Overview

overview

10

Static

static

3

2024-11-01...it.exe

windows7-x64

10

2024-11-01...it.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    01-11-2024 16:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-11-01_11e7b8e829e762907a4b18ba6674b31b_mafia_ramnit.exe

  • Size

    1.2MB

  • MD5

    11e7b8e829e762907a4b18ba6674b31b

  • SHA1

    e4b6838aebc9f5fc10047e8d4c59106c52754e1b

  • SHA256

    08112a21af245b130c3cac6617cd5a89e8d1e9631e0bc45c381da9515e9dce3c

  • SHA512

    44960b4113c67767f25d038ac7c1eed3017d72fa440ffcd2f329eb7ec27f926e15ec4f15b53e5402104c4cc8c1767a436978451ef20e8efd44494dd9d2d461f2

  • SSDEEP

    24576:2h2bNeMrpYdvrqUGvUk5jxHJ/6+85kKLj8TjWoY0eClVy23c9oMI8rFi2Pdr7R58:AcNTmRqUGvUk5jxHJ/6+85kKLj8TjW04

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies registry class 30 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-01_11e7b8e829e762907a4b18ba6674b31b_mafia_ramnit.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-01_11e7b8e829e762907a4b18ba6674b31b_mafia_ramnit.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Users\Admin\AppData\Local\Temp\2024-11-01_11e7b8e829e762907a4b18ba6674b31b_mafia_ramnitSrv.exe
      C:\Users\Admin\AppData\Local\Temp\2024-11-01_11e7b8e829e762907a4b18ba6674b31b_mafia_ramnitSrv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2956
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2968
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2876
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2124

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f07f92a170816df41d3605a4358effe5

    SHA1

    78259c7f57463d84c36ad86b6ab1f420da0e6a38

    SHA256

    be447131da2231e5d83863022e58a901e17bdba5a1cdee88a18474a2a14ca1c5

    SHA512

    ac89ae1e6eb1a67805a824b5e2a5a9b621bafad420ab86ea10b6a65981e6111bd59fbb793a2953bfd6804c564f3974efbb71bbafc6c46835bba36d5b08d8ee22

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee64cface1af83a435cc98f95702d5f4

    SHA1

    145fd56508a425b2e71261dd46953a40ca619b0b

    SHA256

    de3622abbc35923f2542196ee2911fe696d67929ae8b9e1a0313334a636d6ad4

    SHA512

    22a5dca89fc3a4901dcf3249b433b571f7b416152883fac0c73c74ab4533337be2730c797faad34cbd8c126c0e6c18b0d402be6ecad003f0bfdd50ea78ce30c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    51badd09d3e9868b26b102a71ea43cbe

    SHA1

    1698b67c55c7247d5d67c8e548be351834902a71

    SHA256

    8e9be555dad4ed02aa4604afe8d7245cf8010cf7cd3449d692e255a6c13413e4

    SHA512

    f8f925f897c48cb12035c735fd3dc8ee69185be65a50b4949f4d62f2c285afed2c949f4a5c8bd38a056bc405bbc460b07f8c93bed4c871f4ed75dda3ba0892eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e8316ace1ae15ece86c5f55e2636d2b3

    SHA1

    eb7bef90a7a6d6c39ad9e3611dd3674fc39750a0

    SHA256

    9e4b1a0b1ab62b9a9421d97bac519733c06c20f4dae012401408e1753358b330

    SHA512

    7bf31307efe42869235f399fb548e7ebdff04cee089c39d2088035628c003d71658a88295bdce787283b64746dc938748a58b3fbfa352fac4d4995902f36c469

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    22aadd5d79409fb7f3640a787d79553b

    SHA1

    ae86beb3dd16b1102c8e83cfaf81794fe895dd4c

    SHA256

    9ef1829f113dccb23b44bb7d59785a65fcb861b864e7e99d81394dba970dc4f8

    SHA512

    ae852e69351da2730a8b167e5c1382c627ed78054a61e01b13d894f4ba45ea439cdd3874b15bab3c44e7f7eabc11b8dc54745baa53d4af337277e3f6a50f8fb2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    536e4e67ff4d3b89b9666ee9063b0790

    SHA1

    f45deef4e5d26d3c658e6c69855fcf57cfb48326

    SHA256

    0d37ca4fa6e7b72655fdf6da930d18922b1e683bdb321c4565005749992e7f2b

    SHA512

    4a284d059c8e2863062c7ec8cd2e3077a93b4cf4776a0675b6bb8de1799cf1038812c3c80e141a0ad96d96e8f2f1355725069e11219d3c9dab5ba7a709d6dcb1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5147e08cd264c8a796c7b7d5053a8796

    SHA1

    c5f723d82a2fcff66724814df9f4e1492efcfd74

    SHA256

    f25e995ade90d9f714d953c35aef58111925fc57018ebc676601922cc0642dbd

    SHA512

    cae88b19a1ab4c4a1aabff709784c02712044c9b8aa68ca4b9a8f60a6a01d7713216bacf34a38bf802eb6b2583dd3910af3473f955bf42dde5a166c5ac1e0972

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    70ddd748688c784581e3e308b2cacbf4

    SHA1

    e62afd9be5eed89f331e84d0446f5cf1905cc291

    SHA256

    a8b6a27b509fba0d3cd9cd76f0b0e36a9ac8b7235efb3e6c81c5a702e8ffdc61

    SHA512

    dfdd61325cb6ae82f86c5fa82e4c77bff131346dcf696b7474191cb11855caa6342566b758190c72c365944fdd1ca9a4ce19026685f6db0e0502033d6cb51111

