Overview

overview

10

Static

static

3

cb9e615dca...1f.exe

windows7-x64

10

cb9e615dca...1f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    20-11-2024 03:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cb9e615dcaf44187ad82f13ee4b711c38696c33e0fc25aa44309937bd571811f.exe

  • Size

    95KB

  • MD5

    91f8c5655e265566963c8110f8a9de7b

  • SHA1

    b96f17997e415aeb3cdf82a68927aeae232febac

  • SHA256

    cb9e615dcaf44187ad82f13ee4b711c38696c33e0fc25aa44309937bd571811f

  • SHA512

    7e9b9612e3b4868afb70c9dd6a94715fd0511043949a89cacead24e2369744525d0a411d92c6cc81f24f7e222e1be37a0ba790dcb9ed7e8ab289e0d4f504f7d1

  • SSDEEP

    1536:yxqjQ+P04wsZLnDrC5MXL5uXZnzEPf+hzRsibKplyXTq8OGRnsPFG+RODTbN:zr8WDrCawnYPmROzoTq0+RO7N

Score
10/10
neshtaramnitbankerdiscoverypersistencespywarestealertrojanupxworm

Malware Config

Signatures

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta
  • Neshta family
    neshta
  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cb9e615dcaf44187ad82f13ee4b711c38696c33e0fc25aa44309937bd571811f.exe
    "C:\Users\Admin\AppData\Local\Temp\cb9e615dcaf44187ad82f13ee4b711c38696c33e0fc25aa44309937bd571811f.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2884
    • C:\Users\Admin\AppData\Local\Temp\3582-490\cb9e615dcaf44187ad82f13ee4b711c38696c33e0fc25aa44309937bd571811f.exe
      "C:\Users\Admin\AppData\Local\Temp\3582-490\cb9e615dcaf44187ad82f13ee4b711c38696c33e0fc25aa44309937bd571811f.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2796
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2784
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2756
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\ALLUSE~1\{90140~1\DW20.EXE
    Filesize

    859KB

    MD5

    754309b7b83050a50768236ee966224f

    SHA1

    10ed7efc2e594417ddeb00a42deb8fd9f804ed53

    SHA256

    acd32dd903e5464b0ecd153fb3f71da520d2e59a63d4c355d9c1874c919d04e6

    SHA512

    e5aaddf62c08c8fcc1ae3f29df220c5c730a2efa96dd18685ee19f5a9d66c4735bb4416c4828033661990604669ed345415ef2dc096ec75e1ab378dd804b1614

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a62d2037f4ebf7a98dc73d5afb67ddd

    SHA1

    c971246f7008e5ba7ff42d87e3e68e0d91529040

    SHA256

    0d3824c88a311a65e9096d8c8f9fa7ecd58374270fa633e22cd636c3b67c0467

    SHA512

    bc69f325ef01c41f4a9e633f839b2ab895720d66eca988785a2e46ba229386b6c76c08ab1b4721edd7cf74e8125f0343d037ceb95140cbd30691945d4bfc40fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5081a5a4cba4aaab2e565e4b9d4d757

    SHA1

    64c0c99c9bb4fb1699d6b3f3f7b061e26e0c36f5

    SHA256

    7825b5fa7e73882474c663bfca3ab537816d2fdaa43838f38ef1af97bc546a7e

    SHA512

    6761d5b4a494c7c54037551a8d11f0bf83292b1ae2030c60694e417dc9990440ae1ca3354989d30c019053e0d6dd823bc2bd3568126e41d27a0108e3d43025a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e1ef04143175787a14a6181188ff3ef

    SHA1

    f35d7f51dac947c5fc546a69addad70a7af48aea

    SHA256

    8c5fed51a18d7de3711b5620fdbf0c4a91ef279a02c7ea0a4156d1566a0fdf9d

    SHA512

    ced62bb723113b087b84f4641f81e5abb292c24dfe3ecd5912e4e20600da8175196ef6277de3afa65a4834503a35c3dfe0a491daaa5eaab59e73db4671871c26

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    faf301a4400b03b0114461fb7ef23d98

    SHA1

    f2c4d803ac1442f295bb7343840b019fb3112357

    SHA256

    e3690e5fa35806e70d1781b322c30c6d504c8d14310ab7f4a5c811e28f10de10

    SHA512

    4ecd60ff38bc5cfd92db812f41390a25e4c1a55579940d1d792bc24a8740a16768240ced841aa1274ae3822008d6ee284d6e27df6c565d16aaca5484f1f0e54a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    37b9649c44fbff09bb82cc2f585d4371

