Overview

overview

10

Static

static

3

06ece0e75d...09.exe

windows7-x64

10

06ece0e75d...09.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    19-11-2024 19:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    06ece0e75d7dd1b30e74ae5a689c64f130c55795f51905eecd9446f951da9809.exe

  • Size

    1.4MB

  • MD5

    916892082777f4c50e04a78cd08acecc

  • SHA1

    2b35c3ea39caf7636b5cfe27a8e3a383ab3b588f

  • SHA256

    06ece0e75d7dd1b30e74ae5a689c64f130c55795f51905eecd9446f951da9809

  • SHA512

    a1f7f10e7f8da940e42b1d9cfdc1a456edbbed8c7ec63278bdec764157ff3dd8f71cfa8f5940a95e5ddb631e7dab82d56a9c8b52b2d6d618bfece0c46aa30308

  • SSDEEP

    24576:3FiJgbowe6ssJQcAZvI4lyzTCiKC/XS8BGqcJOx0D3gQ6:37ow4sKpqFSDJA0k9

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\06ece0e75d7dd1b30e74ae5a689c64f130c55795f51905eecd9446f951da9809.exe
    "C:\Users\Admin\AppData\Local\Temp\06ece0e75d7dd1b30e74ae5a689c64f130c55795f51905eecd9446f951da9809.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\Users\Admin\AppData\Local\Temp\06ece0e75d7dd1b30e74ae5a689c64f130c55795f51905eecd9446f951da9809Srv.exe
      C:\Users\Admin\AppData\Local\Temp\06ece0e75d7dd1b30e74ae5a689c64f130c55795f51905eecd9446f951da9809Srv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2536
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2268
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2140
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2140 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe5787cb1663ad7104305a7d976fe258

    SHA1

    b401598f98f554a72ede62fb14a21b2722b1b06c

    SHA256

    7d8de9776554a491ca17a204eb30d450e37f7b788ef0375e3a23787aecd10d31

    SHA512

    013090b846a2a4c824c6010db008a465822e5f413ebac868a8ac8ddc4950edd5e622a3dd7a19da2e8ce13bda8d16ee73f85358cc8a9779f8a2fdb3cd8a3e5f2f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    912436fb25d33caf65f4da13afeda11f

    SHA1

    780e6bb9e7f8b8b488e3c3f738da62a5eac34b36

    SHA256

    091ebcf75f406dae1b3164950b0f2fe57cce4699f06eb71ded1e6ee0e60d967c

    SHA512

    8693a13f496aaa7afaab9eb77821a54a413cb1742f73d0546628210d980722f96151e7d8385107a9bc0e80c94ddf3ecc866ded757364c265691254cc65d4e679

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0704de1c33c257fcc313130d05afeef8

    SHA1

    a757d89982d175a840436fc291677c4f898179e2

    SHA256

    7291451f05114a789c7390d12460e6fbfa91781e8c7f1964fa10b47b11bfa439

    SHA512

    94aeab69293a219a71a1b6f825c4d04255c9206edf32fa4779b637e6c3bc081a7eeeec78930afdc28b1083fb521249cb2171b87cdf16ad7565632a6fb0aa79ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fce74760968265a2fafdb7947e53426f

    SHA1

    78edc21e956da2a9c546d76f05d320f941a515b1

    SHA256

    2f5ede4730ec8492954f29c852579c1d8cff7d473d6a9fd2a3091048a317caa2

    SHA512

    7da1df8830ea3749ad68b47c818b01d2db4be29313b7ad116e7ec3436414d1f99c3584794d15c68b180c9f00823f8660e8a12bf07f84dcac410bb8b559bf76e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    122043e2bd8c6c4bcaa5c9e35395c1cb

    SHA1

    57ec4277b1e8aa00a27e96fddd17066104cd1d28

    SHA256

    3e015d60bbf69e42d34d66b63fceeedcf5ddd2f2fc347da87a6371e7e84ea069

    SHA512

    0394c7325af62d302fdc7b05d003431a0f14fb8fe23394d642625e67057561561fe45e02cd015a47f05a68d998f58c7b907f7b91cf908dbffc7ee0768c9d08dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    80f7e4729f5451bdd1f4db3629320008

    SHA1

    2fb10e0d6810d2b92bd630140683a12f3fd517b8

    SHA256

    e09f933057bd0cde3f31987faac4fb9142927712a8a5855f89d00ae767712cca

    SHA512

    22a586f2880e3c6df232cc372c45b6e8b35482be21b1af8e8d589cc8c519b0edb22ebc81417524462316c9daba6f27774e960103fbe67a81c647515b64231855

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    112b1bd64030359435ba5ed4c3c15a29

    SHA1

    fb73828055afc5f85570a2f41802608d4ad23f7d

    SHA256

    eee25d04e6df4746f3f00bf0af86757b721f40c613fcc42fdd93044e23cad2d5

    SHA512

    793e71212a31a39e60e0e374a18a4902fb34c840d4cabe80267b73efb34c9093eb460384ebbf40f15a54ad413966525aa0974c6858be92715edd83423372231b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43c0786a2d6f4f334adcb33b11d52ee4

    SHA1

    7a3357fc6c2cd1f5c3445b3005fda9f66b37798e

    SHA256

    4c3d9f0b3e08a7fceb389ee19c010927f1003ef8a3d51d87d4d9a65388fe0648

    SHA512

    ef9da6b3294d1236d9e3817aeac7c71cb1a25e9d0a4f6919a1f740f2c91ad732e21d6241a96ed12c9574a16cc834690fee729df793656fee2a736d41607a8c46