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9cc135fe8394f47ef8a4a26e52d9ac49

    SHA1

    2e996a1280313d3f7ddbcf698c02c7f82124a346

    SHA256

    920776d17a290b5ea8ba63643854eb4fe033a9a430ef6ec31aeff796faafb5b2

    SHA512

    df1cbf6d099bf21e2b358a27052aecc63d988d0725eacde1ea058b3765879cc014c575ed9879c3f0b8d43bf3a3b6210de1b17afacb5c00c62913804ebb372ede

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9dc39576c8d3c4c0833184eff24a8139

    SHA1

    9329a27227a24ff8a2f32b87439145c877fc0e87

    SHA256

    2376f4d39197454a39ff8ba232a49cd8722cd59bf871885af0e53fd564167df7

    SHA512

    a4e6427ff35a89aeeb418186dce544bb841e04cfcd2f3bc39441fca5ae8a2f7ab4d277a611b79bc74e334feee0e0bb8d81d2a8b7c7dae0672c8b9fc659478b51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    434c65e2c54c31b44b123a5549a07231

    SHA1

    a25c0b4e0fd7d41941d507fb256e918bf0e72f77

    SHA256

    dc57b2be2166c01ac9454aec62153defb990edb819040ef50a24e9ce731d0782

    SHA512

    45fcd41f001f2024db83d43a3512d0d1470b3b7fabd3800e8762e61fa8de9e5a85859c1fb7533f9132dad65948dcebcfa7c16920a95fd425b75c4e8238f1ce68

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92257e5be22d462bf67c68aaf466d57f

    SHA1

    d35f20d0996a9968190fc709669c8dc04c4f19a6

    SHA256

    02764663e69a2f51913e0e3b59c812db6fcb75e36c5713b846625199d5873f61

    SHA512

    7d44a38ce9026949cba60e3578dc9256dc688cf460486cbecc2aa26386ec100a72d8a7ccb44ac6abaf5b8d1b9d2c4d6fc8ecf4f409c474fa84107b11a25e3b31

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    446ac073f435525ce84c2cf890aa4007

    SHA1

    67d6cae354a5d10823b6ce7102f5a627b7883f03

    SHA256

    10db5d78039996fd960269eb7bca7e67b46469bdf5bffceafa4de3f07fb3961d

    SHA512

    146c70c28ea61811a234f8637313800b49dd3038008601ee88f02089daabf24f0e9333f4446d59e224329bd5f1ace98ad37506eb943692bd77f4ae96a9d7fc30

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    904d136130ea619c6e2180284f9582a6

    SHA1

    44ef73cb7277a9b041376a819d58b7bb49408f74

    SHA256

    76cef95576b51744c0076d795e0c965488bc63615fbeb6449dd17bd5f8a984c5

    SHA512

    1bd0889c113437e538a69abcbd0286522967a749f75ab59bbfc9a83053c53d1e0f0e1a9469436e74a7459193f7acfd496bf93def53fa5a30474e958a327d3ed5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    195dc2819cf1271db50d9995d1aef020

    SHA1

    85b8c5c35de1c48341a501109fae85efe3149715

    SHA256

    214108dfadcce490381072a0a6e27fc1361651dbfe63d45a8d089b4ccb9bbc58

    SHA512

    8ea786ea318cc2de3b35696fa871a6cd22ba1fe48d2744600cda2ee326a5e4c30c39f08fa097b12f01ab65d9a513e677731b01078c7a4e96c2e2bd280db26c0e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    194d4f11816cda5a9af8eaa8c06d4404

    SHA1

    641fe55f4d3cb45bf070c632f99a32ee039404cb

    SHA256

    19f42b29e4fcae8751d6af43ad9146967ee3d365e873071dc25340df9db07c7e

    SHA512

    1205b52dbbcc256d6fd593cccd7c692e9ca74051273ae2d0183d29292a93e73f29ad380afbc0dfdcdea1b354d24f212cbe1432419bf9798402c61d46eb383083

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    74342245f850c4f89d303ade993c9571

    SHA1

    2321515bf21f6cdb09624e748de8577fb71f41ae

    SHA256

    a43feca222082049c4b6e010f0cacbc0750dfd45df215ad40ed61a42e078ec4b

    SHA512

    72b5eec4731290029d83bde392aafe7e4f351448eea38bf871cbcc4f183e98cf0e89bce52f0439ffce5f9976af60e0302ece44f640095a0277f60992eb08173f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3e8582ea99d1d3b21b3b4fae90388791

    SHA1

    06c01ae837f6607a2ac457cb0b9c740eba1dcd01

    SHA256

    073f3dc67c68a8ef056633720636787a72600b4ccd1489dcd57f3f359c730568

    SHA512

    d20fd7b64282c1e8e49ea6ca4ceac661aecbc51242d9413a846b410c9e7f7e0a726345696e4b94b17cd28c159b517e00b6b4e72995ca94686e4161a77d680d38

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabAD8F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarAE80.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2024-11-01_11e7b8e829e762907a4b18ba6674b31b_mafia_ramnitSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2548-0-0x0000000000F90000-0x00000000010DA000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2548-4-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2548-25-0x0000000000F90000-0x00000000010DA000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2548-26-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2548-27-0x0000000000120000-0x0000000000121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2548-24-0x00000000003F0000-0x00000000003F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2548-9-0x0000000000120000-0x0000000000121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2956-7-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2956-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2956-10-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2968-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2968-21-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2968-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2968-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2968-23-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download