Overview

overview

10

Static

static

3

2024-11-10...it.exe

windows7-x64

10

2024-11-10...it.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10-11-2024 07:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-11-10_5d5229af93e977d972044ac827be9336_icedid_ramnit.exe

  • Size

    375KB

  • MD5

    5d5229af93e977d972044ac827be9336

  • SHA1

    34ff3e4e3de6b2ee014c3d2d70dd7fa9a92b904c

  • SHA256

    1c109b031d839916e6a9cb1ec1def5fb297a5b3ab2f00dc7d2d95d3a03daf287

  • SHA512

    2b5fbafc5346b256d361b6ee8b186cdee5f6694b7e51ded2cdfcf1a6f4e191ab68a5aaf453317aba4c62c6d9e2789d12399f2ac898acf602b705b3bbea2487a3

  • SSDEEP

    6144:XqX4LzB7pTGcfw6ziTArCTsxN5G3xuCyovAf8kR+Ju/Fk/sSzDOqEPVLYGBa:XqXKhw6ziYeBuZovc8nJu/F9ChEPVL

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-10_5d5229af93e977d972044ac827be9336_icedid_ramnit.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-10_5d5229af93e977d972044ac827be9336_icedid_ramnit.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Users\Admin\AppData\Local\Temp\2024-11-10_5d5229af93e977d972044ac827be9336_icedid_ramnitSrv.exe
      C:\Users\Admin\AppData\Local\Temp\2024-11-10_5d5229af93e977d972044ac827be9336_icedid_ramnitSrv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2144
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:3020
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2132
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1156

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b51b7ddd3539d9e6a85131a6e500d5dd

    SHA1

    7069859cd6a939baaea2477b8fea6c0a82f6f812

    SHA256

    d8bda089c9be34709983d2c8d035512c1946a57113ad3f29100d3833565743b7

    SHA512

    3b429d126cc1d304fc0fbac9cf7585f860995e116e7ce3994e5f67806e1fd2ae0379ee16d881a2558b76bd46cdca0b6b02f2b5d95e14f73f7416cdfdc5994b7e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    70aab49865ea279839a279401f545c72

    SHA1

    4f67b12406b74ef6283d75fffa8657b5ceb24c30

    SHA256

    02c493874fa9baf559074929495ca077118b376dfc04faa365065aaeb63e228a

    SHA512

    2a893282eb7124eacf8abba3b09109a0055ce86e07e06ee13e164b91073922a24611b957d2e580ba372ae94eb9726ea7bacffc15138ce1637b11aab1a8cd98c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fcc874b0808ea4e35c77da8c136db99a

    SHA1

    f06afe4bfcbe45a232b56448f92f6e28451de42f

    SHA256

    290b45c375aac3380ad5dbfb1f9bb911c3239c947a96c6a5ef502f64c8976476

    SHA512

    23eddfbe1fa26bc279947b80b18b4a1b0c41a24d0fd91661ebc7efdb1734adf74f81651aacdee3ce1f557f90e7e3009d0e1bd77cb4c72fc9c456d8ad26fa8251

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d05218609412ad81544f51305a583e3

    SHA1

    7d91305c78026a3543fad050794cea9c3d9889ab

    SHA256

    72261856e1188481a2840276ddb7ce04283395b09d43c53d2f0919e5afd24052

    SHA512

    7c6c8dbceb844e8f98b2499994d3d850bdb5be17567a9e76334bbd7917b04f7346ea7c87d2c1c0cee26e12cff48f75d3f382e1bfe10f80ee584c00b80a0aa0a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2bf4bddc46151c42165083472d0c26ea

    SHA1

    feb44e49ff49f3cf8f31004c638481c5724a4da0

    SHA256

    c4afafb53adcba3477a0aced2a3a81873a3ea22a924e1bc7ea8bc9164d4a7ced

    SHA512

    6b331906ca67fd485a69745f0c52958a05a4effb907142c3e9bcd02d888ecf0eb3ceb86ce5f726c5819f510ef5c8f972e97daf26a22cac15b3ca4969078fecc1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a92e72856a521d1844c76c8bb197752

    SHA1

    df0f836e959e883c65ee2926ee71b6204bc129a9

    SHA256

    9b1fdd9cc0c44d43a779d5ed24fe4d20e02c98aff146f90b074ec22ab506d5a5

    SHA512

    eb2f69122e72f829d072becce8597e632f46311b6b985752ee0ad7a1eb7e0c7b3a2208f4aa2aa7f8bedb13890bda38103368863d2ba5fd1fbeb1512bd1d0d6e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    30d77cee0c111cde3dde8da9f9075fda

    SHA1

    557e6959522aa8f6ae0a00cd1140277b301d540a

    SHA256

    ac449d7ef5d9db55152c78401cdefd0c6c7d1da18a726f142f54e9f76c5fe7b2

    SHA512

    e7c1c6f4f0b53c72d0a02c25342e56c82ccae252703b96a6dcadba62b4502b1c28a28802dbaa554e8fb41eb57c1ac2fa999a5ed2af52d1bea255ddb527a4b540

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c0dc962e3fc750d9e2f59b07fb08af93

    SHA1

    486156d2e975ee9a4d73a586c7395ee809f4b505

    SHA256

    09d4ad358a67a029a496a32bd0e90ada13be2aeceb01d024608c987f6afab8ef

    SHA512

    b64c236d900ba072ba8a665b11c08980835dce4ec7f01982abdb8748e249f9fab67530ef4643f620168728375013647e54bc4203a9174d3ea569d38279748662

