Overview

overview

10

Static

static

3

120c148dfc...d4.exe

windows7-x64

10

120c148dfc...d4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-11-2024 20:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    120c148dfc1655cbd5e1889d9735960a0ab455ea71f272a3b010324ae7cfa0d4.exe

  • Size

    3.5MB

  • MD5

    698e225b1e677a2059c86bbb3bf89f3a

  • SHA1

    805cbf52381a48967b064a12075946d110d48ca3

  • SHA256

    120c148dfc1655cbd5e1889d9735960a0ab455ea71f272a3b010324ae7cfa0d4

  • SHA512

    efc22602280b0642fe22c3dcc8015d1a859b80a79f4adff23631e959a2a827fc37c3129b7abe3ae59d8527e174036dd00a98708b3dce8a912c077c4282773d55

  • SSDEEP

    98304:U9PazYBVkS4wagSkc7NCVDOdKtRQQQbvFLOAkGkzdnEVomFHKnP8t:MDoYOdKtRQQQbvFLOyomFHKnP8t

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\120c148dfc1655cbd5e1889d9735960a0ab455ea71f272a3b010324ae7cfa0d4.exe
    "C:\Users\Admin\AppData\Local\Temp\120c148dfc1655cbd5e1889d9735960a0ab455ea71f272a3b010324ae7cfa0d4.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2508
    • C:\Users\Admin\AppData\Local\Temp\120c148dfc1655cbd5e1889d9735960a0ab455ea71f272a3b010324ae7cfa0d4Srv.exe
      C:\Users\Admin\AppData\Local\Temp\120c148dfc1655cbd5e1889d9735960a0ab455ea71f272a3b010324ae7cfa0d4Srv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2352
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2340
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2260
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2260 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c93b83828dce193cbccb5650e79b0ca5

    SHA1

    13c3a9a98f50631c6706695f1157cc777b910bd4

    SHA256

    7dcf05530330b36247a86121a2729ed8caa6a0db58d0199b22feefbdac42a9ae

    SHA512

    00bcc92779feb3e7142e56346295d106727570180a14bee915f69a4713bc4f1a8a71fd9e9c9b77cbaef58da409916c42c333f57554058946f7bad679bf7375f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8d6ed9d5ffec12706ffde5cd81ac076c

    SHA1

    646a88418d7d3fef5c3b3f70970b13cea968e356

    SHA256

    c2e1104035d2669018e15d501509df7941dfce439b36ead2a02433e04fd8dda9

    SHA512

    08d66917d105a276826bee6855e6ffb6733a786a4f243e4527a9d33e066429e63512cbe3875bf514357c88b7f09ba1e59d917afd1e2d3972d665ff7b130128a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6ad47e8f5f6c01d3fd2da6f19d6196a3

    SHA1

    5d1d8625cbd9b09c26d9b81d154f753fd5bd5cbf

    SHA256

    709fccef71a964c42e3c74efa866404475035f6cc8451190c7c81ee43282bbbd

    SHA512

    87437151df8b6041fa9e85a7699bc52f67a5d101e6f24311e8a0e49803d1b6a754d8d84192dd32989436643742c138021b483328f22db331ee70720bb11aa3ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7e3a92516cecfe207ef7c08e06fdec2a

    SHA1

    ccce3552b3390f777c9bcefb09423e6523e9f609

    SHA256

    1f5710e714a12e583a6f445aff91b09978d73752cb259515d51e54925ede322d

    SHA512

    e06553447092eb3e13a73c6b9f3bb2bf6d25458cf3b92abe3d1ed305eaf157c6f625a0f774e8f3f91cfdbd0f52dc208cb95b752276cfdd7d3611366cdf830d29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9da3779454fa00a4f8d5cf2b42b20b7