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ced5cc4986b1e238fd7b3e806ad9a7a

    SHA1

    1b6cf2c8cad5b7a2d93985f2a7382cd5c0d0e8bc

    SHA256

    f64b72f139f243e3f56c71e1da886c99541eeecfe4575f06a12dff3db24208e7

    SHA512

    772e2e8efebdbb96cbdf2a99d8fe42320a9f7001b86de81b9e2a6faadfec25c63007e40dd7f842ca261e5d90d683276b3dbff486a788d2f1da9f5665dd97f5f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    786181e2168a5bd253f436179e7ab3bc

    SHA1

    126b37766bafae6b6f56fec2c95bdd9050f85199

    SHA256

    4a21429db6fe18e99e5f2f7d5cdfac66b718006226a4c9b94bbe3823ba7bdb90

    SHA512

    587dbbd8ea501a954df8564626e3f21f4c44296969bf20d6ec956e096fad514ea810208fd4ee18702170087d7d6eff1817159fbf20b26c6eefd447bd0d6e5acd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63bf09fc4ec07cb69babbbe5ea4b13c3

    SHA1

    6bf3161d1b0bbe686f698bd099f15dc5e37efd1e

    SHA256

    cf56289009d2a4952a0cd26aaaa3f3fc5fb030cbf50a1ad3721112ba8c83db80

    SHA512

    1f164380a255fb7fbfafe7b33c2e677c8d7db0dffe8d036c88efbbf7607cf05c2d163f9bfed93c605b36bfd6d70692e4693156af9d471be05538249212bba0ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48d1945ed16adf50f28aecd183000a38

    SHA1

    2d3ede6f8b85988f6eb41259233880efadd52404

    SHA256

    5da91a4ef137893b4573e648833c30d87fc74e28b577c2155b3aa375f417385a

    SHA512

    55ec0f01541517b8db54dc52969b2233a9a05a07ce597f73ec9065b0ab187ede7fd94af5e61cbc9555a47d697fd206b3bb36dff65e1f9e236629102229fb1754

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b35a558086d8f84ac70f643c5face31

    SHA1

    357b8a4d1caa8a1549a510b549c70df6cdc7cb0d

    SHA256

    dbfbd0090890b2e7a4aaf8ee719f7e94733c7a09ddbf30a28871566339538851

    SHA512

    a4db8f180afa58044f83d269bf36e478788a60fbec78e4b877e2114c9779a5defd4198aa861c03c388365c33440585d4589a39cdf1e8e9ed93c143df34f2c222

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d5f5f9754597ba3d6f2a2a263402f432

    SHA1

    5b6e9f915502d08e9aa80506f52b73109d69183b

    SHA256

    07e1c5b2b2b45aa4e79a6a6f3bb10949dbd55905089a8254c0ed69e6587e688a

    SHA512

    0ecf9d38ea42edbe169b3491f90017b3def4d033a59d1d53437905ce0bc938427016a0986c1f3a5e9347d0aa2182d14fb2296c24ed58f6cbb2ce357dad6b2eed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d707a01fef9c26135bcedaa300544ec9

    SHA1

    1021cc0a66c31039203e82c6b0ced52ac884b3ca

    SHA256

    2e8d7745e9f5710a01676b1779ef9a247848378d5742fe0fbbffd28e95be94d8

    SHA512

    ce72569e53cdcfe19851cebd23b01783cd614d71d6d08f4df929d8167a88b231c1ef05214ca7783c55eba2b891d215ac109b7dfbf98c0de76eea313b2d11db51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1c17ff4204adc7d89b29088126b81043

    SHA1

    c46fd647c9a0765de256b7fc8e0c63c085104a09

    SHA256

    27367ea1ce506ef23e149b544f3a880eff3798f7c1fc8df8d606d6a2dcdc9a4c

    SHA512

    29cc74983b9815c8ba4fc0a15b8b5b409cd55c068de7fd58d7b6499fc4bfbfb704a181982f3a2a399759e537874809ef2e0659670751e50f726f746c1ba992ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    71fc0d44b4ce595d2869e61fc218e627

    SHA1

    abefea4fe63404c51706d4f2383d28faf5ad6181

    SHA256

    9679448201766b5dbe73bf63b2489f19d0de3b96324effdc161efca557c0cf3a

    SHA512

    aee05f294e0aee4873b91808a7d6807e654a7194970269db87da58dc8e113fb27fa707a2e57f1d370f0f473d1338ab8d978e2602bfec1c205d015dec99563705

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    818ac56c40eb1c9909bf239b67d9626b

    SHA1

    297744e0654f91c1793d92f5b8f2986e14c0e618

    SHA256

    52a2548205f656cf71d029df8de2bbac29463788ee00dfd3e676944af760e2e7

    SHA512

    4e575bc2f4db7f59a37e486d40ca3f299e0bdab0a22eb57c78d31c44c4b091cf205f550a35926b687b1f01e5fdc183d7af529c1ec5c3feb754426cc041fcbb67

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab257E.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar263C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\06ece0e75d7dd1b30e74ae5a689c64f130c55795f51905eecd9446f951da9809Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2268-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2268-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2268-22-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2268-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2268-23-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2296-0-0x0000000000400000-0x0000000000570000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2296-454-0x0000000000400000-0x0000000000570000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2296-25-0x00000000000D0000-0x00000000000FE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2296-455-0x00000000000D0000-0x00000000000D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2296-5-0x00000000000D0000-0x00000000000FE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2536-14-0x00000000002E0000-0x000000000030E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2536-9-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2536-7-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2536-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download