Overview

overview

10

Static

static

3

2024-11-23...ce.exe

windows7-x64

10

2024-11-23...ce.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2024 06:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-11-23_79093bebbb99bd56e6cb97c066dcfd74_icedid_ramnit_silence.exe

  • Size

    2.1MB

  • MD5

    79093bebbb99bd56e6cb97c066dcfd74

  • SHA1

    201d492fd6d3f0aeed73defdfb03a996e9fde8c5

  • SHA256

    586317df8844d39323f92c8bc5d877628362309960459028a57d513e37ed1da7

  • SHA512

    f8431bd488871fa620d443f4f3f0cfb34f0e5e79d0c3a4d4636bb92f3dd6aa1f4915758957943f8c8ac7e513ea0f0b223c4568e45bdf5c1dc68c0d740ee5f0da

  • SSDEEP

    49152:ipp5LM0nEKNapEJBk9Xe23eWyg4+5M7XHq18pqXuA600xuRAKU:iX5LM0nEKspEJme23elb+W7Xg8pqXs0X

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-23_79093bebbb99bd56e6cb97c066dcfd74_icedid_ramnit_silence.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-23_79093bebbb99bd56e6cb97c066dcfd74_icedid_ramnit_silence.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Users\Admin\AppData\Local\Temp\2024-11-23_79093bebbb99bd56e6cb97c066dcfd74_icedid_ramnit_silenceSrv.exe
      C:\Users\Admin\AppData\Local\Temp\2024-11-23_79093bebbb99bd56e6cb97c066dcfd74_icedid_ramnit_silenceSrv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1860
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1864
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2784
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f7c26b66a74c0b1b1077defbd59a680

    SHA1

    82ec48807f6788fdfa41fd7fcfc301a81bb7c7f9

    SHA256

    9faadb12c9f872a8b5284e4507aa5954e207838fa146ce5b925f500e62adda0e

    SHA512

    ccffe99572fe99ee24b1a64b51dec50a66687c0b6045b27fff2b33e3504794c6c03f514698cac2c1fc6efa2d2b64374823ba4f8759f270ae7082001fbf83e8bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c31a9d21d0b13d49d7f7e7b293b79c78

    SHA1

    0edaccf33ea04a86c91659e219ca75b672a6c89e

    SHA256

    4924d3391f81347ace17bf78feea302e35b7b5f99caab779055269b1476914f6

    SHA512

    c9878841aeaeba902867ed4fef3c4cd85c8e3403bfa294ad972da1b07b70c21cacc02a28591b1a0e37e460cfc61a5a5813e305cffd8a8b67ffc3ede2b49fe105

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e250119dab0fdcf9e7e11765ac0473f6

    SHA1

    fbdaf9680c96807c5884f51ca14b17575450e269

    SHA256

    83c69367eb050808446f7373f64811d570b4e9928ce366cb21daaa37909bb583

    SHA512

    6b5a567d36c9274d9c9c276f4cb9ad3ad845eedf9774100d6dd9e2fa7f4e4906ea939373a88bdb1bd609b009db942cc0821668a32291ff32e762dec6a7bded64

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b61beeee343c3bdd3b20a87fc9d25b99

    SHA1

    e35c96e9303363d5445f9656699b782f38d670b7

    SHA256

    0c212ca8a4a41ed8ea9614f5939b8c6c4906b888e690aac0e03830ede4c5ac0d

    SHA512

    2ebbb4ce4fb975fddbaf5a834025ec6dbf84df26e539159c4d759430a752fcb4d32b8ce5fbaafbf100ac1f505f5f836185fd88fecada42a52ff1ad614122bea9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e44bea69f618e560d4c0bdb385be002b

    SHA1

    698c7140198a77952b28a1ee1bc663d32c84be19

    SHA256

    41448605cc8f5fa5728d4e183cda6242c98c88b2e93b717facedab25042fd057

    SHA512

    3308fec45c73fcbad07c930910803ee18626b095bcedc2e918e72eb7a140bef43deddcb6859b4f2ca7a8be193fa3c46d7df7ea850eeabaa2695acccb3237813b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    944aa474c9d4382e9657e53cbd1ed359