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8413bc60bb663f9ba502566efcf3036c

    SHA1

    83fc6da93e9ee24a382b0de9e86f409f21933195

    SHA256

    a3518f18de1f49278fb57b2e7b572617209af10de2151ebadc63640510257122

    SHA512

    e8c17ea4e8b37b65866a089c5d29bd0d403a0b7e535e7059ee9a5c32959441e3cf70bc48e3181834f667752bda7430b3bf0583145ad2ee688f308785cedaac5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2edba6ee5af56cf9d715be0ad4c43468

    SHA1

    ea6aee350b4a46adafe876f0924d6ca74fb79e00

    SHA256

    56343a1a4239841b5320c88b986960b35f1a0c9cfe9733b9a0c4bab97203edc0

    SHA512

    687907b87ec092a320f6560605c230861345993eb68492acd37505b3f833ddefa9ffc62af19c8d5305e878f013971a2d7af6d5d0a57edac26acc0c10178a23d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    85ffd9ef46aeb27bbdd6e78a1f8935b9

    SHA1

    c328483259f82ae9d0795c0ae9a3887529bf9986

    SHA256

    35b4f861eab4b59b7b3cd8f76c8459fcb24515fd5dab2a4dc914e044a43c7716

    SHA512

    d15e0a9842ac7e0840773df3716aaa7c6b6d7cff836e5db17619bc688dc497d55caab39b45479cdee9ff9c7b8b1ebffa8360ec5c0a2eb9ea0dca8396ea303082

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1614fe7cae413837250017417f13191f

    SHA1

    fbca713e8c12528e2cd32f7835313a224ca72b6d

    SHA256

    8bcb515335905cd40136493526ab3ce5c7dce590b79359861a55d3f570d8ea85

    SHA512

    7d9874d1974ee18fe89aaddaa0d02bb64e9990a240631deb904c44f8806b42a2ead35454ed866909fb8603442e05de0fdf7ecdccec9f673120ce72b07c0c5e56

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    84630aa9875a51a16de4a00cbdc58f0d

    SHA1

    a15b0876c57bb7fa81bca6f7029dd15e9bab5d89

    SHA256

    a0f723d75f95e32abb01d456acc769df34c9752dad37923cf6709e14a2a0aa20

    SHA512

    38c28c4537d8d0554e23d929bcbcde575630faa6336a27a6d38bc914541c21c7606e0152689fb0bfd964f17af3fdfa5eeee16cf4f3f154253b7ad24cf16d5368

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd483a41eb64c1f2995dddbfc70bc7d9

    SHA1

    6e009966fc8963a4d3c39119fbf6230f9e5ac484

    SHA256

    56249e45953c2d068fd79bd6b1a8e4cf6c053270d5393e07d3c74e1ae5c75356

    SHA512

    4ee1e4ecee5e9f2739e80d06a8c7ff9a3405db77b85aa93c3a5ea2d0da81d6a74390227c264cf16d4533bb2311ef39929b4d33a7f51dc6b2bf6198ca6f73d208

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e410021495538da8f030f4aa47b5722

    SHA1

    07b69e76171256ff0ca230bf99dbba540f193ecb

    SHA256

    a33cb05cc975e4b4e03cec6541d6ccd64a39ffd388db3dc54aa40d2be2bd298a

    SHA512

    7d68c8b9986f73ac8ab065b93b95c640d47d7aea62dae3b9c276828bef2293df3bae4024f9818cf08dd3b041e8a0044622be78aa7690e13b7e058594920c2002

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c62dbad5558810765324fd6aa7695528

    SHA1

    c4e267b2460529852dba8a6300c8d82ed4cef6da

    SHA256

    36e6244a4f51c5e8303b8237ebcb9c2fe83fdf6a8465e346fe6aaffc934dbd7a

    SHA512

    061b60627b99928356223ce64bcfec4cb6ad346ccf604e5c0fae83908395f0daa7d509f8e21e7b416ed9c5f2424de5e1c3f430957f076b7585b008c43c71428b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    000027ec877ca1ec62833b3e4965cb9c

    SHA1

    8f5acb0788374b7e0256a9f9162108809538255a

    SHA256

    ffaec40c2dfcee84577a4136a11bc81d57675720c13012d50bc8032875cfed1a

    SHA512

    7036718afd3bc44eeca1088b368929930df765460cc191b2bd6d8c6c0a700ca5520e09a10ad545740260af31d7fb8d766d3e2df267ae6ca59f5038efaa243e5a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    338f51e819957ae7d9624c033c9453bb

    SHA1

    4eb3c9376284963fd89aaa1521a7c0e6a6f42af2

    SHA256

    ad52b00411c1ea5223064dcbcaa07bc67cdb19e031e0d0824132f408cad23f0d

    SHA512

    00afabd3278ee5338b2fd43369941ff3e65d964f65c6ce60b4bfcb695f8214d326b2cc7d710bf8f58f9f575f79c13de28f149ce07fc5760867ef2fba9d0461ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\2024-11-10_5d5229af93e977d972044ac827be9336_icedid_ramnitSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE4D5.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE575.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2144-10-0x00000000001C0000-0x00000000001CF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2144-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2380-0-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/2380-17-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/2380-5-0x00000000001B0000-0x00000000001DE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3020-16-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3020-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3020-19-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download