Overview

overview

10

Static

static

3

2024-11-01...it.exe

windows7-x64

10

2024-11-01...it.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01-11-2024 16:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-11-01_11e7b8e829e762907a4b18ba6674b31b_mafia_ramnit.exe

  • Size

    1.2MB

  • MD5

    11e7b8e829e762907a4b18ba6674b31b

  • SHA1

    e4b6838aebc9f5fc10047e8d4c59106c52754e1b

  • SHA256

    08112a21af245b130c3cac6617cd5a89e8d1e9631e0bc45c381da9515e9dce3c

  • SHA512

    44960b4113c67767f25d038ac7c1eed3017d72fa440ffcd2f329eb7ec27f926e15ec4f15b53e5402104c4cc8c1767a436978451ef20e8efd44494dd9d2d461f2

  • SSDEEP

    24576:2h2bNeMrpYdvrqUGvUk5jxHJ/6+85kKLj8TjWoY0eClVy23c9oMI8rFi2Pdr7R58:AcNTmRqUGvUk5jxHJ/6+85kKLj8TjW04

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies registry class 30 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-01_11e7b8e829e762907a4b18ba6674b31b_mafia_ramnit.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-01_11e7b8e829e762907a4b18ba6674b31b_mafia_ramnit.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Users\Admin\AppData\Local\Temp\2024-11-01_11e7b8e829e762907a4b18ba6674b31b_mafia_ramnitSrv.exe
      C:\Users\Admin\AppData\Local\Temp\2024-11-01_11e7b8e829e762907a4b18ba6674b31b_mafia_ramnitSrv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2056
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2380
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2540
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2540 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36965e9d221da1d24bd63eda63c4c751

    SHA1

    cb100c765371a181a6a0a0501615b88c8511a18a

    SHA256

    b2758f489badfd9b67ae17530022ffed8f018405f1ed6ec286c885029f450a99

    SHA512

    050b883e1e5063950fd99d8b03904d19ce21570b844919db6d6c32716d44555ee21d5f525f8955eced881488c440e54d466fbb62a369ef63e176553688b07d41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1aa598acc4af02d414af23d414edea4b

    SHA1

    44a43d1d05b0b67181a0cf5b1bdb5f233e3e3d74

    SHA256

    d4b4f04d855401268a05ff2a2394c1ae898a0ab887f18e6555482cd15ff49317

    SHA512

    c865cde4a8d029f0b8485fa881e51efae7475a8059566190add5a5e62d6e7bfc6434b5e2900504e1c93bf0ba5c3aa0b32b691ffc2d7170bdecdd6868d3258db1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    02d343418a1b9ea706eef389a138eb3b

    SHA1

    d99ddb169d16108615277aad29c2bd18e4894f7b

    SHA256

    845651b51e2bf51caad80d526927ae60fbadbba42c14fd7dbeed9ee8c68aacbc

    SHA512

    307c6d60b4fd0ed742b693098e8698f2858d31629cef0929e8e842e2a62edb51a9465247ee74adb22154bdc729a2163e6bbafdc33e8ae565bd604cf001c1739f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    218db27df12a086a3161cc3de050769c

    SHA1

    61607e06a4b769acc46de83ed73927fad0fb3995

    SHA256

    4f2a26e6ec6e99fdacaa14eae729e699c0429a2f2be06eafb1747fa8937706da

    SHA512

    9807482cf41bafb459b824015c5f883f3d6e26ba0cb36519dd304e3a923c30f0aa1abaf806f4e0e04cb0cc9cf191764132aec430b39c24bce5ebbffa735b01ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a521f2b0d57d1d6e52411490fb1d2853

    SHA1

    28ca6098d71c73f583a349f6ee42b038bcb5d284

    SHA256

    b1543fcb455beea399615a03a4e2788ed085f281463b0d7cd4f2018bfa0968c3

    SHA512

    87e4dca78d740392de14be70680552baf19d7963f1017457a3841665b48c36f4c0c743f74f3049c2dc3f8e16e205a7d90a176a375afa9a0e4220bb5c9447e488

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9541888725c3709bf9e124b10e9ffd50

