Overview

overview

10

Static

static

3

2024-11-10...it.exe

windows7-x64

10

2024-11-10...it.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10-11-2024 07:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-11-10_5d5229af93e977d972044ac827be9336_icedid_ramnit.exe

  • Size

    375KB

  • MD5

    5d5229af93e977d972044ac827be9336

  • SHA1

    34ff3e4e3de6b2ee014c3d2d70dd7fa9a92b904c

  • SHA256

    1c109b031d839916e6a9cb1ec1def5fb297a5b3ab2f00dc7d2d95d3a03daf287

  • SHA512

    2b5fbafc5346b256d361b6ee8b186cdee5f6694b7e51ded2cdfcf1a6f4e191ab68a5aaf453317aba4c62c6d9e2789d12399f2ac898acf602b705b3bbea2487a3

  • SSDEEP

    6144:XqX4LzB7pTGcfw6ziTArCTsxN5G3xuCyovAf8kR+Ju/Fk/sSzDOqEPVLYGBa:XqXKhw6ziYeBuZovc8nJu/F9ChEPVL

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-10_5d5229af93e977d972044ac827be9336_icedid_ramnit.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-10_5d5229af93e977d972044ac827be9336_icedid_ramnit.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2480
    • C:\Users\Admin\AppData\Local\Temp\2024-11-10_5d5229af93e977d972044ac827be9336_icedid_ramnitSrv.exe
      C:\Users\Admin\AppData\Local\Temp\2024-11-10_5d5229af93e977d972044ac827be9336_icedid_ramnitSrv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2492
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2340
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1096
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1096 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e61a2f69bc8f4e75c44af02f2e42a48e

    SHA1

    514c3f8e55a56f547cd3deb7a77fa91f5dd8d0c8

    SHA256

    f42ea0aae5d9672cfced75bd00d7f4f69e6ca33901e04882313b37b9a21c14c9

    SHA512

    c58a019bab5c8ed2ebb257e8d4d00bd692acd084b192e6d8273d2e14889e7b79e142bf491f3e856cc5f8f23e82a61e376c6859c8fe123301cb5edb011b60f947

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6273296f287e2644625a32d4d8aa6c99

    SHA1

    d1883c34bd9b002a334b680d3661f6068e210709

    SHA256

    5c351cf024d973ba96d7a2d4605bbc5a61d43f3b8ead95aac5636b48ad19e441

    SHA512

    b2e8335818fa12c9850589988b4a8495b8fe99b89eaf57a422a945c3fb2bbc9b7c73466d38ea159b0f949d290ee0570bd2a95450226e99c26aab033e3e07748e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    97a08d937e9d48487751229574663534

    SHA1

    5fc78c990603ead355d62ac8dc09d1e8dcc9cda5

    SHA256

    3eaa650e44ad039c1b33d34e58e58c8c9690d95032bc11b76fb5f82f534f0361

    SHA512

    97c8919a0197909a959b4ac8ece4144a7701734d4b8b0277c7703d1ebd78fe4ae1c3a8b04865c6a9511cb278657b677976402dee620c936d8226b1565ee415c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c87754e16ee4d3b10afae43fd4a8558

    SHA1

    9c059255ce83a10d1a48f967711b37c66267ab1a

    SHA256

    eda4faf9a8677c33c18040b57b9e42cb91177e01f4b3b3f912d49a1137795692

    SHA512

    609fb5001ea1b6ec903324fbfd64767e0274c487a0497f26315ff5f26a1379f9c5f5a0bd35577e4bd332bafd175c83d9d26df12017aadbccee6ada9ef97d4512

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    240327e7d3dfa77efe699a76b76fc94c

    SHA1

    949e76c1cf9ca3a352cdfdbc1a63055e418e366e

    SHA256

    f6f970499e276e65d2d08b77538bb807c83e735073390e98a0233b08b7a6b9c2

    SHA512

    067a99211ecff6dd84cedbdac5957e7efc730ddf57fb522f9723ab9a372bad781a60f86d9bc6d93bc0e39f98e08f92de2f822e0be3f045d9570206ba3292e375

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5071b7aa535d976a25f9eabeca327752

    SHA1

    14913b4b945350c7767248a7d462ab08ebb45c3a

    SHA256

    c90abdb45e6dee676054292e82cbf57a8818fb540533594656194057977574ac

    SHA512

    94f1691238f3ae4fa376b3a9dc78cfe69a134911c865a444dac304e463c7f76a1f80847faa71c828f6fcdc0e0f467a59179b566d5b476e1e1a80b0204256db73

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7422a94e03f770b6de477b83ed50d253

    SHA1

    2972f8f6d5567e677f0d1d4e913fdc0c673197be

    SHA256

    97d9492d5d3d010629fe9b1600714983324c257f7674728c878a258fffd16a07

    SHA512

    3a39da8eab06ff67f01abf74336df6da690eda85e3a92b9bb2cc78c78b31abfd5a707e85101e79ffe1cb043c866321e70ee0e751391c7b86ee37e9331c3b21b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36ba72c9dfaf106ec8e79ff494fada16

    SHA1

    7ec6b13c5c3b9cc2166e1b4b45066bc8a768402b

    SHA256

    b520bbdc244361940140e0f2f27e81d7b5821200119016380842abf2aa6d8c2a

    SHA512

    9251e699270114fbfb5a0eb7b13caff25032a8b6fe50a1636889844f8aecf6fd149381bec155159fb8c440347efbb105256a36f7e075f393e98e485571366afb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9da15de4156a224ba7d763fbc661777a

