Analysis

  • max time kernel
    140s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    17-11-2024 07:16

General

  • Target

    8dbb61a0d40951a0b9fe74788cfd16c3fb44d3f525b6f51a948aae103b2674a9.exe

  • Size

    293KB

  • MD5

    bb4ce6432bbee2d6d8ac8eeec88903d1

  • SHA1

    732f0210d0601e28cb32ee7fd4ec0df8f88f0b5c

  • SHA256

    8dbb61a0d40951a0b9fe74788cfd16c3fb44d3f525b6f51a948aae103b2674a9

  • SHA512

    e3f34d6c760fe187e7688b990af5f85ef290127e60a8f8f3b9406b7dd12fd84a66adff2997aacee1f316b888d36a5b9671bb0b12c6c217d4ac7c561db76191c3

  • SSDEEP

    6144:j/8MtxRgX+oLE0BZl8+it4UYddksayTacgQIxr:j/HSE0BsDtedzaK3gQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8dbb61a0d40951a0b9fe74788cfd16c3fb44d3f525b6f51a948aae103b2674a9.exe
    "C:\Users\Admin\AppData\Local\Temp\8dbb61a0d40951a0b9fe74788cfd16c3fb44d3f525b6f51a948aae103b2674a9.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\Users\Admin\AppData\Local\Temp\8dbb61a0d40951a0b9fe74788cfd16c3fb44d3f525b6f51a948aae103b2674a9Srv.exe
      C:\Users\Admin\AppData\Local\Temp\8dbb61a0d40951a0b9fe74788cfd16c3fb44d3f525b6f51a948aae103b2674a9Srv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2344
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1984
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2588
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1988

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b3fb4b1d453d9646dfd2fd889942cb1c

    SHA1

    7c6aad11a316b514697a1b56c292b7329be375b0

    SHA256

    18d44b9d2831360899889d35acfcc81ed548fc3201b2a4ee4c1224c585a39ca1

    SHA512

    3eec4306cc5b7230ae975749ad4bd4f2ba216b3dfeea361cf3658f18e153c573c4dcb0aaabb24dd864323ace3eed48c235de4d231ad4057644e972427f69a64a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cdeb2e4fb72e3197bdb44d2a058e3c3f

    SHA1

    1a796dc33dcb2d8bd17e961f375ce4a61d39f321

    SHA256

    b7019a0398e68b6b77ae31613ab5b864e06d518744018f6f44f03bd350f1b526

    SHA512

    5610b70b8d56b7bbd2864b96cf5d41f1551984bde3a3e4e1a9f2b5cebeeb676dadf5fb296985404d6c331431eb24c6f9014c3eca92615148332657d7e84b3438

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7f42249a607b358578a694342f0315b3

    SHA1

    8b14b6f11ff346512e256c5eae7283755d64000c

    SHA256

    31f0ba12c9eed45b0e35e992c807289dacd773084475cc00896808075ad84c9d

    SHA512

    b38f215df20344a9550ca340c404f0bceceb2b03f2b3e7d60391e1b8557c66f860b43d31e641a7ce8d3a6348f0d8c4156afa259ceda06a94ebba4973ae205c32

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a0f9b0667f16c06e6d19040996474413

    SHA1

    e49300346a7812bebfacc3afacadbb57021b6f97

    SHA256

    549abe18c9313b35c60f6cfa87de404f2a323e19878492f9dbae6edcecc9d3af

    SHA512

    52d2bcf5f0eaba8331ed0128b38d896d064775b6890378cf8c03344a0061d0e9b4607b92688fbc7e66e49801342f0ae2dc00d276e698d049ebda61374517b925

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dc780a7a430c7b57ce6b31007c1ea234

    SHA1

    0e84abfbe18d8329898961d89b90e23f02a40d96

    SHA256

    66a45316ed1aae4d2e166946ec59ae5431db3420f6f3825725cd602d85579a72

    SHA512

    a66d1cfcb0f05781c62498ca92db3550bb9ebdaa96980dd28e62e0ed0f0834767f6c1e3e3a40bc9392f269debae0d6d890982270d940b77f8756da49f3de87ba

