Overview

overview

10

Static

static

5

16b25b078d...87.exe

windows7-x64

10

16b25b078d...87.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    118s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 19:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16b25b078ddd1c6077520e0512fc8a8f5827309cb5ede8fb962d25351dd4c887.exe

  • Size

    225KB

  • MD5

    0a0ea02532963b365f07c82475547a51

  • SHA1

    4c9864665f0ef527f24042d51c5513863f402d92

  • SHA256

    16b25b078ddd1c6077520e0512fc8a8f5827309cb5ede8fb962d25351dd4c887

  • SHA512

    64a7ccda81456775a222e7139185d05521888d172646fa3692dd8488dff5cd0149ea0e9c50ec58db52c43b601c16bdf175dac48e647b39416bb0ef629f2bcc9a

  • SSDEEP

    3072:fL2/2qHOMhMFwgqGGtVq4ZtuBU8yl8VwAxEA8r:AHPh8PGbqWCVEA8

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16b25b078ddd1c6077520e0512fc8a8f5827309cb5ede8fb962d25351dd4c887.exe
    "C:\Users\Admin\AppData\Local\Temp\16b25b078ddd1c6077520e0512fc8a8f5827309cb5ede8fb962d25351dd4c887.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2684
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2152
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2152 CREDAT:340993 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1820
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2512
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    807929f08d9e1732e5620c6a86563fac

    SHA1

    c5edfdf5e1593e106d8bbb85e3b29cea8c21cc08

    SHA256

    cded84d8bbe30d9c277e8f0cfbf159d48502d247b11eeb8326df1bd1ce88d6d3

    SHA512

    dc233240736b455accc86cf70ee9abf7d8b49670a0460f4600f4c33d045572c50e239d6b992616b5b25689c26e297bbfe754013c3bdcfd7754d9c17a82404f36

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b0bf16e1dd708aa988629e4d0172dd6

    SHA1

    358bcf5ccb9ba107788d98aef5d6a6002e705813

    SHA256

    f6d084c08e4f20438e71eed3bf02cb9b9a9b3ab80d83c2cbb4b707dd0454b410

    SHA512

    90a4ff310b7141905cc62640458ad0de95262b9a6549108793a46118c9fa336244592b5cd6ae4f573c58cd94aa84c1b24a349b1618219778ef493b5aae8ae7d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bcd3f984b9e49c76196c19fa569ca37f

    SHA1

    7884fbd848a4c78afde8638c00b10edcf385b179

    SHA256

    3fe0273a982f6d7c81266abf173479e67be7327c776b5d3ae90ee36fab144741

    SHA512

    69a692a5097cf411ce780ca9110c3e3185503d4d20388dc1dd7c07663819d56638bf1915c3193e537cf6988079bea2e71cdc54a27ee2a4555f5de6a9aeb0945c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b4a437426f2c8e2e752e455a80826d1

    SHA1

    534b1ccbc56b04f84c6c9d362eee5184fcda28d4

    SHA256

    5ad22b295502e6a5304ce53f153254a2028b8c0cf03f0cf1bc4e555c4e1dd0c7

    SHA512

    62ba3d126f066bcd2f53e380778249f2e8ac966419f91074a464ad97c220776b90ffd09efcc870ebf4d659135539d5d65bcaa4438e7bac718310ae5e086a0ca6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    180f9ecadc5bad15b360ca26a7349cf8

    SHA1

    82e00c4fe64337a2a64c45593c6f653721cb5a21

    SHA256

    f736c7c1a6360f0df7d541ac1ca86f4778e8b62e41968c4da1ed336afba8344f

    SHA512

    2403fb296499a509aae28b21ae4de3f32103fb27a18bd6be97519e7f4f3cbf5319950d3de24509f1fc3d9374ea419fbf49f2d29e66221945e15c3314c7727019

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d91c0160dd814140a83483257ab41f0

    SHA1

    41a289964c4a1d677d5701e460ac422d50441e28

    SHA256

    87e192817e1bcb18a3a11a5f749963f99582a672f2bca299d4a34f78be2ed84b

    SHA512

    acb472c1b02fbaf69fb59008d460bac09e511dd05c5537d2b63b1408429188157988d24648e8294765034e5d6d24a32c0695c978ff09173fa4d1908bcf0edb62

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    09321baf58f35b17f604c0c5bb71d49d

    SHA1

    fcb2dcd883da0e3768a21419d3a2b12d9dec1fa4

    SHA256

    77f6de0e8c5c750776164043af67a29243aa7e04b5bb7b941a3c630bca1f426c

    SHA512

    6b353561492c8c8f6bbec7fbd115c697ca9ba2c3d977fbde85511107b2b57cae38d298e6983ac15e37dcb0b3c702c0543580164da48cc2d18e65d8471c887497

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce0d5b747d126e3f47ec9e66b4524967

    SHA1

    49df1909d4efa8b16cb870fc051eb407e8da8fcd

    SHA256

    60af7da4097b2cd710801925e73ba43aab12cec6093a13ee527bd39b858a91cc

    SHA512

    25250fa5cce2a618755acfe49d67276d10dbff16377c6887f8ce438bc74bb1783c4f3bf590fb258d0ed572d8242ccfb828182ffd42cbc5ce30dc548c80d984ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28628e58e8d8b54101aedaa470f8fa88

