Overview

overview

10

Static

static

3

2024-11-24...it.exe

windows7-x64

10

2024-11-24...it.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2024 14:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnit.exe

  • Size

    912KB

  • MD5

    48d37f6fe39397a3f6b29980f1ae5356

  • SHA1

    89a40066e12c3a6375fcfc2d477c90cf01a61b98

  • SHA256

    51270b0f996545827dfc0d477c11609b7ce11cf02f9549c407cf34e81da69f16

  • SHA512

    3cb567aa4acf5115a28ae40ff7fd0bd6b16b5168225a43086546cb32c8dfa776ff54f6fdec8c135bd3776d4726a54a46b14e416177aa48a8e6218d75dc43db43

  • SSDEEP

    24576:NVNxZoj8echseDZtwHCw8TXT0A+6ZcFS:9xZoj8eyseDZykT+KcU

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnit.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnit.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Users\Admin\AppData\Local\Temp\2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnitSrv.exe
      C:\Users\Admin\AppData\Local\Temp\2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnitSrv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2536
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2880
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2364
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2364 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2828

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    848e0711af4a04235ce557fa5474edfe

    SHA1

    d5d9ad8b041e0fbae26550b0e731814094768b60

    SHA256

    9ed5779046e72686f849dca1fcd7d5fa2ef4a37d08feb71c89e73354fc6eb9f3

    SHA512

    87588c6038aa850e5ce19d54b93262df45967f2d56bd8b3461ada62fcd99d50f8cbf7a0bef8a7ab077b84766971461aefadf3b6498f5bef974c7f998c83b4d99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    327406a4b2d5d4e2a1350a6e5b5f0ac4

    SHA1

    f33af69268d187e0efc9cc6514e1d04a5766d17d

    SHA256

    81b71a2ca1ac68fa857f2a3a7d814329d2b7126ec07dd9d2363eab8c190d772a

    SHA512

    d4a7e410e0c0f9377ef22f206560502f60b5cadd3e58f073a019169a77265e0e6261fd570b50a7b47191d4805e57c65808d98d7b3f8b226e928723f134449d8d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11db8fc8e575d7a20135a9dc4be2720b

    SHA1

    8da6f59247d881749c63d3d60c4b5cf30d4c4502

    SHA256

    2d939fd829475acaaf692709b2e42a0c66c81e5c7d20052d0aeb90af07beab83

    SHA512

    5061f0867f719616417d1fa118b1cbd205ec09004322552cc3c7fd12fa0fdb103c18061397e5219be3706a20596793938c51019a1341cfa5f60f70de2732c6b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c029541fcb8dabf346687a334abe192

    SHA1

    a246069063ca03505542edd6e26fb62227ff282c

    SHA256

    72062fbfcad469f3c2a256393ef3a8e015c7a0c26bd5f81ac7bcc31cca93bb65

    SHA512

    1eb86e4c97ee5ecda8095a95e57548d28163f560f06e3742946b259f1eb8274d06917078f38925f22329de9d02756f3c7871887ddb523b4a13056fbce64dfe99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a1693082e630985a1463decd853d947f

    SHA1

    4f18c34562187082920c030468d18ad6809d78dc

    SHA256

    d39d18ee1268b9ead73aff35c6b2460b703a855ccd722bd75584be8d0f792e6f

    SHA512

    9bd2213ca68b13a49ff9a5ac12de194416943f5823f26186bf07e9a3acd61916bf51c71a4e2c2bacb8ad3647dc24e3a4bf9f4cd9eca4de2baff4c80338379cfc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f69a4030cda9ba72591e0dc2138616d2

    SHA1

    dc760fbe9e6d2291bf649e08e619debc78809629

    SHA256

    81cec2a31165e519f00be58e49eef04d42c8acfe007b65256809b831dba4d41d

    SHA512

    21766162d446d9a96c67d9e42f3f90ff78e23234733029db3e688a627e52c7e83888468d45860711a0cafa1a73320751bee30674f8b66bb7984370854cc0528d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9e0b4f05efba1ab33ae8b97e283d1d99

    SHA1

    c431aeed75887a61465ceb3c1b1087903079bca4

    SHA256

    26488d8b49dec7e478d910fbfeb415b8325994be1bdf19cb0a3d9455a2b996fb

    SHA512

    48a07ef60244ff8e449f14c4192b41e270a98938bfd84378380406dfe652171fbcf0ea1f911280ed9a79a3cff3859b7c4bdf0c1480d2b9c148088cee176a2ee4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9f6bad15ef542937945f8999b431e6f

