHA1

    1da6c6b09bdc7070e7dab2d2161ebf3c4e1d0e48

  • SHA256

    6ba13f8615f2fd53949fb243d901e453c0c0ee789e85e29a4a15596e8a2fd7ff

  • SHA512

    5196a32192eef86a06a115b8e473cb001202727e1059d6bbfcff49b105da76cddfd25d7ed12066128f1b305dd4765c6eb2a3726ef9ffff1f85acab060baef9f0

  • SSDEEP

    3072:YwV4OgSzBmh04eZFkz3Rr0gwGj9Tf8Jr85ChwV4OgSzBmh0dwV4OgSzBmh0F:YMzzILGFkzhr0pGj9ol9hMzzIgMzzI0

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6ba13f8615f2fd53949fb243d901e453c0c0ee789e85e29a4a15596e8a2fd7ff.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba13f8615f2fd53949fb243d901e453c0c0ee789e85e29a4a15596e8a2fd7ff.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3064
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2928
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2928 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2832
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2940
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1896

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0605d53c097a7872dbfd2c2f5b758ab

    SHA1

    475fb323eda237a54d4f058e9d7c68481089b9d8

    SHA256

    903024cbe7a005b86ec992a08b06c3a9799ff6de60320378c20d31bfa17b82e3

    SHA512

    d699b0e7c3334682db8d576979e2c61c48cc6455614e59ffe8943a010f673627959175d80d3c10d005726804828d3ee6259049f9d91463ca57e02aae91d4c5db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a499cad95797052a8b535e0af10aefe5

    SHA1

    7f3577a4a013f4ae536a98ca3dc3fbaf1598ed21

    SHA256

    47ed2a722ef62a5fd6d5d3de561dc4c88cc976d09f368579ec8c84fd6c16ac6b

    SHA512

    599353aca3480e9293e4caf601d12fa31de589c3fdd55b5e2ccafd16abb1cbdcb01e7b116a79ba6069115282768a033896c32ee75eab34533c76790997766598

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ddbcf72a5165c5aaa37ac5cc665e4a6c

    SHA1

    cf710ba5e5eeddff4a87d880ef94a5944d0be73a

    SHA256

    f242f1b2da81bfcc692c9fc05dd35c575201374514607d30b595d392337eb935

    SHA512

    e73f3995a220862cff3800e5d42451b4f0cd3fa7c327576b3ca3d7cd81ce3f786917cac069478f64e53214e373cb541cdc9abb0f72e40b51d690672866d2bc15

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    34b974019301dfbb96d8e62279723a6e

    SHA1

    42fb1a3c6e4d6f3f1b60627f3dae7781424213af

    SHA256

    3e35128a44d5d017414fe0ad12bbe4491a2e0c5df4aed19fc11834db4aac730d

    SHA512

    c6342cb9e9267992e7cdc13e2a4a9c957aea3ca8969159e94549ba41284cf716292513abaecce85103a70a27234fa578d7387ea40e4c9764254754b9e72282d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b4d7fcf1042cfa8520ef5a2f480e23b

    SHA1

    96952e1eb7d5f0ea19ce79753a9dca7b1ee5c995

    SHA256

    1f876a88a89b8eb900de7adb999885e929496249291daac2a8c8ccc35019fef6

    SHA512

    43d408a9a48a74d20320c11f985396e3a5cd4ff5620b1645599d28819a8b69eed18a54648f7f5790d22967a8263bee836ecdf6a1d05087a42cea037f950d95b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e25e89c5da2bed49bb7398088f5267ae

    SHA1

    77b5b2b0b5f6814e5e0df938e1b485e4deaa2030

    SHA256

    8019257fdf0f1599f454748a2dd55b04c7cfb6c90801d29b0185033f9be60772

    SHA512

    0567a1923fa10163ddf9b07e75a203b865039d6c3fd76f1cc634ef0b0ef145e1a513d00c147d0ef3f1831529847597cc9c153bafb26289df1f696f5544725767

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d482a5ff62ccefceb78d3b20a49fcb43

    SHA1

    0d0ab7aeac01e44b38ae9ac537286ebc06c59df1

    SHA256

    f81cb1ff8c84315a259f7e2c9a4a0a366b09dc26d0e63b95e7534f94a4fb651e

    SHA512

    14a027780867db6198b1aa2512560434059fea7b17d186328d6451d15d24fb99d611d725f9f06fc7696056135bcc033eb15c4011e347a49521c7289765479ed1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d898d8c6e9dbbb16cfaadc9c88645c27

    SHA1

    59b4871d016f170595ed16ee221be64a198abeb4

    SHA256

    90bd9fdbf9364162a81346cf9c15b2e8476e595c4e6634bf5c2baf7db51b0494

    SHA512

    cba058d86f03345e6caece7341c76d227e0e937fdd0f00d5edc6e80d373ed43caa85a1b8c60f19cc4ed860c77c3181af130e15f51dbd42a74501e811da703d5c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    04992a8272542145bb9d621b7c82fd00

    SHA1

    044db021cad7840f2669b2cee0425288f4e6cea1

    SHA256

    0b1441a0dfc70e1f541bd52ef21f9968e9e2a9ad9ebce5d4fe7a2bfa6f5b7aa9

    SHA512

    a84573e2c3a94d948dacfc18bcf88c9f5129a13bb11a6e51f1175ae75a2a01ec91bd96767ca15633982f7a017ae097b9489144e05cab881fafd55fd9cac97b9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    64acd7d47f7c9e2fbea838b408cfeb5c