    SHA1

    a50a4697aa7d063900dc2f475c69a5308ea6cf86

    SHA256

    cf14a93315018736b2df2c28cfcc397c5e545d4ad41f76af1d54b2e48a2f9775

    SHA512

    5646d28f95aa45c46c74c1fb75d8f8934f33b203acd03b89123830d41e39e74179ab249c7d1a07455cdffe4e37c327dc21e3eafcce15071ea86d83148e51e2b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c1a0047de227b0b6dc44cc93649867a8

    SHA1

    5052958ce55e1b838fb5ef64741aa62ba26b12e9

    SHA256

    c49566b1469ad40af3682319c0b5cc569da72d2eb593a6c7e961fa932bbc1fe7

    SHA512

    6317d7d5403dee9571f73d9cc1a9f6a1f35dc8a4b50b484ee84844516fe61048662e082d46d60ea432c02f8bd5bae27caf7bf0f1bad2bfe5e0e5b06c5b3dd098

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28d1187958724bea34228dbb0fd04de2

    SHA1

    21c8ccdde9550f6fa02ac5d869d3258328ca9dd9

    SHA256

    309074b31cfcb0ad1de26e34950c565968f40e4fc38e10f5b8cc1da5700f37be

    SHA512

    312cb98f1c886193883b75d93b52a6ed10bf86c4b57a44ea87e2bb8e39f1d92184d3311f66d537a23d1532de8c6650b8693ddbce95239481b9c6afdb947e02c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    20f6c40a79e56ab989fa54ea11affa36

    SHA1

    87f7ccab246a00325932afa73b9f300539cc775f

    SHA256

    7d04094617da2ccd57ed1d0c400a279ce5b2dfad472d0f80f9b34d7daa0eefd9

    SHA512

    3165b93224dfcaa2fca87afa122b81e65b6d6f5312df632c0dcc30e6d6f9114ddbba17f9c2f7b0ec4fb2b7283fe6694b81b51e9eed64cf22373912fef9af64cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f13757c42ce83668f9ebb660e6d09150

    SHA1

    f451ae2b2f3bd1dd18b28607a6f154bfae0ffe36

    SHA256

    28e4b94771a4e22238280ca37fe61356da883761a492d96209bbc42ca286275b

    SHA512

    6fbe97e002406d53d173ecfcd703413113a328f2a6adea9cc9253772fb9dc4d69a2c55a3e17fd5edb73864500c7ee6d724c2006c001bddb8d424968c16545199

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9fc26b0b2509f12c95b4e779eb616dbd

    SHA1

    2b168a278a82e0ba6b8cd7fcbfa2137f424dcffd

    SHA256

    a92af3a73a7e8af74001acbef1bcd6f3f7d0420d1ad9ddafda7e285d8bf99178

    SHA512

    9b9222574519a8a0ef526be113349b102d3613ac03248554150549a1b1cfa3579b7ed654a268d3c7adec7fa49b33737142312a787b9659e416448c2dbde3773e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2cf924ff743af0b7a5388cb1072dd55a

    SHA1

    5e364b0b4b9fe348d478e10c0a8a407f11aee6b0

    SHA256

    806bfafbb220fff6cd2c07b863c1474505df5f59fba75002a6f309d593fb717c

    SHA512

    850a5ddd804c7d4d901c6f2ae49831cfcda8583eaa08c66737914e926ca0edbfd4bcf9adc84651706954472cf1601ef226027b3285de4bd60d85ddc52859873a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    814d89d92011504dfea8cd02f94b22f9

    SHA1

    91f30dc96592bed77ea3bb7854c1460db70b1263

    SHA256

    8b6f4fc4339218ed76f3b9b4548592b2d6613c78b598229c68a344d2d0e839e3

    SHA512

    02d4e07103f27782606379c03d442ba0b01d164b4176f60efc28e9ddbc8463a53922bdfddc4a245e1906368de14643911e7c7edb08f0b91e918bd7cef8d06b62

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb8f07aff1293787f1d094601bc430ef

    SHA1

    095f09e6252093736b85f89055133f7108f5fa54

    SHA256

    130a08e539f3618aa2ee4283cfc317fac517d9e7ef674925ddb4ac710b2f6dcb

    SHA512

    04a76fc233d9f9ee9641cc4080021bb498db72f8fdd6025dbce32e4a740b434e1dc7bae726bec49ade543a271ae12ef665900f4ad39c4847ce065229b6f5eb62

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    063bec4be26c4b70079e4c394c35474f

    SHA1

    456fc112343ca32ca4ca4b3c5ae7ceebe52e139c

    SHA256

    b743e7d5925959d03e79447d71ab0a84ede10b5c0d24005edca6f849248f52f1

    SHA512

    1c8b6dd20c575624659abbc321d018332658ae614034618987d654aa4d55b8099780309948a31efe47ec05701e4f587d69bd62a49ba387cc6451bd42affec27c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CC665241-BBE7-11EF-A58E-EA7747D117E6}.dat
    Filesize

    5KB

    MD5

    1730e4ce090c2cff2806702ceb34c4cd

    SHA1

    8200c89536bb71a9af99ffd93ada090836d3d103

    SHA256

    51afff28a331081697f897243b77ab1195737d4461b6d708b6ace39aea88779b

    SHA512

    4ab515dd4c44503059dd39e5ed39ad4f067c32cca820bf59f515ec01e1bdf22534efcb0e1db3454ed14d82587dc5950f37cb43322f4b15f775d764f42af86111

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDE22.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDEB2.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2684-2-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2684-4-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2684-3-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2684-1-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2684-0-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2684-6-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2684-5-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2684-8-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download