    SHA1

    4f06b88ec04beffcea7cabb95ba33e717662f306

    SHA256

    975adf1a5f29f465b7da89a16bde840c5387d00751f0367b62b7ca6837e5468c

    SHA512

    f5fa9c8d864e09db339fa76bf7ac12973a2a5c5c8b165b0d6b07fd589923b1929c2bbccdf8a8af6c30afa5fc4cb2399244d1839cbfb1d56173848dd0ffd61fb5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95bf053865acbfb82c9bdf18e2e18bca

    SHA1

    6df6200085863a363aef22e259aa1a87dbc2f8b1

    SHA256

    8bda395576b18403423749f75d7215560e647f06756d552a28b79407b7e05e6c

    SHA512

    fee20ce8d614cf11dce2c0ccbac2c33ad7dc85f5e061a86abf151945a9d426147e083832d7ce68b9baae8fb2f56bcfe8e4f531bf5d0f2ec73273ad879a7826c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc5c0fd22eb9be1949c4c142ba745287

    SHA1

    34fcaabd2ae8e8f5c58f3eb73c3f7223475ed094

    SHA256

    76287b9b181769500def6c53f78654771416b45e3088a33f39e5196890306e2e

    SHA512

    66429f98690c90933cbcc2452126f4ec6ffd68537650ea22907d074f2ab64009d80559223f4f28ec2f8ecb655e3df82ed0fc637c7ddde0dcb30dbe391dbc014c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8fbdbf429eef9bdbd8998a37fddcc2f2

    SHA1

    b7142d2bf2d6a111d5c5c7a8b8b3ace7b2c51a21

    SHA256

    63a1c7be93617e3c1323bc9b06fdfed79495b637ee1a4de4f7d94d0a55f8f809

    SHA512

    cc2cc8bf589f875f280daef9fd32616fd0922087d494136bbc73c658575bdead029a416d50fbb88c4fdbda81692f68c6f2637f2381a289b6ca45821a740f7601

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d03d6e3b8e9130693fbe5967ebb8a34a

    SHA1

    671c77d3f947c2d6923e18792c59c9b812499e7c

    SHA256

    c1686f5ab957f28cdf4d4f6d7ce1da67d6943f4fd89fae7412668edddfabc180

    SHA512

    53b183bdc2fd2821b5514e467a73a78beb034bd3d499d7ae0a830daa754635eaab6136b6218d09e8253edf4cce69a8c3b6c0d8ce81a0a24a07a6abf692c090ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    27d5569329f2422a94b8cc3f7a20e0b2

    SHA1

    9892c00ea201c911fb219d6c6edc0837501028b0

    SHA256

    ea2a92c913ffb2b87de58fb0fc98d6a3f2fac2da1d75fdb0a55977f1c9aea557

    SHA512

    8307bd8664a6cc848840a607715a28f51ea7377ef0d6e32ae4bd9fc5b99c6a02f904c01d58516c882ed30173205e6a34f56a94606b20a8df62232fdc3cc90457

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f1fc27554bcb08bbdbd80129f8c95ce

    SHA1

    72f1d1af3898f2cd58ede79b0533abc6d859a56e

    SHA256

    0028d621bd09e5a8af3ebdb7d65584b6c40dabb1194f66623dfbfd27dee308be

    SHA512

    09852ecb93f06b98515c2d469a1fa45c255282d1196cfe8ea714f0831ce3dfa8d2cc2b149297da0b7ea54c9c230662d8ea818ec4ef2a82de81f1c424065caeaf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7cc67afea9319f0c0d424852ed6c00c9

    SHA1

    02fc74fdfbbd36dfa531142392fd45324aeff9f1

    SHA256

    575da900b8a868dd4af735b36016c291915c773dbe9f087256fe446648ed4208

    SHA512

    eebcbf8dedd7f306e40b640a6c0ead4dba3bf609e4d4a06040b4c290e3d9b5c57bd2e5b0bfff3c039a177b223bd7d341db2bd8c964549e3dc22a2cc2a47a3d21

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a1fc05afb66616abd34fcc2a35a23bc

    SHA1

    57f552e2f7ce3320710f38237fee9e1f7b7ab33d

    SHA256

    420b65ae3d1c68673808ddd5446541e72e48c656ae0b6c4a9493fc1cd6aec8f5

    SHA512

    c751944ae63d5f724708dd8b574bc25c5d26a7e28244b56d6922d3eec51194269403c763d851047eab221b3f5a0f068f6086959fb443cf1e8208d0c77a4dac8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b9aa6a920ecc55cb158c585efdd740b1