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    747d29dd7b4d8236007ad862267b2479

    SHA1

    ac809388809b2361f186c0cf4ca05a69d5bebed8

    SHA256

    614fd98866ff08429ee8f9a1876e2302f0175f55774d2f5270f87303206c4b38

    SHA512

    3ccabd3e5e43ec5d44bb1974f7b97bb3611fff3fee2b0b932edb9def77a3e010784e00e50c834d84cf18b47fe17f68b1f57f8533ad0d5d798b255b8612ec7bb2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9e0bd461040591ee5e82b362c1d4efba

    SHA1

    8e9023e414165d08c8f95416f9bb49efa7db5945

    SHA256

    578663236f6035327e3d70154c78dda866651f898bbeaddf6ff34691bd3e1f67

    SHA512

    5974f627f56ee7e8c376f24122bbf389a0566e8e04de0dbe99e5d5f04f7ca144aeeea5caedd373d9303c0871f27dd57175fbe6c7b110c813f56b67ae03e976c8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1a332375bfaf32f7473a2c9b892ac308

    SHA1

    268e7f4d2b8548cfad7dfbe22fd3a23f2c26100d

    SHA256

    1abb1dc878162baa4447b6a0016249f17a3470f6882c92c57cb8a7e4b38ddf52

    SHA512

    5f407f223f9f6deba53881fe8dc7adaab0bcf5d12ec8eb4f4b61f4b70e30ea204a097b541cd6a57501a516ca21549ce69b27187ffeaec507d18b9ee1a6b38209

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    76586ced10007695b8959d502102191c

    SHA1

    7ae33630a812fb67335db87a3fdbb43e85fb95e2

    SHA256

    7de30229f9e38f91e9a657bc075980d03b56a9d01858805475a4130d7c25ee7f

    SHA512

    f33f7adbc70ade7316349f1dffe9a687d0d22c3029ba5b292ede757370a52bac2a1538018767be17630a849162a94329333c285938eb7e6fa4025692530770b7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c06851508b7a413601fb626b19d52030

    SHA1

    3474382d982a9844f541cb08ee2495111829f086

    SHA256

    3694b67495cf27fc8a6fad457ff87fe59487d2887b802d8cff1e8f7bcf4a3a8c

    SHA512

    84b85e1e8596280da365d02b0a0463aa0ab40f80e188761275d4346f181e1596806bb8c41d3663893d3432246390b986abecd5bad87a68f848cc48905a7ddc4c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3a90e49b4ca39d206c77464b86779dc7

    SHA1

    9522ec6723b719db72c4126fd18bd582921fc86b

    SHA256

    6600e52d0aed97974a049ce6cdcc40d815fb8d3b711283fbcce81c2db0130769

    SHA512

    f689f70d1d639928f12c141dcb3ea877a943102f9ebc04196574248d5c061fc2db28c3d4d86e96e8eb3fc291362f6beb4b2ebb671a4b6a8db2ee1cba06671606

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    148c1a87efc84692d8555098fa5b8a61

    SHA1

    8bba325af5de048bc95a549c7a968b3186d2928f

    SHA256

    dfa12c71c60a547f1572b13511c822cee63b85387509c942d7a5ecc469eecf45

    SHA512

    51b30b9eaed2ca5580d4179a664f260668f208d32b098b9fec4c8083e38ecb1087cffac0e64b31ede15db8f983d8c6add21baae31d595636e211ec0246bf721d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    17a951054aaec3f5698e50df27b1d541

    SHA1

    f005de77f4bb37a689ba0f704ca838153cef0bda

    SHA256

    0847175894362cb6893ac8d835f7f2ff33f445dad1a130420d3c911ce3e146f1

    SHA512

    d6684c3fa34a97b599348a35aa1946cb4de951193be4e02d7365e77f1627c55f3491333f6527f592cc7e6977ef1b1ed8697ae7616b33c8b01674e29388eee733

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f38d190d3383967b15647a0d8fcd3737

