Analysis
-
max time kernel
117s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
24-11-2024 14:55
General
-
Target
2024-11-24_6f89c749b132d76925f3596e5a497833_icedid_ramnit_vidar.exe
-
Size
3.6MB
-
MD5
6f89c749b132d76925f3596e5a497833
-
SHA1
99361db9550228ebd3ecb2322e9191226b1a7fa6
-
SHA256
91c67f8b5bdc79873d28c6c89ff0f4caabc1dcc27000c992fe387abd7226d4fd
-
SHA512
16dcaf424589273716b83c7f563a7e44ab833caefe5bb82e0b569deb861b287b9c523efa242722c0021c779f32a11c642c1d0129d3ed1b54351806ce23a4f718
-
SSDEEP
98304:1HtK2afnf1W7ojMl9b52e4UF4qFmLSYYWo4r8eJZNKDM:7ava9sU5ZWo4r8eJDKY
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 37 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 13 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-11-24_6f89c749b132d76925f3596e5a497833_icedid_ramnit_vidar.exe"C:\Users\Admin\AppData\Local\Temp\2024-11-24_6f89c749b132d76925f3596e5a497833_icedid_ramnit_vidar.exe"1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-11-24_6f89c749b132d76925f3596e5a497833_icedid_ramnit_vidarSrv.exeC:\Users\Admin\AppData\Local\Temp\2024-11-24_6f89c749b132d76925f3596e5a497833_icedid_ramnit_vidarSrv.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2264 CREDAT:275457 /prefetch:25⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2264 CREDAT:275461 /prefetch:25⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
Filesize
252B
MD54165284223e13af55e6f51b71f8b763f
SHA18ffc6090ea27a901a47428d6a26dbf66536c0719
SHA256c195f8980a7a366b18569516587e9231ca24ce73b9cff164b0ad1e59ad90e177
SHA5121ce40a5c5ac9cf991c234307c0e4a7caa3906132fdc420175a19c694deb5ba7aa192dc56bde002684cc3270d6b79ec5979e7d9d78c63e2ccd1c1393cd63ef335
-
Filesize
342B
MD549b47b7e2bdf1329f9bcc809ed3653ee
SHA1206d02ea4165899addd98f42245f6f229e895b10
SHA256680153826533a6eca559cfdfc581eebfb6635b107201c3a419910bd97a0187b7
SHA51204fd69857619a4a2f18cd6dbd10c35f866a8c04a58a6471475ac29514b91a5fb60f7725d386a077f1ce1b97c594334beb87918ecdc5b7028e50d731643c4c35a
-
Filesize
342B
MD59330621f44177532ca45f7c36cac02ef
SHA151019499bfcfaec96f58f42d6df353637697a650
SHA256e19540f003328d8b2a9c3aa5a61662227408fc11d15c25f12f462aa441a7abe2
SHA512c14250da2d008cc467da6deb6ad7cfe8d09710092170e11ee554095ef51fabc30c15f407692e307a520712695a3dcc1ecdf422e5aca0dd76e045b067c261f0a0
-
Filesize
342B
MD5e5fede4c25c875cf9005248e34c40a91
SHA1d48422ac2358718ed0cec73cbcb3144d98ec842d
SHA2564709124814669f2b3f3e7d8c6125cbc7c0d23d9b0896e1d608f71dbae3808c73
SHA512bb8d64b78eb9d68d79e1539d0a93fd9271bd06bfd1e23a130b38d6daa035fe8822d4d72ca9b8ea3a49f94e881900f77fedcf7fb06d84e7450b0ea7c925771ab1
-
Filesize
342B
MD525a5f6f8a7cadbb0674b6826ea6c137b
SHA18b3391571473b5f394dcf338fd4ffbf121db8aac
SHA256da63334f285019ef926debea6625bf62d05e66adf96b55c53a044e10b848c563
SHA512b9dc1ecf47d076f566e02b5bdfcdf6eb64492b255340afa7d425e075a181c7657e9e62424da4d2a812d048f422616588f2e2a0dd61862ee444b041e3f4e2a299
-
Filesize
342B
MD52e2dad6802b737bebfb8d5b2f503844e
SHA1b5db19a22f11b15932509f70ce4533a119b038c0
SHA2566e412c9c086ff76498d763dedaa8f311ee77520e2cef23cdd85125629c6d3699
SHA5123b754be0bd8cec1b45b674c4b74a38a4b3b0cfa9214c6e024a160d507f7c6431c1e5cb0fe1215dd8c2609ffea9a57caff47e80491575d377f30cf39355c45eea
-
Filesize
342B
MD5937df2b3ab8cc4857ef4136d28553d52
SHA1065271ea077cdb28df26a30f71ee8948ffb245a2
