Overview

overview

10

Static

static

3

2024-12-04...mi.exe

windows7-x64

10

2024-12-04...mi.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04/12/2024, 23:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-12-04_58106e9c40b89aa095fd22658ffa6e8d_ramnit_smoke-loader_wapomi.exe

  • Size

    132KB

  • MD5

    58106e9c40b89aa095fd22658ffa6e8d

  • SHA1

    4b7010b1df0a203ff99a0f3aea50898337d56f2c

  • SHA256

    7c84c1045054b6894b2e12c602a257e1a48610f875cb0e59f12af35bdca9eb03

  • SHA512

    f4dfdda8e2163d4e2cf9a464972a4e2b3f618a1f7559050c8a3a432a191c8ad54d44e94f1a97b6526b1b2058b0c95fc043ef2ad4d90878416d137353222a9295

  • SSDEEP

    3072:pTKbS75Attg3bPMmAlJG/ybuuHicEG+0GCH:4bSOSPMmaJGwuuHUG+J

Score
10/10
bdaejecramnitaspackv2backdoorbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Signatures

  • Bdaejec

    Bdaejec is a backdoor written in C++.

    backdoorbdaejec
  • Bdaejec family
    bdaejec
  • Detects Bdaejec Backdoor. 1 IoCs

    Bdaejec is backdoor written in C++.

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-12-04_58106e9c40b89aa095fd22658ffa6e8d_ramnit_smoke-loader_wapomi.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-12-04_58106e9c40b89aa095fd22658ffa6e8d_ramnit_smoke-loader_wapomi.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2524
    • C:\Users\Admin\AppData\Local\Temp\VZRKxm.exe
      C:\Users\Admin\AppData\Local\Temp\VZRKxm.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2352
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\2f2d5de4.bat" "
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2184
    • C:\Users\Admin\AppData\Local\Temp\2024-12-04_58106e9c40b89aa095fd22658ffa6e8d_ramnit_smoke-loader_wapomiSrv.exe
      C:\Users\Admin\AppData\Local\Temp\2024-12-04_58106e9c40b89aa095fd22658ffa6e8d_ramnit_smoke-loader_wapomiSrv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2792
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2748
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3004
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3004 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b960c9d113365723abf66c7e9c5e528

    SHA1

    b2b8dd0757cc3f53873bba7e0357a3b0100be69b

    SHA256

    ec7f437d6d60e265663e9e46b5a3dd593f64d9547ff9157f9e001d3362766641

    SHA512

    ed6a33b4723669c6ce04176173b08ff8b88168e6cdabee24eda4b99a09606d25993d28a6a5849206d02a49e0a4c3edaf35985cebc93ef5b1c0553948fbdb28aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    107d3100283773ae438ef166b9bad5d2

    SHA1

    1d41dee016eb6fe9d713eb6b05685a9ae8af5f60

    SHA256

    2657e741ee014beb15d5ff3ce0f0b0151e5e9c463dc6e36ad03c5437134bf1f6

    SHA512

    caf0e48769859b1b67ff063d18d93585ce9e8eba926c4694c1438bed890a8c16edd54c03d43de4865fe321bd63bdb3b6175968b3d94cc436d1c5621dc01f8799

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf62b0ffb3f5602d3f86aaf8a889529a

    SHA1

    60c5aae66deae99619374095762c2243724f9b9a

    SHA256

    8a62a053aa4393fb5b104a1027736cc66aaa4434d4f386261fd738cd5cbe7e41

    SHA512

    636db321f87ee2b250a8658e8d8882ab1c57cca4ce7a85df1a57f9735a3323a9bf018ae3438d6befea31e934be929b2faade654feda5070d08b7a846df7828fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b9f1e81d5e377a86a1619cc06f3b0788

    SHA1

    c33df966588ce1270f6bc4fbfd4f8384a83cf1f3

    SHA256

    072553f93e6cd2dfca8833fa146a67b9472338a04fc6ab099513d81dfc3fba66

    SHA512

    3586ce15afbfcc79795a0cdd19404806bc40743ebb8c4276ef15f2a6ed932432aabd384812b9c84292fc5bd841f0f9f2b2e99a9803d88e9842e48b0ccc7fb91a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9685a943e9df503cbcde23b2f32bb5b

    SHA1

    cc90c90011e7a81a735acffb8c4e0931aa4a274c

    SHA256

    890a02ec557e0584dbe946338bc7d511ff0b7874154d22f0d33151e3ae292739

    SHA512

    8dbe89fab2e6aeefb353dadbb9378b7a2139ac3f1deda434daf9e35da0c0d92409cc7aa16c7d1d02d66ff09d480506659da0141aed2904e9472a46f83b4865d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    17249400fd45a9abeb6d117e2e24c84f