    SHA1

    3bf6ca1409ba6dfc6a4b54f9f20f7e280f642e74

    SHA256

    c11b6c42d2fc74f8346a2c1f68e9cc07b62aed8a9dc5376000b5f253c02393de

    SHA512

    9c3b43236697ba093efffb1873179d66facdf254e9e0480b2f4853345ddfb22813a54ca887ad049a2af31bd20faa21b74a084a39dbd7866923d1a1fab84d70a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c3fc7c365bd1f18921d578d363aed0c

    SHA1

    a92b347aafb42d919a98f0c418d9f3c7454c9f7e

    SHA256

    26bc6b323739f735732b0a6e86883a146928b69e71eae3ac77edcbfb4ffc76e6

    SHA512

    22d3f1efc91bf9db2db04b4b5ab0450430f6348f86c069f3dcece9701a3ec6e238994c23d8b6970a913b3b683f751b969c2d3b622e6bc5d811d38ab98e22b515

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36e27f139e68a97ba9658cb35e622a9c

    SHA1

    880a62024dd5d45bd56ca522767b78f32f5de7d4

    SHA256

    e03146739c30a0190786b6a270c2cbc92f27470201ca573f2d2629a280d994d0

    SHA512

    94dfb9a813d944a5e15626feb0c8d1c0c3d7956a1988c721727eef5af84f7a0d8877132cb51ab72f6c48e30336ba0ccb81a88d7e2859f9ba1447f6252b7ad770

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1526314b88ae1bda0bcd1316bf829e36

    SHA1

    d2fcb48a3e4548215a332c18849d59a266d5258d

    SHA256

    e2ff134fe658a5d988ddea54ff5a45cc053b99bc36ccd31345057dddd52137e8

    SHA512

    82453ffd3d29bdfa3ccec7ad30c2903e6371afac802520a4ea237fc0756c97eeb24e0c5400afda79477e341835dd9d9b37eba3f9ae22f33ab2bb4e2c4ab4b6fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1739f3cc5ada7fc0350270e75988dac8

    SHA1

    34774a9b0520bb6b69f3871f907e59ad5de6d923

    SHA256

    b30971ea230ff1df945243d3593f7d67b55f9c80ca1b870395048fdf3a8a8f03

    SHA512

    bf2a303bbd286d6d9e0cf0ab6a698cafe0c4e5c2f891ba03941f0a9efa712e20f934fc887583ba351e639b8e0edd24bc9ff7305047afa004bb5786b26a2bd544

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9539ad28533de8c1688431a899d4aa1b

    SHA1

    922afaa45e6813efc7ad69f57dda1d61b068161b

    SHA256

    a51759f4be5fc4b5c6cd5f22910dfaccf98e53db3d864b22dede9eb61e0148bd

    SHA512

    3acfcb463e2c434175262fe9575e45d8c3220480d55d55d69747610b4d802ed33e89429cf7d86c437838fed94c7c738e749c5122df3a183da6b4e7bf03bf4c41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9aa1ee6e3a40e38d56d51a255218cd57

    SHA1

    5aa2008b1fa56bb91a4372ad5f7a0f78cce63b0c

    SHA256

    c3aa008e2a74c4ff2cb7dcf6416b6556de2a25304f3e55b71038cab07ad2b07c

    SHA512

    a75dd4f83d062d3f03d5bcd7b157c2b66ee20ba5f0be0c15204fe7673b4fc57e14b6a4e76c3b9930f33f390cf6c28e0a84d69892187fb2b0b7965a3992b1b795

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF9FB.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFA6C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2024-11-01_11e7b8e829e762907a4b18ba6674b31b_mafia_ramnitSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2056-13-0x0000000000240000-0x000000000026E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2056-8-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2056-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2216-4-0x00000000001C0000-0x00000000001EE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2216-0-0x0000000000BB0000-0x0000000000CFA000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2216-26-0x0000000000110000-0x0000000000111000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2216-25-0x00000000002D0000-0x00000000002D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2216-16-0x0000000000110000-0x0000000000111000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2216-22-0x0000000000BB0000-0x0000000000CFA000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2380-19-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2380-23-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2380-21-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2380-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download