    SHA1

    41d2eedaccf2d718a27f50572f9823ac100e3f45

    SHA256

    d54424c87be5e295288283b4ba4e034a3ca3c67ec20717771d54b2b3798af395

    SHA512

    2e517c83296b656946076f8887423a71693dc231ddefc004535b12426c243619f3e9d9e32f6e16fbc437e3da33a10a65abb15d3b215141f2179c13c2de36eeea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2bda119c61aa597dc941c9fb6b21de7f

    SHA1

    316f1dacb4f977eb4a61f4d0ec76771ce4f4f37c

    SHA256

    a446039d9f4d9314391f49b0efac0edd604634eb1e03721a3ef40c1fb9d37e38

    SHA512

    f44c80034c4e34918e69bafc50bf34c1823d959ebda5be819d21fceaf4809cc39b4a8e7be9582bd4a5b6f77a06540784f99533ac420d4ecc6cc4c1dec14062f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f444383cddf464bc61538387f8e6bafd

    SHA1

    ab91b8fc7e32f780a162c59dde8a69e08ddd9702

    SHA256

    68070e724f964ba50ab2243ab8797fd20e0ca34efc1c9281fba31c35178bd668

    SHA512

    0c9a42fb1de6fe14b8550eff091fee6497007901d84abca037ddb2d8bbadd7a8b827fc727959c23141373a216fa2b33359faf30e0531c930b34049f757eaa121

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c8872daf5e99f20c7ac56e74d9465881

    SHA1

    0f362f94f572c9f008c749603c7e74a511dd77ef

    SHA256

    72e37828de19ced789013ca89e027a90f17790c7a05c1703b20d49bd2b40f60a

    SHA512

    63cd786411b01859ccf3b6bf5a0652a63409468f1a7f6831f00fd081c52b7463f127cab812269859f17bfcd970fb1423feb1bf13a3d09e697d180d4135ceccbf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fbfa7adbe6d2370bec35fcc3f59b0cf0

    SHA1

    a82c3d73ef5ac29fdf5209b0c9dbb340155a2a1d

    SHA256

    b3ffdb5288e29a6c0ac4c9b871e494c86d4a58a8ef1ecb5b2459960f7c5899fb

    SHA512

    d47f701e7727962dcb0dba2b15258f326305c75be79cd70d2e5267195320943453f740bd9ac1ecff3c8471edb6bcdf766bed411d9439dbd840e029117968f5d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ccc98e42a6988bc630e372dbfc937ead

    SHA1

    64bbb83d5c0f2117bb0b8d62bcc9a6a3efacd1fa

    SHA256

    8a3dcf994024c2e63bf144599e1bc2bae486688a8e76198ef46bef8e36a6b7e4

    SHA512

    4bb787eec51f66c377a5e5bdfa83fa49d6797f5e24c526cfe2034ed6509f44a65b335903370b0eae77a25e62e21487314c1cffaff1759d4f7166e086017098eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    797c3eb7cfae3e72f01feb109548e10c

    SHA1

    b1756bb00c1a0c54188dadcf00d01c5100ac2c36

    SHA256

    3152fe9ea47100c77af1df1a571ae3f7aebfb2ee0c76089a9590f2b3f31e0d3c

    SHA512

    43b3ddf285a108e5f0158f2afee123efec3c6b7454644283c4e04a167922149146c8f1fc774c2730849a98d28206191a46f748cfcd75fb13ba5083b1f8ed2850

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b10dd45b129ae42d0db564b799f13267

    SHA1

    00843e0db58438b519ad2e605a5bf68140ce519f

    SHA256

    fa622bc21fcbb8284fc8ce6119c77efb70ef8e748568b83befad20b4263419a7

    SHA512

    040f3d52a0f39cba6d417aadecac4ac828ec347ae883e53ccb336972f88eddf955d7354d6bd5169d7d5f35cdda4a0d7fb5dd10892dac87a15369328621a08a87

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4945940fcc95bf4dd47b00fb1bc0ae54