    SHA1

    bc2f04c6a608af8e962be971b4b46ab1c63b49b1

    SHA256

    1a7550d462676927b6c1416723e54fe81c0e19f0518c2b213e5f68bf051138e9

    SHA512

    be3f8cec779faadc24a7e490872100a59c48896e1f88945da298a7fdd264468b29b1d4eacd580a0317d612fdcca7aaa7063977fb83fa95c5985631c71d1276f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8dedc11dd0ab3c8055c2b90b334ca3f0

    SHA1

    53a33bd9ca62534d0468f463023af4a8b24df935

    SHA256

    1165ab60f793b49d6df3ec88fde01a8fbf2da16bab1562f2b9b94e099c7d3df6

    SHA512

    0aa1059f4fd0fe84bbb766ae2743fec53d93668a1116f583a59f497d641a2023866061f43fd88e8723ca02456e745f0934a3cf639529788b6a7da590478593d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fcfe032c79120e5e4bfca265485c317f

    SHA1

    584851b77618f32ce9f3bba9490877ffb7595d4f

    SHA256

    259be8a46d8e66bf69177e87c8eda221694f32256f86e703082fa382a6e09f17

    SHA512

    d729d9c8d7716da26d7dc11b1273c1c13f0f4007808ac7bb89aaa9fe4c1bb5c81de318e33138fd66fe0fda77c49bec45dcc82e7970b08f4bcfb9b8ec880d44a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    52b40bf3eda08fe26b1f7097049a9eab

    SHA1

    3d6bc73d0a49feebf4e114f4e6184fb04549d8a5

    SHA256

    2beafcb09c0577b0428b1d8e3f7306493cb8047b80977dc6a169940471a0959c

    SHA512

    5fbcf2f102e363dfd07d0f1482710ed9ac32aacdbf331892ba07301ec4c87e8ef5cb4f62f1cffb94d931e60ce23af52e0b03f68ed7e26a281f2a17d810d7177c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a7c803e6744af2554d934c314e5662ff

    SHA1

    81f8787ec2f9bced7c6d39222af04c8f3c631cc9

    SHA256

    d5b2dd31b4644856269b7cda8904b08cc70efac13d2d20de033c8ccd2bb9e70c

    SHA512

    f786ddc5840143e1cea17367d4f1e46c74cd9b5f1dd5cbf5c9dbb36ca7454a975b9420dc2f3b2a61b4af6615e24d76e8310384d8752db8e2c0068bce7fb713c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a6d434f04e54aef74c7ba0fc87b984f

    SHA1

    5022f0c804d2fe1161d4bc5e999c183d105a1063

    SHA256

    d87c8cd6aa8bb4bd71390d792973a0bc4fdf1fd09b47f9313ffe07a8f7a412bd

    SHA512

    da51db100aa5984f576c690776f36388842980a40a4ec2d37c710e6a473079f728f24a10d216d7db00eb0c7fc1987ae8d184dc78aa232719cece2d57353b03fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b4f3aef7be4201d4926834a9f3e01e8c

    SHA1

    bcdd8cda432507a937c0be796db0175e9ce46496

    SHA256

    fd0dbed84a213a80bfc04e53cb5d2c7d33b43aeb5410ef6c9daeaef54d929a8e

    SHA512

    7fcc26e534d148670d771e788925095767b984624a20d893b9d8b451198628e2f756128e37a43ece3e971fe2d6df33be403504f5d3a9f1b9d33e9d3a31ffffa0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5b0fb0fa55dafd3e91eaed6070e5dc5

    SHA1

    5b117b2cf76f1de80d0e625ccd16118871783806

    SHA256

    920eba7d70b8c3c04cac8ecc764ae948516fa6d84a75d4ce14231ace03cfd270

    SHA512

    88f0808a00cf5591d3392fc0c22e1e88ab114ce2f44b5e394485ce92d5bb818c528bc8b681a309f4d447459c7bf29e9ec33902e29b74d67ce16a05b78886f289

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1be09fa5345bca3ddc4e9b5b34dec414

