Overview

overview

10

Static

static

3

a25ca3d15e...3b.exe

windows7-x64

10

a25ca3d15e...3b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    67s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 23:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a25ca3d15e1ba4dc93cc8c403725a5b1ca4f1fef763ca3cdd2d6f382e592113b.exe

  • Size

    350KB

  • MD5

    cb52f91ffac79a97d500f93f022d7771

  • SHA1

    d38edb35c09cd7fa56c6cb1c27329254954ede7e

  • SHA256

    a25ca3d15e1ba4dc93cc8c403725a5b1ca4f1fef763ca3cdd2d6f382e592113b

  • SHA512

    b68d010cd55bc760cfe5108d66620621a6c65175c0f44ed7730cd9bb3fe35e8f740bbf2c73bdf929114e72f66102380c82a254cceaabdb63c9d1d8f1177c383f

  • SSDEEP

    6144:loGhpuBMG29Gt6I/pPo486MAwA3l1AiE5a:lppu6G29Gt62PoKRl145a

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a25ca3d15e1ba4dc93cc8c403725a5b1ca4f1fef763ca3cdd2d6f382e592113b.exe
    "C:\Users\Admin\AppData\Local\Temp\a25ca3d15e1ba4dc93cc8c403725a5b1ca4f1fef763ca3cdd2d6f382e592113b.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Users\Admin\AppData\Local\Temp\a25ca3d15e1ba4dc93cc8c403725a5b1ca4f1fef763ca3cdd2d6f382e592113bmgr.exe
      C:\Users\Admin\AppData\Local\Temp\a25ca3d15e1ba4dc93cc8c403725a5b1ca4f1fef763ca3cdd2d6f382e592113bmgr.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1860
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1812
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1812 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2756
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2108
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    317b0a9e2589e9df917a96f64939ad6b

    SHA1

    a79c0ea4fe102a6fc628ee4ee8d2ce33c94d5d4b

    SHA256

    690589f1f3886129d39d697c3bccbfa90b8155073072ad15576a3615b399648d

    SHA512

    87857bb6055260ade6623418652680bfb35d93c66d571f651d342b1ec859e40a5da4c052baa617b9ff6ebeb29864f1cd93c6ed761edfd06812f8c861271e0a51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4038a34cd42b4c92b794d26068cba5cb

    SHA1

    5292228dff1c72d2a125574694e95883cd2847ba

    SHA256

    85278c5a3100f9cdb440654cf59f7292ffd267582b15704c5ecbb4513d021535

    SHA512

    f92bc9609759d37c68f3c33df78b4e0fe00c1e120366e20f1a25554c4784ce0c9558b4385b415a62d026c5b306f84f7821e073efa83d331e805eac9405cb5749

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    90540776425f2f9e07814434484fdac5

    SHA1

    325fe12902c359628ce6b346baf9ba04c1adcf08

    SHA256

    b032e2283ac103328d8cb61260f4da2761d8700bca2322eb98971bb2c0957597

    SHA512

    78c51be0eaf3400fc97c0419ec81d027b44c0a6a1465f1565596412fd9ee24237c94ed01179e337add72eadbbd31ead75fab7f1efb049be5895c3517a334506d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2892791072085d5e6b6694522e354443

    SHA1

    62720dda32dd7b1a7fb5c82897094a6c5b70c563

    SHA256

    5ee443ffc8560c402600fa2657b75c9924d71cdf02ff86f0955ab52db751b9a1

    SHA512

    0bbfcd71c11a3690f8e757ed13b1c323221e37335a717d025d729cfbe258acd20d205f297e2adb1537938047061a183eb670781beffd3525b0c60d5a65dd1a15

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a78b6acba11d6ea4e3471832fc3cb63

    SHA1

    65ff1e8cf13d2e1dab1cdc0fb2277c81913d409f

    SHA256

    0779ad0b1b2c7edaf5a3f254b3a2e388b834cee4064dc4d1b619e5424052c43e

    SHA512

    2b7abc8d41ee122f303e0e2192750e23433cf8c723cda943765551c12132bc344b283a25b0b671aef5f2c23da4d54cb5409d7be0602b2ab5486693abbadd54d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67791c93e22561c1aa0a235fef21c43d

    SHA1

    aaeccc6148dc22f937a59335145a5336980d1c8b

    SHA256

    bac8e7be72b0b762c0a12402d012a4c3184511a5ac835c64b18a3ed4a9bd2e07

    SHA512

    ffa86162fe090668e812f4f4b09f7f0bb7393705aefaa1012fc089fdefc83cc69f1a245d750201c69783ced44b7ce52d463f63a9f449fc6eb2d25e60766b3156