    SHA1

    27793817c54b1cc57ae3ad91758bf777232d40c3

    SHA256

    a70ea9340ab136ddf84248cb745137fb5d3e8e66a1636108d8b845c0a938dc1e

    SHA512

    ad7e2033ffa00fe1dfbcfe20ff69fbea6d72f8ef33288caddbd0d1874d1d497b6cca9250fec261045f12faf8645c6cdd7051b0889c4f68fd91c5899179e981f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e30690545e5a6248cc70a1e6e41bb880

    SHA1

    5fd6fa5fb9c15c3b57bfbae9837873c61b5538de

    SHA256

    b7dd251856ebd495a6dc20260b35e44e66cb10977ecad2a92fe96be575be3e38

    SHA512

    d6da8d6fb2dfda17b25d881be7e99447b639373990512d2628bd414a1d967eee8c3da7e3fb2a3a4db2806f8a9cfff061c1c0713a1d5269c216f63bd62285d294

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ebb705dce049ac78e3ca6ae2433cef9

    SHA1

    326843011353bc9fa39a2f620ddcd59749b4b799

    SHA256

    fd170abef966af11ffa735b605695dfba74754ab74457abf0cce98607747d03c

    SHA512

    a981dbbbfa9a34c304187aaf3127d7ea66c62789ae5cfd9b7648950a778e99e86df0ac46b9756a8d4e6ee6217d52985879fac563082910bdd941a44cc2e83c13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    332844305d2e036447b9e2da76c81c31

    SHA1

    12e292f47d23a9dccf49ead9b185093f821e3bdd

    SHA256

    c5b9d766eb59f76acf77c02cbd15614ba04e521ba4d51e6f7b49bd0fcb26d674

    SHA512

    b4509426c629b11f15a06d323eb8c25deb8586fe2042a5d09c87ad78d2981c32f16c828f7619fe82a2d97c745c48ab49a622ef97cddf46667f4ffb1e43d6e85e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92b348919d07ebdb96b226351b5ab0d9

    SHA1

    90eefe797d591a42a9007e5558a3ac022bfdad21

    SHA256

    9c6182c5cf02daa5040e55b1c4b8d5d831f2868d211534585b68b19a5fc7b0ba

    SHA512

    1a462ae67f0bd7f62fee7608cd2c27912500ad7c1520bcf140d1c0b4707159a47d885e232275186457d7a9cd5a0b04105b646f10321a6a27d5454124a12c178f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e2587798f70912b0698aa444f5b6be11

    SHA1

    185d2dd2708184370266dc9bd2e26a8fc4b5d82b

    SHA256

    858e956e390cd5c313c609d97daf66e53915f41fb5cbdfb8c5afac2079657055

    SHA512

    7173cfbc5a9123faaa6f4817d5e7a51c57d9e6bd592a5eb0178ae4106dde4004bb64979cb742b2e68f9c4ec1e78fc5b701889fa05c29bda9b63c78f7f19e08fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cbb797629ec4f683a7008ae25c160235

    SHA1

    11aa3dcb0828bc3ec781f500a07ca0d799621a78

    SHA256

    deb4a594844062a053194392938aed71a35ae4203ad5feda2b7abc77e2451e05

    SHA512

    aaa5f923fe6a92034b2b66fee9116e1b913846aeef930db8087faa2e23702e2bb3361fa84073487644b6d613a4caff39a17350ef89498b8cb14cbc3314f8b464

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c47bd6d23643e5e5002683f47410d18

    SHA1

    ad5432c72797a8d89e04e97d8db1d4f824e33555

    SHA256

    8840396c252e6de99fa0049a8b45ac4946b6fcb484023017e5dd6f0b7788180a

    SHA512

    fff3e76c01a71cb6c2d957a929bd4a8bc2b16cac8cd2c0e58256138ac3636a6521105e27dfb2a85c3ffd8fd22ca16f568317872e3b9049277b99273420da9208

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a6a0ea0caca1e55abb36978ffc98f92

    SHA1

    205212c42fc9e31e0d6d502db23e11183f630af8

    SHA256

    16ceb698e6f56df40bd8a621b150dfe5860252a5470f1126ffc46fada6707fb9

    SHA512

    27bcf659dfe144b562a49748325449d0a7c33c7d95abe03c2e2a9d5058f9da56f5a23e6c8f8806a81cc01640b4256753881f7d2fff4011657da2a84a85cc5245

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1C8C9941-8DA4-11EF-93C8-7227CCB080AF}.dat
    Filesize

    5KB

    MD5

    7d73c4d8869e5909e3c5d48008c93290

    SHA1

    0d410d614d3e1256cdf97cd111e7937fb6266808

    SHA256

    dc21ff9b782066b7a15107b2874ca3b214b3190ad464390d6f1ae9a49e740ac4

    SHA512

    71dee80bd10255702433dfa29dccf85b0f3a997113744866e96a0efd16888640bb5ac22483e03db42276485f1b96073c82dfe82d91ade2542bceab050f7c16fd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1C8D3581-8DA4-11EF-93C8-7227CCB080AF}.dat
    Filesize

    4KB

    MD5

    84278af9f346651ff59f9ba3f5aa80d2

    SHA1

    dbef295fe0892490da50184ffdc2a7de14befdab

    SHA256

    c2120dd3e477f43703762f9f1e1a5786cdb41dbf74965a1c58f43a3082acb113

    SHA512

    36ebe7db21ab0694ae32ea7e9c8260d70fa39aea6a4efc7c0a309168ddaf19c98e8b38009f08315654863035f3548b29601ba6284f0d082565f56e5e753fc120

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7ADE.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7B9C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/3064-6-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/3064-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3064-0-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/3064-3-0x00000000003B0000-0x00000000003B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3064-2-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/3064-4-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/3064-5-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3064-9-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download