SHA25668f95ddf2ea7e028f0eaab3e9ed4a305ffd5e17fac07b94be25cbc12a6d27a83
SHA512513c29501f6de6fa7b5fd648defe1fdec7b4b66f95f81783471248f3c2b2f6ebc9ed25bd416fc1e74431821ea1d71a3e0910dff56e8537c1c4a3a0c05739a40e
-
Filesize
342B
MD5ca64c0df187700e2f1d60a0f9f16e39d
SHA10d0be5d6cebab49044a8c1a3bad67df049a6c52a
SHA25649554bdec5eb9f79fb0c8cc69972d411a19794929018822faff791dd1dad1fae
SHA512f57cca185700bd81cb4403d2890228deec0a7181a63c2fab58641ade081d268efcd93ba1863b2e62fd490775ff947f0503151a6965c8d00a5eb5c05fff27631e
-
Filesize
342B
MD5b6c1bc1070f33fe2aa3f48a02d3d40ab
SHA187227e48d990f69eeb4a5473d313230c9b99d6a7
SHA2566c11be0c253c4c652f1428b090e4e29fcfe42fa5967206e17530be4c125db35c
SHA5126d793ed29513c7852fa7dfbe71db3261c2477270f9f8f5ac46cbab3eee4b9bf52e56c4761dd1906578dc6fb925c62ae23a7b654b5658523c0667e115235fe7e1
-
Filesize
342B
MD5ac7810e2154293ed21675fb7b504e472
SHA1f0db5173cb99f02668f94ab2205d1a9120cedde7
SHA256dfee417639b80419c77df06490409b88af47351beccf495b5dd69410ced9805b
SHA5120317670fbe9ea82eb0a55190929280a6aef20eb7b69a840ad89a33f19f5cb5ad96b9e6ff7d051da647fe48646837b3391d3137cb25f7ef9cb955eb2c64ede1be
-
Filesize
342B
MD5907a98c7e6699270d6bc5e64e25e006d
SHA17ea7817db8d20eb1ff043545978e6dcdbc6b245f
SHA25604556985d6b0d30e30c36dcadbe30aa3f3faca5de4bf0e548ea7f29f57b374ef
SHA51253919bb3816d158406ff0698593b72bbdde3982d93b813b2a98aa459cb49a0540e722e7f81310a410d4e022c3b46a5a700644c3cc6b4f601a0324ac98d3a1d02
-
Filesize
342B
MD539982e24af990273705045addb9452d9
SHA1250c9409052249c8246d83ee9fd69dfabc5126ff
SHA2560f90307847f19559fa312359dca1aff8c814c0fe3c96774519500e553de94464
SHA51220a968de608d841bd5f5b27b40e3f6251a42746e36628cdcbc46ba991e97d6451abb44f8bc43849cc6b6c3a3c356872ae3170b3b2239f6362d980e1338dd54bd
-
Filesize
342B
MD50121fecc10fcbafa766cb83ac7460ae9
SHA17788882a691ee775c5fa3c32a0a605e7acca7dfc
SHA25615232a7be30667315cc0039b9968e9f5e7dbb9ac124f4a98b411a243abe8e244
SHA512864c23d79f32f54460bad27eee81abd151411550dd5703afce449b3018fc5768eab26359b6f6516c4f1ea9f138654ac73e890ad078cba19668e9ea83568bce5f
-
Filesize
342B
MD50fe6bf3a4ee4970b5468e3df544115ae
SHA1e84d4853b3e88aa99cb62b6ab070664eb3c18683
SHA2560275831c0b6edaef16c1f319b1e3cc4ab3cbbbb1859801906150f69467e0ff58
SHA512db1af98afd283b0ef414557387ceea6414f0ddada7a014b795634ccf4ce9fafd40e3ee9aefb231676cd3b45ca1300397bc05821b2154f706dcf3e2aeb3adeca8
-
Filesize
342B
MD53e690fffc91da6ce715da58feecdfd71
SHA1e87cca8403a988176148d823789c1b4014a2f3c1
SHA256c054eb3216b927de2879eca171f7c1275479452e452625eb91f77261733ff90f
SHA512b32d6568c4919a0f650deef5859f1829b7d9b7d66140d9572f0f794cd2e99572564dd6c054468fa6381a0dcbf3bf10e88e1d091f07fd18c3e5233d4733f11b0b
-
Filesize
342B
MD59c3cf649430427d4d5440ce476a61b57
SHA1ea51a987bce5adef261fb30b1fe6c8876ec2cf2b
SHA25639b51c5301802a9a8eb37ae0c343c05eedf631e2da6d43e1078fd37b53e6a09c
SHA512ae1c062dad5fb2747f60fd187b970a1b0648792c71bc615ccbbdd59df76c9d5bda3881d9ac9fec71d5522ffc62104026d100649bbde9dc3d6214df405e903f4a
-
Filesize
342B
MD5e224c8b0680fc0dc48a148f7dbbf1051
SHA197e451d9521246dcb0e45740cc36611100bb5a4c
SHA256ac83c0c5650c78b6f4d78248a4f8fce1975d153045ed1b6c9dd9de5025cf1452
SHA5127eacc2164500a5112acc5fe17929f4cf7c2b644aea92960649ee2a2a1319723fd6110a660948242ff3a68a174d076b137c194827a7584c6c63f40e79b1b08a5c
-
Filesize
342B