    SHA1

    db9233e2f33af5c71729ab5db8dd9fe2753b771f

    SHA256

    ec39340be65bc61f1be7bd014b5dad3a85d593370da5fa99eef1f850e523a6e3

    SHA512

    f02cba7f81ef6a73500b0c14bdba617ffbd645bc248d836663dd9f04715676d007cbdfafd2cbb58a1f4a1a950b5652956c1bdc75587d7f228df72713a405c1a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c40ec44c8fe89e51d02c7055a4aaac2b

    SHA1

    5d802465134b4e17bca7567a79adb4d2f7195042

    SHA256

    10b1a1bc2e6659926333e8022a19aa059e457eec83844a35935c28ce12829265

    SHA512

    035c82d1dc857d84467bef12a9a8050f4aec6d1e58511de6deaf7066319a4777dc34fe159a96679118ce6d4df1fd8cd9eb578943a4529365ebde59ddeb9e98b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    557def50f0adc8e1569df5e98398474d

    SHA1

    03e96bb620a726d3a3895969252d0b3b7d566ef4

    SHA256

    b5cf2f80576f7bd0088416bf2cbc6867f5301bf6c994a2af7615f222128a583d

    SHA512

    1bac613611cb012d69eac8b8c1724ff03aa321a838f932b4502ed4339b89373a92187c3e7a3624693f7e2dfea86498df8f273fd069500ba4bd36cbd2579f743b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    278411003c0bfcccfcf40f0775d6b9aa

    SHA1

    8eac01c625d1a0c0d46d24126d2fbcfcb44a12c0

    SHA256

    ce86c109bbf323d247e2f9b37701c70c5974b2be83f2b1ac431165c19d66b201

    SHA512

    abaf124ee943b7ff01aa4d3e460fb1c193ce497db8b00ee6cd00bb2b25f19ecff821f2502347de1b085c91dc9e60506cbd896d246c7c5ae534089b34d1f498c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    777db0cb62e27aa933da9d83a37654fb

    SHA1

    935b462de7a8fc8b51cc252d44aba257531f66b0

    SHA256

    796c1ab6216fa020b456c4b0bdf3305d8b7cc3b81a401104da592dc152f299cb

    SHA512

    00d61d6cbccef3dd1459cf3f46911474b24393605c45285ead69fbb2339508edfb05580d8e40e056ce1858402cf8320bbf2c071e04cae36f838e441fc3325e6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec40727051196590ef9563ad86441242

    SHA1

    89d7b04c6be466331c50b7dc035c8b1705316500

    SHA256

    263fcda4e558c5a3c852510a9b941ec6bd1d79019e1c9143193513ecb9c53189

    SHA512

    431df92ddf186e9c4e793385b06df2b367f489f0c7b91b61df1d5a7994807346bf4bef56d33457c200d968eeacc06f49f9d3a4bb17a058e2b8f34d6bb727c765

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    330e9a7a60dea73356efaa3d1f14dad9

    SHA1

    202789881d32d8dcd7969afcb6b02f6b0f06c88a

    SHA256

    795e14ba8022407a61c124c33f1b13af000178aa97224416c0d37ccad3739833

    SHA512

    f5accd11603a9d49e7357711e2dba635538135bc4929a153fcdd090261a53c6b1a02c319e8ac635e6f700afc2d4a8ee1a9a4964658d0ca6e9e8f0372d48b58c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f82bda10a738b3cf6509d874b882ec02

    SHA1

    2aa3b921561ca96b5096af537f1e4ed9b3476c76

    SHA256

    f58d65abf0f2f396104a43d7438d02f48bdc6aeb461b3d367231204490eb831c

    SHA512

    99e8389487df418c8c9374f5b9385c8def791ae88c477090e25a8c0a8f7faa87d7ccc21b7c71a4e11281df3ea00290685ab089bf3a3ffbb715f84ac1c3a3ad59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c03303ea69fdce58276f00f311b2ce8a

    SHA1

    1dfa04e524555cdaa0d9f928493062f6c729e483

    SHA256

    2f8847e9ddd93936fc1531553e6c3b840fc771cbfe999274288329f000e7fd20

    SHA512

    2d1475c449b17b1a4beebb4c5d0047d3e7bf56297dfb64f787c28e253c86a82a1b7a3f9828f3f7979f91cb9365e5c1ff88e3a24531bdad57947ae8c09b2ffad3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab21A7.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2294.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnitSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2332-0-0x0000000000400000-0x00000000004EA000-memory.dmp

    Filesize

    936KB

    Download

  • memory/2332-8-0x00000000002A0000-0x00000000002CE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2332-21-0x0000000000400000-0x00000000004EA000-memory.dmp

    Filesize

    936KB

    Download

  • memory/2332-22-0x00000000002A0000-0x00000000002CE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2536-10-0x00000000001C0000-0x00000000001CF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2536-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2880-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2880-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2880-17-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download