    SHA1

    955b669d301595771fc639d40c1966f0f29e03a1

    SHA256

    1234c984db6a6f5c5c80f29221d621f592c7852297b73c1904c68a1572391cea

    SHA512

    4b9adb7d7322c06c3b95599bcb7a3905cfe51d435c2d075b4cd06e8a6943112a39481744bdb8c7d9d9852ca550e24de1c83207fdb0e8280eee0a51e3916a6de5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fbeebdd092c110cc242d2d4016b9fdc5

    SHA1

    1b00ef6dce036df8e3a5e977b86fb8f4ebc5170a

    SHA256

    95a50ce610ba1f55f4cd4cb15ad55db207cc88d0c054efdc6a887cd0d0140a9c

    SHA512

    fd5f4de2b15e9f82dbccb0385bb26cdc6b66993ed6841172a23e9e8205d28819cf3c049883f3e64424109366e94128ba4da9eb915645b0bd74dd17eb07873932

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aeb476c6a4d18f6aaf43ddd2d8965802

    SHA1

    9383f3dd43f00c5bea348ededabe8ae26240280c

    SHA256

    12d1c81268482f14607bdc7434ea7c337efe69b6b7f0f9182386ec484734657b

    SHA512

    46dd76ff8f488f162ad3bf69227769b7d3150b9f13ae5c8e938b7911b8be18c57fb56da9334cda1342d759b34c7f412aa6b20b2b18b2256695184a12d373effc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee5f2d71ace7034c49639f5aad8585ea

    SHA1

    cdf59fb1e484f4926671fbbaaa61e8a07d8885e6

    SHA256

    6b30703c4d69051fc833a90b6b2c94231e194aec3fc13dfc20e79133b5ea8a8f

    SHA512

    be9fb800331eba404a042a213e012303f0796c6a348f51a3a1018a35dfc861228594cdbf38a9261fe54070fb6c0481ec79ef8716ef5e36ba4c0551c8fc103f16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a7083bb7d46101b9b451c19b9a4d520

    SHA1

    c239a57fe70f4892535d131291280b0135e086c7

    SHA256

    73b901c53d95a48009850da3dd1c7f59144ef9732fadade7ee49e7b9f8db0e03

    SHA512

    de4485c8a9cb4cd6b046c56dbaeadce6ec8588495914cd17eb77155a46315720cb477eeddbf19d94bd2d987ea9a8c608b3de44840e7701193f622adfd9c11b7f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e16dcd9116ceba810dda659d8e79d688

    SHA1

    29e4f5f3d3fadc50c0536aa861ab3574b9ce1d01

    SHA256

    4aa4f61aeb7812d65111fe22b34b7c429b937195cc172507803f3284a2aef7eb

    SHA512

    be21d9eecb702fde83b2793518a43a83363311e21b28f0523eafac8c94414a6978186f92a32d88d505d8c0a18e2b8ee81eae8ab4c6408406b1b9de6b1ca90687

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca3acd8931d733b0725cd7c8b8db7082

    SHA1

    db6ee81a3b9e9342b95fc0e3ab50efd6801bfcb6

    SHA256

    0a6c286350e040f6c450203052ed6d4c5aa7cb69ba0bc4007e4c5aa153cde070

    SHA512

    d074386402d9104fb60566da9af912c856c979e73b65da1b09f1b8155a96dbfcc2aad1ee9d6a5717c8fa5f05b71d77136a28b19e8b223074316f969d73fc52a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    02cbee2bc91f728bae6ee39c252ff29a

    SHA1

    ba36d25c19347d2c31906c4101ea9aae2cd8b028

    SHA256

    0b6d3da32f43d079b06d8c44f4ec745db964f1da53b7fad773548fc75a2fb7b1

    SHA512

    59bcf61bb7d9195dbe334ee7d3572a757768d9e3e4b12228277d227558cb69a98d145ad3c5f3eb74e2654f7a59c78ec02d611be8db42946c1a7e05d7dfd39bd2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e63494f3c73f61c834c63f8ef1d54b4f

    SHA1

    6be6529e4d753e8f70bd76e98c5860f2639d1e66

    SHA256

    47126c9cc929667991aed8a693b3c4bd04aea3e1be58ec36b44dc2cbef2382ba

    SHA512

    d9a615627f55859b02e4ac2d9016c79e29d632408211313d3936398a31ba63fb55986f63909434582238800dcf6751633e3492f024ab7756bcd97388ae69de93

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4fec9963d6932d9dd3f0bf2a5ebc026b

    SHA1

    1f7f0a3b2b670789a807b7c513afa254b1d94c0b

    SHA256

    a5538e97d08658d2cd37e67e349f1657a81bdc5cb23aed066d967162ace9852f

    SHA512

    7a370765f773c3498b2f49e6a679cfe17e9121ccb83a8baab58103abbff2c75101f04e9927f367a18b037831bb66b40c2adc2946a3f446c070a4a8b718138e23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8fc711498f35db4b8deb0234bb086c4d

    SHA1

    319fe689ebb0316b40c192d73df8f2fffa8b917a

    SHA256

    d5b9783f589de52138bee933fe8c4058e72c35f5f99c2044fd93ca8a9230d0a3

    SHA512

    26a94e86f45c33ccb5c24aa37dbbca0f2f71ed10e89ef7f98be2d3054e19ddeb06b7cb707112ec78c6fd4def296a961a6015f09baabc3011187a8ed9ee49b4e4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD4CD.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD55F.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2340-18-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2340-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2480-0-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/2480-7-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/2480-4-0x0000000000220000-0x000000000024E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2492-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2492-9-0x0000000000250000-0x000000000025F000-memory.dmp

    Filesize

    60KB

    Download