    SHA1

    c4ebc61667c7ef6ca2bc4befe5398c64b5b898ca

    SHA256

    34fd865bbffbcb8b9f2f9442302ae8bdd6562c00be018a8375edad0ce8c0b221

    SHA512

    69d63e9e7a35bb466d45eb01237b29f963f3b2e297dd223178e74587f0477a0a8706771b5c50699216bab4220ae7f82276c6b5d5ed77c5b5bd2f3d691182c663

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    499e149ece488533375e0fbf696d2623

    SHA1

    4930a0e8a4ae2bf86f831d33fdc4daa73f2d4e22

    SHA256

    8f5d6b0ef5fd2eb024b86b895132fc0535703e40e18d987f77de5081582fa5ec

    SHA512

    9ea9a5a796c3e260724dc683297164407f4205496c4aa7e76999b025e719d4e4ef639643df645369480a9d329631b317b911d068e182c84bbd7cb68db3c11010

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    033d46bee83326f4c3e9e926175176db

    SHA1

    af5dfe83004f928af3ba8aae2150f22e0c8b77c0

    SHA256

    21a3e3eea0521c9f31c966ee8f36ea8c84cc943ebd76ad095076c2aa99ddd166

    SHA512

    fe7df63e1c43947bf373ef8f9eabdfcc0fff6d88eff2460d205e9a0d28813d1384eb41d39ee3adff302b7e34326a5924c039b2c4e7893eb8d4b5051dac1d03c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b47e9612df10f2adb26081ce83106c1

    SHA1

    14f3b8cbf6253193736a18d5d835878992e4ecc9

    SHA256

    2abe86e1f2ff0375bf88dc3526a2322c586654a586865c25b291f7d69751437a

    SHA512

    6ec8f47b7a819c1299796e4008b71e60e9f8e9f2c7cb7f1412e682c6c314c93b402204b100f02223e4202b8f03dc9052d5ba861041b348bd5bc37f7ecb8e9b60

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    416f68671592a5ead2b270929e8904e5

    SHA1

    2148a8907f5fd26137ed2fac7f6492e5aed6961c

    SHA256

    39d0032b0eb676e4605710f8b3b7fee39605568393efdc725809738ba047ff9f

    SHA512

    b802c04d8bd1f3de595e52d88cbd3ca483cb6ee015bec893ac531b050170141ed2c7973234b6a7fdcc2ddf3b2ad9411fac7dd7d1a9734d93f4769b449b7427b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82a6e969fcb8d26e14695db64e4bec02

    SHA1

    643610b2304e5daae5eac669ae8ca8ec2fd9989f

    SHA256

    91ce031e2bbf84f66186a7c107782cdc835e61e82d135eb80d8f563b7f2a83af

    SHA512

    276967da2a4eeaab5df61d4de9ba1d9cbfb34095197a37052d3f09313b46ec3feb26b54faa8cad86b231ef164655ab1a32a75b26120769f2b9c7157cceaf9a1c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bfa19848420ec05a6f8f02610e603b50

    SHA1

    0d877592ef7921acfb56e3e9303e5a17550d20af

    SHA256

    29aff06fbdd62bb8d9974673b8fcfafe852c46d18c908c02eed1c8cf967ae0f6

    SHA512

    8670b764e63785958e774b71f0dd8a0761f4c2179b67e06ad028af891775f1cc1fab635236816cc124790628411756faa7a991a93d01d387fcd149e9a9f9b168

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC381.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC3F1.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\120c148dfc1655cbd5e1889d9735960a0ab455ea71f272a3b010324ae7cfa0d4Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2340-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2340-19-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2340-17-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2340-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2352-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2352-7-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2352-9-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2508-5-0x00000000001A0000-0x00000000001CE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2508-4-0x0000000000BA0000-0x0000000000F23000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/2508-24-0x00000000001A0000-0x00000000001CE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2508-23-0x0000000000BA0000-0x0000000000F23000-memory.dmp

    Filesize

    3.5MB

    Download