    SHA1

    615bc955d45c1b0e2a8a3bd58d59bbf8783cc427

    SHA256

    98e5aeb40e72013bf5dfa6c5dc99ad633c22c501454b5038ac25182c63b73ce2

    SHA512

    375caa0661f6fb6298885dcfe671215228a5a5e4cdf0bcc02d802f1d46dde476e6ccb18d6d295f40263c60a486092c4e738167261d0ab31cf97f36d6f05daada

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a59c4fd3963479eb7f4b79226a8e5a3e

    SHA1

    480dedf8fcf26522be4aa0c4f72e49aba673dad7

    SHA256

    971c8997062346f53c089f10a834e3eb1cade40a9559da4e70739779457e8ff8

    SHA512

    40d8de34f35f13d9261fdb08c117dbe5addc0edbe4238d79e7a28e6fe2961d1909ed08c967a91d996321ba5d614a5c77b168d34ebbcf94c19c5034e926c5a276

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c66a3245f204ecb29aaa88ad42df3c0e

    SHA1

    7080408564ab5dfc406164553d96dfc6c6bf0f28

    SHA256

    aedb9424e2f47abf8d27ac1b096568006c70d60ce4e2f45a0ebac0822fa79ae9

    SHA512

    14090409fc6b5c42ed6864ddd736561ef6d43d0d9da061cfe7c69835459e7dd9709c88e77a4dc85f5596e161b8bd8263faa02daac78cba9ba808fcc0fb0c0b2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9160c105e60a33e011567b0e8b553d1b

    SHA1

    1cd7f431b62ffa683d5fb45e83af5431ee9e27a0

    SHA256

    c64deec6aeee3703a9ef5821aab0a5be289e33f343ce720864c2f0deadbe0399

    SHA512

    0cfa19ec9ffb7f6decc3d20a088eaecba6bf3e39edc2e6dedc6e8a88a010a8e8a0dfd1d9157afa0e2d31b40891e96d9751d249f9a07fb545a86a3859da8a033c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    26fff0de8d30bcabb40fa3c5ba7352cc

    SHA1

    c7686b38943183cf09c65a6d1c3e467d891f6fef

    SHA256

    c1a32b9edd8f9d4ed234b2a010ab2ab3a4562637ded436e954e4b3c6ef02e3bc

    SHA512

    99c5cc403be6f87e7b84c95c42e39f079c8faee72cbb4b4ad3307d65b74b005107730b2b165e6152e73bc0f2e6489633b807e6609bbe593fd133984bcb2ac22e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    480e7d7bc2ee4e515200e588e27a8411

    SHA1

    a1e02cada4b489c78c34d3fdcbc756d49c058d94

    SHA256

    a4b96cd7c97b9b9adc6c92d4e09dd5d5eea06866c11cbac9c9f7a37d491589c7

    SHA512

    15af1e84e8330ea16f14d59501c5dad384508655d190185c52be6e96d9e75b58384d3d31fa75bca879a3b53f8284367b6e4c8961466333663b0b48a71bbbcb65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f2371e8b4a7357341392906ad4579d5d

    SHA1

    30ca757e60538ddd678c5cb61025b161123fb743

    SHA256

    76df220641da8bec7e1f1237a655e034c0f9dd73935c4c9dd7fa28a7dff67efe

    SHA512

    e988f5125cba087c64d2486d8b9ad37b6557c0c75f172664225379f2d2c3c8c82c54c8a482c4b24e003dee65b46ae74719a0f05d2c4743cb1fba10d600605374

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06a78e4ee643c564fb82994546a6735f

    SHA1

    2d99eee735a5a7b4d5397332800a42aecf054d46

    SHA256

    5a44be86774e987e2b2b9df3634f3490c6021ed50835f49187695d7e2e8ec1e5

    SHA512

    dd9a052bd563c8275cb3a7b85914706b9530d9051c5cde86845fee1b23da96eaaaecbff5b58cd2f4dc36634a257973972357358d9f0473e728fea5dee9c3268d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a6fd03f760fa85865f92a00f93f81e48