MD594e382f3ad385a86eb631903878911ab
SHA1d53e2f7e8b10fe92af03eb64347018085fca6fcf
SHA2568b64e10128866cfd7e024b58c79e33a0c3656f9c1173ae946e28d6fc161cb77a
SHA5127aa77449d26f45f888d41f9e5ebde1084e5a5780bb3ac60b0df6d0e58cf1cd7330a69ca218c18427757c216d471b2e069335dabdabc5eb0bd8800a48563a73fe
-
Filesize
342B
MD5fb9b7f8349b22a020eb083329112c282
SHA1ae1643171c375d689f954ef0eff540de3ce30ebc
SHA256953b8a949f5392db0809c7b251087f057e38573fa72db6c3d02189306e648b95
SHA5125236fc7e752ca4754d780e244d41d1f70e7fe36cfc30d0839c092e55b2dbb4c236f25be2093530afbcfa898b40ed9d18ac173b8c7d9bcd9ef1ee2f7070c145be
-
Filesize
342B
MD5da9ecff2ef674dc618a59d1b9eb89ce0
SHA18179b99af5eebbbba8e459725f09d0378039b5b8
SHA256343cfdc0b9d0ab3cff1ee6e796b250f1d501c228ed73efa2681ede7307cd159b
SHA512ee92c73294befccd9f43ca9346deabdefe942920a412790ea7083281922cff5c3d8b9cf4b785564b0c6adbbdab31aac300947e55eae678af8e40610c273cc772
-
Filesize
342B
MD592eac7044fb297119166567e9b4e5f22
SHA1634f258822d522ae4d0230ded433499abf707624
SHA2568441d29c0d68fba41aae57ee89d96d52ea38779b69dfdb3b2b38cb72633989d7
SHA512df65bc84ab07d20e479a9ee9d1e5d54884ea9e13fcb5e2888d35e4a9b75a1c95f48b440ee88532e0ed2720f4a7496e27f5bcc7a9257b33d1fb755b9f3e7a1b9d
-
Filesize
342B
MD55efda8419a7abbf6a976e8fbf8e35a3d
SHA140927bce477ada05adc8cf91d7c524e941f0f56a
SHA256a3d9fef67ae8c29051a50d565960d80df491266635f8a61b6855405dcff19c30
SHA512c17616e63937ea2eaa2935ce883301b212b35fadab96064ba6bb3faced99cf66b47b52e7b512798ed4d89d3171d597d47e1a40527cda15875add9fc4261aae78
-
Filesize
342B
MD581ca921403016226e7603e3a0b429cbe
SHA188eadad2b4bea57eda151130dbf09a4e18d91952
SHA256b82b88cca7a8a99408b07800ad116d902a7e1d25def765b819121f5c3a2255ca
SHA5123c051052c774994ded3c4562b369f6faf888b53885e5229975a4afcb80c65a3e2b5845e0357be7d51c39e783e77999ebf18ddf92b87af59405eb0643c5041f05
-
Filesize
242B
MD549d6df11e5455d8a0ea711828d11a45a
SHA1ae5bbc9b6ee818be004694d0e18c47252f964204
SHA2562006190044e9df31b043570e9b295263934b091318e897111bca1d17e9fbaf33
SHA512fe23df8200e33b7f31937d08e27ea5fbf9aeffbc18d87adae49a4c9b1ac960d353869784c3f3c8be194d89b47dc75f3444cd156a544cf1cb418d5e7161b9b54d
-
Filesize
1019B
MD5b13fb400259553a3b5b71b4f43e5da18
SHA175888e4996aaf57088e2995f82804c0676e1ae1e
SHA25603fad46ae98d3341f1e5101fdb7f83d3e4e040814cab493ac7968c9d187b4695
SHA512932f38bb4e2f0e772c60bcfd8ad910481a17edf3cfcffa340cc75c0ce52dab8effdb1c20d5d4d907572099ae71a5c8c914f6839305d41dfd29308b883e4bc7f2
-
Filesize
793B
MD5f2da1f88e64b24cd39beb299e3496f0b
SHA18889e0b48a75188bce45aaa442690203b853af31
SHA2565b6f1d684cf0946af6904d138331165f473d67dd2791bb5877118c106854078c
SHA5128e942b83478e308759f4d2de24cca01b0f2acf42c896fa6522cb3c8a98b23afd7be39fbeb220ecc8816b44499e0b2c3360f312d0cd0b5816f66f372093898ad2
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
44KB
MD5efcad9828a2eb5d476e6d83261322778
SHA130508791e0e5f57e2826d9803b387a17da5bfbe8
SHA256b75e4a842e13e09999531a71691439423cd99c26e0be5bedd1714539073ca58c
SHA5126dcb5c00d99aefcf3e104ff8dd768bac782421e859deb06a7b0fa5c388bcffe309d9f47285bbdbde373066f64824e5a9654646c7a19d7a44940af94db5c38452
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
184KB
-
Filesize
6.9MB
-
Filesize
184KB
-
Filesize
6.9MB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
4KB
-
Filesize
184KB
-
Filesize
60KB