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5fa6bde41c359f5074d1e2bfe1c84780

    SHA1

    4d2f38ed967a995402804355591b08d84af7ebf3

    SHA256

    6e48b5e7ffe9c5202dddcf7075c6634ec78c32be724127fa17ea590d128f4eb5

    SHA512

    35a5d47550e92227c9b61119a846b4012f713402f49e493eb03c26e820b54df2dd0240d8e3ba6630da236462c364318bffdb4079f25625c6b2179374e23c680d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c90641cc9709ada5038d397c11f2cfd

    SHA1

    50910d38511bf9463d5a8cb488b66bcf1711a4b2

    SHA256

    2b8f5937152b47969926b2ff18947ea6647ecdf3a8c051510e27491e442c51a9

    SHA512

    597b6d296424f9503f15dceae6f776ce8a254ad77db6387ab4826f4ce42669c2d862851c681fafc4fa3974fcc6039e8a883b67502a6c30ec091b4ed5a29f3b94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ebac3016d89a31de900665448b79f4f9

    SHA1

    5bfbeb18db744c52b5f72938cbb615c2ea002e32

    SHA256

    0fbc6ab3dc602eba7aeefecdc6f04f6c0b42039290d7f43c1216e0b720270264

    SHA512

    a2a3e8710f91421591124bb0692fed7b987598094810f462f98b849f6a6948f3a8e2f00e1e03cb39ac1b3550785a3a553702d88dc80158453f5c34b082287857

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47fdb8a146139e9c0040215e10c1b13f

    SHA1

    cc72c343ed91752675a6c4cc682443fe9a3fb6a9

    SHA256

    e49173a3a3ec668ad65d77a1cebfd953c76b2d1c150e4892ff9d77b69c7b6c66

    SHA512

    ffc80087ce2479ce9edeaec8fdd678ba6f5d3c5becc7e2ac06b2e6779b6f653e954997502ce08989d0325e267c0118747f315eadb91cfafc0c54f4428ad0ffc4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e12823b30225ec5a83d9c5b8be8ca9f7

    SHA1

    fb863bd7b9423925245ca788ee2d05b0894f5e06

    SHA256

    14b1b8b895ba8ceea01fd55c707d2e7c3e03061a55c1fada0d2a47fc061b1c52

    SHA512

    23787110a2616707710a926dd5cc78be71ed4e8f890ad82ae973f3700853b7b638b0f1ecfaef08c278639435d6b7508074d1fa2c5d006f25b888c8da9907b3ab

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0656E041-BC02-11EF-A7C1-EA7747D117E6}.dat
    Filesize

    5KB

    MD5

    8c316e29c69f4485d7272b45497f7cae

    SHA1

    d6460e50342273eb27f6f75f63abcd14a4dbf4e9

    SHA256

    bdb6942c3f30f812c17fa8c7564b6f62e7e567e5b33cc0e1f77bdbea7ba54b23

    SHA512

    aabb112a8477afec4b97028f097adacdc15bfa4fa367fdce5d924214ada774e4936d7967494ff901ce6076d6060ec4e27ebd98402cd7fe736bc39c92e6d2a27f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA7A8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA875.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\a25ca3d15e1ba4dc93cc8c403725a5b1ca4f1fef763ca3cdd2d6f382e592113bmgr.exe
    Filesize

    201KB

    MD5

    30fb1fab26c96c5c6a94718688a8afbb

    SHA1

    bad03303e55d34ddd113a4f7e40959c3762891d3

    SHA256

    d6d96beed3a218938fb65ba9ae32634334eb8a1ca47243aad4027c712741cc3c

    SHA512

    75e67329f3643dbc6106d227469ab5f2ebe072782c2a0a17328d37f549136410d54e3bab650f00741075a54eee6d6079a627f69f5921e4b658cc4e6f76b95e61

    Download Submit

  • memory/1860-13-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1860-19-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1860-17-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1860-15-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1860-14-0x0000000000320000-0x0000000000321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1860-16-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1860-10-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1860-11-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2520-1-0x0000000001220000-0x000000000127C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2520-12-0x0000000001220000-0x000000000127C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2520-9-0x00000000004B0000-0x000000000051E000-memory.dmp

    Filesize

    440KB

    Download