    SHA1

    335d2de65d049ab0739c6b06ecb76bff64317e99

    SHA256

    0ffa9cba41df77aa76ca48a2ade1ba59eb2b09c12bddb33f79038cb95f721a61

    SHA512

    8a363d80275f58fa0990520ef39b9bfa0f9d2fce13ac632c71ce25255d0c60df89c9077a4583fe9c562e2954e8f1768c288dd05e9f14ce507447d9cf4b79ceaf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    182a33a2e41d1b736d13da631e6c08db

    SHA1

    375c36f04b8945ed9120f710a1bdbdf1497e2416

    SHA256

    cde6efdec6ebd50bc40215a25391f16b2fabf2096cb5bcda4b6a8769383dfff0

    SHA512

    055be0ee63655a9e1524fa295c4449b5b53f313549b13ad8cf8128716a36c62d6f3f832e0c2136bb662efc60aa01bca14ec082631cb8d02d82895322b7577530

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d3b146f073859e1c8de67a666f46ea2e

    SHA1

    831fdc46edd8447e11aadf7089af0f3439375042

    SHA256

    53b794806019565f74a0991a3e8610fe5e4cfbc1c69928546822650cc206657b

    SHA512

    8b875f64e949b27a029310294f87a5b30e444bb41989490fd87015b93c4a295afaf4760be043ac9d207b66e21546e788c2ef09fff37ea7598dbf84004c9de1aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47d75586ac262b0ab5fa76c2e35fc49a

    SHA1

    abd93a93c38cec7d7369d1cc89eb171b6a859d4d

    SHA256

    9f0788529dea6ce21dc99e1fb0a81a73936b648f5f2ce104c3b438056d475da5

    SHA512

    49214a17b8ec032487889c79d6ff9a489fd3b73c3c6da4546b59463d3b5dd86c1b9695f5ed1995eb43e9db24f32100de02437639d42bed9da559945355f5b1e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    40739aa861a0b2a960c094481653da09

    SHA1

    3d5319e739a0ad58b19d9c46a7da3ac0dfebab5d

    SHA256

    1d1789695e91d29db94cd77497b52f1576ce5d8585e20823bc124e720be1c285

    SHA512

    e486022e5cc605d4e92b3b0251cdbea3c69c7affdf8111ab8c185e75f64f08653dd26347f5f21397e6c9f7f0b92cf5ed8069192b65f6555faaf7da8eae9ca1f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3353aef63eb853f88d02b7e49a25a98

    SHA1

    a7e92ab38cb5faeb3a6657b3bd83b30e6fec7c2e

    SHA256

    6017617998543c75392e38c8400c4a13c48e24b4725dab3dee1b6446886d4e40

    SHA512

    347db983a09005e92290b0c36370f572a9dd833995cdf35ce943edc8d77e7f149b601c531a78d1e795f8d5bd3a189924d8405eb4a4951229d3e622f4df537037

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    22a16df213f4677794b8c955603eb080

    SHA1

    48dbda538228b5d6c11ae84808a741bdf16ea68a

    SHA256

    4671950153b4f591adfd4859b8f6fd117f3b6d6bdf14411268bcecd976ed0686

    SHA512

    dac77e2e220611b663c528cfb72a2812028d7f2a0b9cf3fa5152a4ef16ed9da0623e803945b5f65d1c5814a14e95a0e8fc889a104e656aff106489bb67a8486a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA7A6.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA808.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2024-11-23_79093bebbb99bd56e6cb97c066dcfd74_icedid_ramnit_silenceSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1860-9-0x00000000002B0000-0x00000000002BF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1860-7-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1860-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1860-14-0x00000000002C0000-0x00000000002EE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1864-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1864-20-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1864-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2520-1-0x0000000000400000-0x0000000000631000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2520-23-0x0000000000400000-0x0000000000631000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2520-24-0x0000000000260000-0x000000000028E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2520-4-0x0000000000260000-0x000000000028E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2520-25-0x0000000000400000-0x0000000000631000-memory.dmp

    Filesize

    2.2MB

    Download