    SHA1

    70fb5854225cd5e883fb5a912882a27252501545

    SHA256

    3d35af881715f41fe8c18ce9c803ff0460094a9e46e1c1e5e2ba18830d597ed2

    SHA512

    e7d5686f9d1e28dc449d75d9f1731c2b94a63876b6511ce32a04460b51206d8102d450df06409d4bd2b70c3fa1600ac2157afe4ee6f993290121c178121bf004

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da3a754262772db946fbde91d3bf9fe3

    SHA1

    b13275159918ef6d7e9cec32d494ac9eb9a27160

    SHA256

    203c932c98befe3146261aee650067e479cc4a960a68b4f8f4aeda40a6681791

    SHA512

    675143250ed66749124b5ad665a1c555a2f26a57cccdc63c5a50ac20a8b14b04e6d76a1dd980b963747a0561bee241ff32046851474fe34b58a83bfe1155c152

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b4720039cf71b8a37db5d2cd0dee4d8d

    SHA1

    afcf413cdb4ce03f4ec0c3fb83315b64aff52927

    SHA256

    28cd72944082de83b67a8e5c27175e161be6a706d71572de53203bdd6df36cad

    SHA512

    2b2deabf68acf559f19c064d5f258ae7873ee447886cdc8378843aeade5b3b3e35a1ad05da8322eacb3d664cd6f8730e4e8236bb73573306191d089b7aba3563

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    113f31f4299c7c91f0b3113850a2f8e2

    SHA1

    d03c586747d49136cabc0660b718157a9bd4eaa8

    SHA256

    6d07a18c2ae745d2c31073e447079f1d544bed572ed1d2a1cb434e9413099931

    SHA512

    ea16ba2684cea0907ec12f6ed9aa4a24a2570399e6345c9a20731cdfca26fd70486c5bab709beffee3dfa15ccbf3dbd3561ef53ba5c8690a7d8b311518cc781b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8cf10b0ecf7085cad931e59a1b4d5c92

    SHA1

    8d4f76bdab608e105608e64d30869ba17db15ea7

    SHA256

    6e59426798b5b817ce2ac16d123eb27c305ef016bfd502f58fb95c996a913b49

    SHA512

    aa7c71ec19838d207ae249fd060218ea636e4f66c2ce86f94e831f8045d7e10fb5b2ad4edefcb93a26bc42ab654412c6352edec2069d86d42365a45b37d2b677

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    725eeeff537d0dcba388686e4861c1fe

    SHA1

    84c3bbe4143b7cf740717d7c0e2ce63d23776fdd

    SHA256

    c394c903bd11e54fe5124afee358b840abaafe7349f25b5ae5d66f832d13c5be

    SHA512

    f09def30e3c69a8fddb8efd8cef0689a9455750bf761be758cfa9dd5040afbba36050a55b19003acbcaf21df36daada2cd43c6e2300f3df67816b174452f3d0f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ca9b27fb5dd47c17d0de27b682c5533

    SHA1

    b2a2e8afc1c7b50c41ceae85730cd4c39069b334

    SHA256

    a96b3299e682e43e348b0144a0b5a25d4d847d12fbad77bacc0eb21a1a67c65b

    SHA512

    971b62681ac1acc10d19776903429855320304276afce16d22bca6f25c1728a4fc83219bb28fa2adbfe4831e4ac5f0c26e96b1bb09de216d072afc7af6123d3b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7E09.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7ED7.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE
    Filesize

    252KB

    MD5

    9e2b9928c89a9d0da1d3e8f4bd96afa7

    SHA1

    ec66cda99f44b62470c6930e5afda061579cde35

    SHA256

    8899b4ed3446b7d55b54defbc1acb7c5392a4b3bc8ec2cdc7c31171708965043

    SHA512

    2ca5ad1d0e12a8049de885b90b7f56fe77c868e0d6dae4ec4b6f3bc0bf7b2e73295cc9b1328c2b45357ffb0d7804622ab3f91a56140b098e93b691032d508156

    Download Submit

  • \Users\Admin\AppData\Local\Temp\3582-490\cb9e615dcaf44187ad82f13ee4b711c38696c33e0fc25aa44309937bd571811f.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2784-28-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2784-26-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2784-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2784-25-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2784-24-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2796-13-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2796-14-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2884-537-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2884-51-0x0000000002200000-0x000000000222E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2884-62-0x0000000002200000-0x000000000222E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2884-532-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2884-533-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2884-535-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2884-534-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2884-4-0x0000000002200000-0x000000000222E000-memory.dmp

    Filesize

    184KB

    Download