Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
10-12-2024 13:41
General
-
Target
a4f150e5a058ff7bc265dc1c686d3b959315d30985b4164e1176b93470a018b5.exe
-
Size
198KB
-
MD5
f0cdb7f523a4dab9f37ab1ceb6b83527
-
SHA1
0a48fd75acc08e9810fcdfb7cda674ddbe0a889f
-
SHA256
a4f150e5a058ff7bc265dc1c686d3b959315d30985b4164e1176b93470a018b5
-
SHA512
ddb0c56cd6afb5fa88353add977710c6b532b82568f2329c400dff28ffdda05bf7324678a57c32ea6eca25ca06b832c041bd3f4fcef65f66f97dfd0ba2455798
-
SSDEEP
3072:i1ZntgK0+KH+lwOU3aO2ypNvG1rpvrRCRBgLVs9bwFPtj+5X4BIHk:8ZtZI+lwOUKO9G/vrWmV0Wek
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 7 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a4f150e5a058ff7bc265dc1c686d3b959315d30985b4164e1176b93470a018b5.exe"C:\Users\Admin\AppData\Local\Temp\a4f150e5a058ff7bc265dc1c686d3b959315d30985b4164e1176b93470a018b5.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\a4f150e5a058ff7bc265dc1c686d3b959315d30985b4164e1176b93470a018b5Srv.exeC:\Users\Admin\AppData\Local\Temp\a4f150e5a058ff7bc265dc1c686d3b959315d30985b4164e1176b93470a018b5Srv.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2612 CREDAT:275457 /prefetch:25⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD503721d02487752d03715ae6d6eac9296
SHA1b6ee1b8a55da762deca19f196ad385c04a5d5ff1
SHA2568d720749f76a1e463f361cf1b9c7737be4f20d77dbc0c0d57e9a495214b05a2d
SHA5125711e4bfb0310dcb398d9860c8dfd86f4a2a7cf694f50ba96405cd9da75c8e73e054b1b4e1c25e750de5fd96af0390ec369de524f424c2535cdeb4c7c977f531
-
Filesize
342B
MD5437be88bc6df02736609a8f5bec92c8e
SHA100b16df28d7ec9a8c91318e5e3a723f1c7483656
SHA256abc5f78bcdb7dc4ae55fa456c4859878bebd188f07aeaf5c85e806fba6defc94
SHA512fd7aa71177661faa3624ec5844dd46fda20b01e9f996e21db021ef1768d523fb5b4f049d310990ea2f9dda9ab5ee0c0d766b2471e9a5dd99b078639e2c1f60e7
-
Filesize
342B
MD5e2d571f893055f26d9062dac97a39233
SHA1077806e9102e91323d9486b2028435b0308001a7
SHA2568f49ae940f639b0538dd00a94aa1b311b9d4f373448ef796139afe5d545eb22f
SHA512343c66b7dc1ee83720eb312329961533829a346172461aee0783b9346a59e9f65527584c845ef180201405396c8200457673931fe3b1271e25176e084e947ce7
-
Filesize
342B
MD52decd6587e1c6fdb977c3535f364be8c
SHA1fd4a6f88679b180b82efc7d3027ecf04d139430f
SHA256ffd71568c63360b07925370e8b9a14b4f2a68e411446b8bd66410e2dc6bece32
SHA512097cde3a49a772ffd78fea52f7220299494c2bad84107d627b2703b16546dc35cb80a1efc3c6fb9d4c562b18c976290ae6576da33a07820630c118747e9c5bb8
-
Filesize
342B
MD5921b6e6a53fa046b55165eac8f5dc8b5
SHA147a14684afc943b813866eb3a37432405b575ac2
SHA2566b6869f5db8abfcda3a975a77daccf448de564f4dd155f276fde4b00818d4f94
SHA512859cd84331f310786111ca3252c7c198a3dfcfe003f7247390cb23b62806db2f13d13c07e848fa0f2c91630fd7591478785b8daf7dfb39b8e4b55413fac6793d
-
Filesize
342B
MD56396caab8da1c960e2417e83ad30ad6d
SHA1f7d189d5509b5546e083e3aaab71982be09c318f
SHA256dfed734042bf249806fdf145d29a1bca611e74343a3036ce46878cbed5c642e7
SHA512362b44f9f89ed2ec060c696d3bdfbe9ce8114e6c4b1c420da77f659948303441bcb7676264bbb9e62487a0c7a94d7c3c90a5aedf404f748d8f3ae99ccc2d9ecb
-
Filesize
342B
MD5f8c662f12f46e0316a60b939c2453bbe
SHA1c4761b22a2068a2014c232c8ceeeb5e5caf28a95
SHA256dd6e8bc9814130bfb1434e2cf6351d1efcceca8265d59dcd00f05c384e2a8fc9
SHA5122d43627dec9f0b59056fb8932734748483ad91649f32181dcfe88c380de9dfbacc83137436265e8d76ab0403bbff3807fea807f850e5a97448e2c474feb00eba
-
Filesize
342B
MD5785569097b18780a7ec47a8cc9dbcd8e
SHA116dea215709f0de1cfe86eb1f1d8c42b82b0768e
SHA2563cbf25db13e9fb2807d59d6fabe9e169d84a4f543e0b739981e7575ed9fce8d7
SHA5122450d28a3ecc9791ea773dbf146581c2c2d6782b91fe729708c52f42f901ecc9c1dd1528a43c6ccf679a412162915eacce450a8ce003e79dc62bee87e330b93f
-
Filesize
342B
MD51b1fb1f3466d75311203a5c666616bef
SHA184374569c9f29eb1e2655c3187585c20424206ee
SHA256be75d4eca5b9604c43039d6ba3be15a09e0a8bec1abbf27a095dca3021cff97b
SHA51225336a3311d0ce9a921b86fa7c3acbbdc3a1f215c41792ff60594cf9e6200a1577f11399af2f209b317e05304f258f172d800a34d4e2edaece18a81ed18124d5
-
Filesize
342B
MD51e9a4fc9e945214f663e62c798f90eb3
SHA158ee359f33dc9a427ca1d4c68597cfac189127ea
SHA256b13f3ab84beecd7baff88c249444bc791916bdec1e749a5820dfed4cdf040a52
SHA512c4a908ded3401b2b195486696ebd69934188c4c69cb31646c5870406b2251f7f84e49dd0fd9bd8143f422bdaa1f837bd2490fd568a5dd63239b2cdcb04574d57
-
Filesize
342B
MD5e5b0d2c9eb1e89e881bd6de26aa64766
SHA19d48949b4de88c5f99d88976291dc1860210642e
SHA256be580473ecc1a2fa91939c98674b6daf5f8ca26f7f00ba581be2c701f245ff70
SHA512e845f1a8e49d54e7ed943160930502aaac0233a4dd1872daeddfc2266823fad336264475bf6dce4f131ac498d6f4a7bb98e77823db90d46cc90da8e6db0a8833
-
Filesize
342B
MD53386bf0df67dd4fb7c887d3b981ca586
SHA16b40d21de5dec4dac018c9661df614182567a93a
SHA256030e9e3e21ff06f2cc558d131b2fab0c3df9edc4b9ef248aae94d9fa71b7b6f7
SHA51231bb396fceeea2f5fa00ac32c512c6d45e2ebad9c1011fc4791abc8e55420e26268c373f5ac54ecd761d0b41c95eb06480427d9359553bab27f4b592080ae063
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
4KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
60KB