    SHA1

    0f8e4b77f6b1b8963fb1900197fd015f4bfb22cb

    SHA256

    b74961e7cba1dcdf04454c1b4c57c58b013cf2126f7c0b9bcdb066c353d34269

    SHA512

    73b6a2522b1ba0d373c0ec7dd9c06f69e4f33fee3ce1d2adff20cdbe5faa6c0833d8e513613984c06d0055b76e094aed79c6fc1db89277f7b6c090d6d2512b99

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bb57fc4a49759fccd1c990c9345d01e0

    SHA1

    ba17328d17956c7d65dccc4b7dec737d8257074b

    SHA256

    5fad57a82cf0a5313b9a2b7a3eff0683718b8d17b7f88e01aa7c7b96a628f61d

    SHA512

    30a1b6b19498d5dfd8fd5d499224b4ce93e6334740e6bd86d2442899f21b39d76f46970a9cd49bf14d90cfd28893da39d190d73de1410fda7e6c50aace1c0345

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ecfc1ed6b08145f80ee68ab116c2c11e

    SHA1

    76fbb95372bf21b875ec301222255913460f9136

    SHA256

    2b410b494f5e1eb104eaa3b185b0ded60ce00aef93dbe34bb55233334cf05212

    SHA512

    8943b49f0b658ef378e5f3d7ccd792ea721985154e8c3b2550534cdbdc08c6fdb4aa9f5758d3db27e62b6eebd6e6cf288109aaad9220e7b028178b35206f9ee1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ab23eadb2529f45ef1be05bb42e6a499

    SHA1

    6ccdf0dd86fbbfd38a9e3e054dac04d7f2a045a3

    SHA256

    ba14f739917b673254fab7e128a5a4ba3c3b564bb426c92b862ae0f0f171cb89

    SHA512

    339bba7b9cebdda97448afe64e552e3f821022ecc4dd9ab2da244fc4ec2c2ab43d145fa4f41abff83efcc55ba8fc79cdb71bdfc25a4f3c6b6ddee2f452c58cc4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7b4949ee09374fc2acec11098acc44e2

    SHA1

    04da70776debb129c7daf2cbdbf73034bef90854

    SHA256

    9b779fd78dc6ac745d4c4dbce445f969daf93aa4b95f8a826620dc60616ae8aa

    SHA512

    e14c11995cc03d4bf18abaeab665b06769edb680a9614ec5b70cf7f2fb818824263fdb5a3493f8eecadd91505a06ce3ed3d2304b2cab3cd85faf8844a172cf9d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c5cebeee3aab13c73f9b390d3e436dbd

    SHA1

    ae2cc5778dd0e6e7151c79e56043c4506ba17ae7

    SHA256

    4b683437db3285ae641466ab49d42dd10f86cdb40e30e0d6b70c4ad4698f2778

    SHA512

    f7d7aebb4a8a1e69fd00d97b60087e85fbe89c866076a9ac0d2b101280240d876d6aef3e5059bd9445ad88cedc9b055062a308f9d66b211851ea6bda1735bc69

  • C:\Users\Admin\AppData\Local\Temp\CabE207.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarE2B7.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • \Users\Admin\AppData\Local\Temp\8dbb61a0d40951a0b9fe74788cfd16c3fb44d3f525b6f51a948aae103b2674a9Srv.exe

    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

  • memory/1984-16-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/1984-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/1984-18-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

  • memory/2036-453-0x0000000000400000-0x00000000004B4000-memory.dmp

    Filesize

    720KB

  • memory/2036-0-0x0000000000400000-0x00000000004B4000-memory.dmp

    Filesize

    720KB

  • memory/2036-21-0x0000000000400000-0x00000000004B4000-memory.dmp

    Filesize

    720KB

  • memory/2036-5-0x0000000000250000-0x000000000027E000-memory.dmp

    Filesize

    184KB

  • memory/2036-22-0x0000000000400000-0x00000000004B4000-memory.dmp

    Filesize

    720KB

  • memory/2036-23-0x0000000000250000-0x000000000027E000-memory.dmp

    Filesize

    184KB

  • memory/2344-10-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

  • memory/2344-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB