Overview

overview

10

Static

static

3

8f04d4296a...aN.exe

windows7-x64

10

8f04d4296a...aN.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    92s
  • max time network
    76s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2024 07:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f04d4296a225ef0f5360071d8964a3b96f5e39b59877e1dc76477232f679cdaN.exe

  • Size

    3.9MB

  • MD5

    79b04a58d8e28818c4a67db3792a3800

  • SHA1

    2ad20e7c4ac2be596b3e3d727e3e4840f4b89f5e

  • SHA256

    8f04d4296a225ef0f5360071d8964a3b96f5e39b59877e1dc76477232f679cda

  • SHA512

    bdc21b7a441c661d37af449f438dda43b5611e1498ae6a38572a5317225c8d0bfb1d3333faaccc9b9c21ed3c40bbcde569f1be23d238bcb14409a6f0acfd8856

  • SSDEEP

    3072:4AyDhKVnYyNZHxs1pCUaMTTkoLzrOHh7+Cn537NPeWUX0ip3:4j1KVnd7xs1jOH/pNPeO

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 6 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies registry class 31 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f04d4296a225ef0f5360071d8964a3b96f5e39b59877e1dc76477232f679cdaN.exe
    "C:\Users\Admin\AppData\Local\Temp\8f04d4296a225ef0f5360071d8964a3b96f5e39b59877e1dc76477232f679cdaN.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2536
    • C:\Users\Admin\AppData\Local\Temp\8f04d4296a225ef0f5360071d8964a3b96f5e39b59877e1dc76477232f679cdaNSrv.exe
      C:\Users\Admin\AppData\Local\Temp\8f04d4296a225ef0f5360071d8964a3b96f5e39b59877e1dc76477232f679cdaNSrv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2772
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2748
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2732
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2732 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2896

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d13c00aac968db43dfc1489aeb13a30b

    SHA1

    cf4060c544dd01d3699ced65eeda5b58beae2a6b

    SHA256

    dda65e3de47d49c0df239ea3fa14d662784b34f0d8ffad7276688f1e101a3afa

    SHA512

    3946935f4b26d0d5f520d9152314b19657271febd6d977550494a6acf2cadc2db955599621d804297a1679993e98565dde1f6b5f70d756fba9afab565bd3ef9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3aa3637ed6740056ec19452d92a681c3

    SHA1

    778d75edfc8b558058bbce8b48f2e05230252898

    SHA256

    fa83d181e23389827ea9a19fa619c407817dbca45546bb29fd1a7bd28ecc8292

    SHA512

    e4fbb3a1a4304125dc033531bdac9be83087fb182e90d0480c14009bb39d57155b62ede499e059a0b5a9a15244c6a8dc9ca7302f9c0f2faf5e5f41c4a3250047

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    240d6144f610946527a4efce3f64ea61

    SHA1

    ede745bf00346c3e4a0a847781335d47d921f53b

    SHA256

    5f9a1184dd9d3431ebb949f7d40cce54a6f141fb0b647b82a20fa03fa37e62b1

    SHA512

    d59d4411e4b5667d773b6f8e740a7121178966926d6ed9f76a85053e84706f47ce95899cf52a427023cf1c7ef10dd51e78ceb066ddfa8905dd2876b4f4698d8c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd55cbcd93890d30fc48afa87c61f7e4

    SHA1

    73e839e8ff4faaee61e7e2a3aec27b2cdcaa440f

    SHA256

    970e445456881a5a9ce94abe9213ba47257c06a07fcc33de91f1b88c05b3a8bc

    SHA512

    b22f1e89eea8551000273e098a99415019297c8b523091b049ed8ff53b05ad42e70305cf37ad3a27b28cc965928cf9f0d9a8a1b9f37b5d4079d7ebaf7f9613ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    350a86809991bffbea6ead02c2337166

    SHA1

    c0abab16ce1b4b3074ae1761a9937c2793c349eb

    SHA256

    7bcce9421a007554d30b5633b86f1245a1e0e56507e904c78d865eab3ea93b2f

    SHA512

    0df344cc45924128fafcc704b7acfe5e27d6c0f5cf7d808c283b96dc706ef75fe752ac6ae643e488f1640defb23b3b8f76c14fca38714d0ff3984a26cda94bc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dfc8c3b7857aac7679429956bf969ecd

    SHA1

    96bd15c38e441a89b11636fe381914af776bbcd5

    SHA256

    936e71caadb7e8df9e50ea3a9b27a6da53742ac2f1b767b1f42852beb6a7d68d

    SHA512

    b52bf315cb3f34daf170ce09e529f2e420233708e62756c44061d24c7c9883006aa748a258eb8b230f9b999b136f61e58f940955c06af42df5d63ad99012fa4f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bfa51c9ae4fa2fb93a5ea93b665f19c0

    SHA1

    c161ffef4ed8f67cf6c7b1da0976d07b59e840e9

    SHA256

    10a4ba6c34708ca62d97d8d3633ceb020dea887f1dd0a8d3e05d8f0476f12746

    SHA512

    43027806121a5fe7eb9d88ea6a996cd0e72bf0dfc82ed0980f2bbc83d866f5af1d860cb4572d6c450ace5314d18f8fdfa9d2d40ec8987881f6e19f712cb0c5f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a961b43f441debe7ef7ca7d5c9a528a7

    SHA1

    7c3855db6cef8807231c63e363659f035e76a578

    SHA256

    29caf524228a83f9f22311759c8ddbee99adfe0efbdbba7eaf028389640679f1

    SHA512

    129f427b38b092bdd99b81de410303dc23685cb63b645aa016013e5a136456d7a39da82284257e711b42886b0d74799dfdf6de3909136921ae899adefc698563

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf69c5e95421f4ee28ab1d355c98c0fd

    SHA1

    9714932b2210c033ca12edfe84c324403cd7bc12

    SHA256

    78404583adff6d64a953eb95ceff62ef5b9ea50b2e46892811b561ef4edf753e

    SHA512

    46d1e24cc3adcfa00142fa3481de5cb4d7a51f38f61361fe4f9d1f3aeed9ad60a0e7c0d419fe1cd462abfb4630ae112ebf46797853fc044bcafd71e75b5f64a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3192850fbf64b175cea6d004de1ed4ab

    SHA1

    24351c253e47fde6699ff9a59c2490f70d64b01f

    SHA256

    6f87c814b68557fa1f61b2a98cc1d1961ce37359b8e7c6d940288ea17afe8a98

    SHA512

    e71882cde8bdcc95c1bfca11c49781f2ba58edda229874ddf4972318a6ba29ad98e1df8bd26a954a9819a72b25fe2cbc07fff11eafa5ea42299a2282bd9c7eb9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9e12d281d4a46cbae471c1d2fb5f5e48

    SHA1

    70ac862adc7cb4fa6bd5541a1820939e66b6e923

    SHA256

    0110dd86913cecb45a296f3dcaf965fe57055981b80d3e85eb3849e7f5c3476e

    SHA512

    020ed9aca5bdd143cebfe7f93ea0ee4507696cd3a86ca6f996f82ab031b0a4eb552d873a8a222476761d5bd3a001250ac137e0b508236c135c1492e845a44ea3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    64a435387d2ef968d42bf88046681d7a

    SHA1

    94b5b536cffbac53871d7f0c03bc977dc92ec29c

    SHA256

    66d1bfd9a6b4c95ee14ad6688ed71e6df68867540db10e5e30c44b22a71c8cfd

    SHA512

    a7b4a49a69267265264a4ac888d60392dd03c6110c3a8156512ce7a5c1b333ad52dbea8479394d338488dd069088bebe02692ff41b55d7fd51120c2a3e0fb93d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    97520747c41c63cc11c19556b18bf382

    SHA1

    1d4b408ea3802c359b0f2fedd82dbd42b77cc24f

    SHA256

    1597db036fe2b0ee82f9d23331b4deaf04057877ec91f2cb202f25a65e9f651b

    SHA512

    de20b23787a6b07fd995f04c607ebfc08926c599e34d9dd5c425cc4e59e8e1d4a0ec417d7abd59fa93b8023c7ad847694abe9bbae254e1e2cecdb7ee5b77e925

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    96448a828b7c97d77c0c4a8bc0f8ef5a

    SHA1

    dbe2025efcec0fe1d19a859bdd53544dd529d8b5

    SHA256

    ef710567c82aa65c9c1c529f1bfdc59d2e27d12b433a8074a5199647e93bcde6

    SHA512

    76f8eb2a28fd3de8d4ea1ea4791d09451e2713132aba63ef115283424d4f7fc37b946941a5736d17894bc16df5f71f94fa4f021c18f655d9d432a8cc0805d931

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    83eda7d006b8bc95d7bc8363d23471cb

    SHA1

    523634e77433dc84015306c30b7fd822f85d2e3e

    SHA256

    5d950a4b78198bb30cdcd9a58802a85ee86f7bfb58e3d7a4b8027e92f9adef1b

    SHA512

    8600083b1ca238e520c9c963919fd8f03e70d8b61fcb1b657965d8952554417abddcda4a201cd11885d8a218308e275758756d3fc5780ef9c5bb73d50ca2f9af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1fd612edc20f2da179e98ca7064b3912

    SHA1

    de181a55c7b8d8e9d7810524bba741ba6dc29157

    SHA256

    59e4ee34d25f59838e184a1fd756d9272337622d9b61d58de11bd8dcc226efd4

    SHA512

    8d202eae38589c32972bb01a1c19eafa4dc4d25e5d25fa5e9e7eda8a639eff4d8269ec34394b6846b2cd0f8d52d738164b9017022a1282ac8fd3bff042c28545

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d95157a1ac06be122dc2b7582cb19181

    SHA1

    967f56af17883336626109504398c8ed82e7f29f

    SHA256

    abb33889a44e6ab1c6b8cacc8a54c421b3a94ee178b2db642696118a005b671f

    SHA512

    c72f3df8917a670db5629b325c2059f56ebb6bd6daab3a0cc7a31586e8d2c7cfaa107b92609241e81fa258db7e44359aba9a88969761e7758ce2d923b568073b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    098e7449efd20c12cea8c7d775ddf810

    SHA1

    0b185d5a254e581fd2cf61dcd13ef75fb16f3d8f

    SHA256

    657405cd1fa5d82bfe64f4120145f612f4c9e7b336e5c9f9b7d496fd5c05cbec

    SHA512

    6b7dba6d7cd0235b7de4cca566763c8f48410008a41ba69adcdf07c89d00fd1d6579add5f828d1ff03a83b1b0e5b8d7faf958afa245ecffc12ebdc7873e035db

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5257.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5364.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\8f04d4296a225ef0f5360071d8964a3b96f5e39b59877e1dc76477232f679cdaNSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2536-460-0x00000000002A0000-0x00000000002A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2536-3-0x00000000002A0000-0x00000000002CE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2536-29-0x00000000002A0000-0x00000000002CE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2536-115-0x0000000004430000-0x0000000004432000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2748-28-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2748-26-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2748-24-0x00000000003C0000-0x00000000003EE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2748-25-0x00000000003C0000-0x00000000003EE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2772-20-0x0000000000240000-0x000000000024D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2772-10-0x0000000000240000-0x000000000026E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2772-11-0x0000000000250000-0x000000000025F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2772-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2772-6-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2772-17-0x0000000000270000-0x000000000029E000-memory.dmp

    Filesize

    184KB

    Download