    SHA1

    b14acaa56b2bfe0e223669ded0b51b6508d24ff6

    SHA256

    038fd6594dfc8d2e96c47e3667bbad31751260a565f1b8a16ef2442eb4c99abf

    SHA512

    e61e9d3a5e321e6b0f24723ded4a00d3205fea775b9499332babc39ea6f800245dfa825fcb8082d3f833a506d80d2b5242cbb3d53958f87cb88870f9db10258c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    22f43fd160d5835be4265b38c5d6af88

    SHA1

    25ae637f1d626541da5aede878fc959bba750821

    SHA256

    b7a5977cd57583a00f48e160e22e8cefda234972e20fb793af9b6e21ceee0ebc

    SHA512

    75e406e47044ab66824a0d50a79f8ab7eba40b1a8c59f80f1f33c625c5d0b94c089b23aa846ac12439afecc93863225dad8d3ff3e21239e38f859273c7a6af6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47eaaac105757a90cfcf57ffd6a0f0cc

    SHA1

    2224ba5fb0b5e02c79d65ff79738926ea569c100

    SHA256

    9e2774f9ba32f4a155c3491b1c25dbda2516fce5957674b97863aa9874d1ca08

    SHA512

    f259b361e5ab3a6109062833c49bd1c81ce2cb995cebaa225515bcfaf84ffb513c16ccf811fc42e033a2ce4d659177b2868f0217d8892907fd76b95181702c1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d7594a4e83e7d6b137319b3c3badee4e

    SHA1

    5ea14ff738e1124d79eb570bb433d58a338c9930

    SHA256

    c163e0becdce961d80749f3f7e5df9e57d29b30876be4251a18252fed471f69a

    SHA512

    656c74e87330cce1a703d8d9152972f8ee6cd837ec2421228d85ab27c7a620b370392b2e4339a8d5103910ba175ada12d7dd7e09e5d345c4e8347211fb6c7c15

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3bb19de89fefbd1d3b579b20903c89e9

    SHA1

    2b951d08d90a8786f250ff7b07c146c1d93b87b1

    SHA256

    c1ead08022ef8c3a8df12238a0242e0586a76d48267236a897cc121c2dca0e6a

    SHA512

    27225441ba4d2774c954f8c53c7739b3761a760cabf3ad2f08273071f78fc601452ef9f8fb83eda284bd9bf1b016dda6cdaa596beb874a8153de02f75b0446ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3b04d7cf8c5581de9a8d88bf52d8378

    SHA1

    66fdad2c40402307baf732f8344c1499dca9f637

    SHA256

    41fc05df4e9b1e3ec761a9d44aa44b3518128a867a7e1510f8abe865342c03f1

    SHA512

    3a5f39267ce966c2fc1b808c9585cbd318c54ada28f3712189213a3f4cf8ed0f1110b10387845bcf3465366e964291899ede5b09e075cd6e7c13ebbc3a3be605

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bcdc70ff3ae84b566c8c3137fd4d62e9

    SHA1

    b60ffd85e9fa348e45fd90d8e887253d53cae3f2

    SHA256

    f0062f0f02a8faa2ffd14fa2de096ab38a6a5e01a1c910e8dd1a2ac59b1234f9

    SHA512

    c9b4e25dbaebf8a7aca99893e8bf9dd3219f53e937ddbded118804d7d9f5a29508b5832e2dd0ffdcb91a6d0173bd49570dcd7e4a634652a33c406144254c10c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91528e07bc253ebe2098445d10a65438

    SHA1

    67974d064161b24e1d438e1424ab8021762b63bf

    SHA256

    b4e3c703a24ad5f4054a07903596779dc12ee4060c2fee76c2be02785d8f739c

    SHA512

    0f4ddbcf5be5603a6b45219da6b68eb10d44fdb651b8566991037220ed70439cac38ce52f5d7c89d010cbdb39e8af2d30f4874ecdaf31e6e0dfa07374dd7038e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    743c3597ed6acc4b4db338ffe6f90955

    SHA1

    0bbdb1feacad8570547bdcf4842f38dc15b73ca2

    SHA256

    c51153f036416744c75394eae6d832c07af97f1f1582959b9de4b1dee7b6f443

    SHA512

    c7830b297c7ce2980e14454f76a7d348364195e264761bd26d10ab68d3b053b489056fd0cb41e3c905caf57868a9a3d785a4f98f8b3583455decc443f2a7e744

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1c058353db5f0804c69f0d2b1c18f287

    SHA1

    1332f5edb98b31bc9396f2bb3cc54c6297f00bb1

    SHA256

    f7d2b2ce2072594c781aff87358475e8dcfcaeb3931aed2f823e6ed90099c080

    SHA512

    3627f672b8d6bdb95059d54366045856b4727664bbaf076e8730b8cc8a62811ca49e7ac5872f41dec39934975ffe4a176ed428dd27efb0a2c19631f88568372c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    76d7bb1365885b429fd1aa42d12b2dd2

    SHA1

    b5d934946b161431a4126365712075c47c8105bd

    SHA256

    84f90ed50f5404be0610da5e1510664efe91f4fb59e2ce63e6d088c8bd96cd6f

    SHA512

    dec1ba39a0cdafe9a28c4626662a5ac9cdb217e6ecb0aa23160453a8d2f806da1138e325085c62c59991197ac50debd01634185ad804d8896e4f8f920104c6fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43e16c848d39f29ca178efdecd8c9f49

    SHA1

    9b59f8909fcab83602ee0055828770b32cb6a042

    SHA256

    6f701888a74a57a3a22779feac5a94f9515d45101e9f6c12dd7ec795107889a6

    SHA512

    16ac2927f44644e5e6783babdbdaf5f418c82f1bb1a1c46a75b6d54edc2fe81afff19149c09b12495fd8616018639eb9dfa15ab4d203ea8ac4c3ef6298efbb29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    832f00e016d0ad3eee1f489879fb51a4

    SHA1

    02c2df790364b1d1248bf11e4461693050acffda

    SHA256

    cf3d3d72a79c6315ed229fc43132c85394ce2fc096b88b5cac77239baeb28427

    SHA512

    f4706407649dbaacd6ee50c488cd932533f91c0992995d17da62a95cacfa1376d4e627db1326370d7e71d541de9769e981814e5216c1b955b46e6462be3996c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a54cf69d873ce9db02b2e91d0a8e86a

    SHA1

    786a4aace725f4fab73883e4630ea601b9248609

    SHA256

    eacad7402b55b47c250edafd959f1f988c9429e0a798d2b7fbc3df22b4e681ba

    SHA512

    c6a98a28634bcf5e66cccce9b438d4b7775937c35b0757e95388250ebf7e8356f2dfe4e35ae4a44a9911f75ab1df2c88d519bb7462378e58bfe1be54e597ec80

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\2024-12-04_58106e9c40b89aa095fd22658ffa6e8d_ramnit_smoke-loader_wapomiSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\2f2d5de4.bat
    Filesize

    187B

    MD5

    2b84f68ec4fc7ea91c225f475796157b

    SHA1

    47eee53ea0f6d5a3b38a7c48cfb2c89c98339c42

    SHA256

    5505e36c503923f2edbc252709ae4ee6ce6d338291387a4afd8bc341825314bb

    SHA512

    793700cab10fef01b6245b9683836551274b4f513769f30bd5d05219cae5d10f65a7ca34138b7c7fdc642662d84d8a88f1d0c62fdc62a12fa1bb5b77ee00b63b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB2ED.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB35E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\VZRKxm.exe
    Filesize

    15KB

    MD5

    56b2c3810dba2e939a8bb9fa36d3cf96

    SHA1

    99ee31cd4b0d6a4b62779da36e0eeecdd80589fc

    SHA256

    4354970ccc7cd6bb16318f132c34f6a1b3d5c2ea7ff53e1c9271905527f2db07

    SHA512

    27812a9a034d7bd2ca73b337ae9e0b6dc79c38cfd1a2c6ac9d125d3cc8fa563c401a40d22155811d5054e5baa8cf8c8e7e03925f25fa856a9ba9dea708d15b4e

    Download Submit

  • memory/2352-466-0x0000000000960000-0x0000000000969000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2352-11-0x0000000000960000-0x0000000000969000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2524-37-0x0000000000230000-0x000000000025E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2524-19-0x0000000000230000-0x000000000025E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2524-9-0x0000000000230000-0x0000000000239000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2524-36-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2524-1-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2524-8-0x0000000000230000-0x0000000000239000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2524-906-0x0000000000230000-0x0000000000239000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2524-905-0x0000000000230000-0x0000000000239000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2748-33-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2748-30-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2792-24-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2792-23-0x0000000000240000-0x000000000024F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2792-31-0x0000000000250000-0x000000000027E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2792-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download