Overview

overview

10

Static

static

5

16b25b078d...87.exe

windows7-x64

10

16b25b078d...87.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    120s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 20:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16b25b078ddd1c6077520e0512fc8a8f5827309cb5ede8fb962d25351dd4c887.exe

  • Size

    225KB

  • MD5

    0a0ea02532963b365f07c82475547a51

  • SHA1

    4c9864665f0ef527f24042d51c5513863f402d92

  • SHA256

    16b25b078ddd1c6077520e0512fc8a8f5827309cb5ede8fb962d25351dd4c887

  • SHA512

    64a7ccda81456775a222e7139185d05521888d172646fa3692dd8488dff5cd0149ea0e9c50ec58db52c43b601c16bdf175dac48e647b39416bb0ef629f2bcc9a

  • SSDEEP

    3072:fL2/2qHOMhMFwgqGGtVq4ZtuBU8yl8VwAxEA8r:AHPh8PGbqWCVEA8

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16b25b078ddd1c6077520e0512fc8a8f5827309cb5ede8fb962d25351dd4c887.exe
    "C:\Users\Admin\AppData\Local\Temp\16b25b078ddd1c6077520e0512fc8a8f5827309cb5ede8fb962d25351dd4c887.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2580
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2580 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3040
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2620
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2620 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6fef1fce386630c80b242738f8fb4b8

    SHA1

    5a4a1438c8377d04dba1686cc48e69d5751153ec

    SHA256

    a1244f0a105bceb9a861f3438a8175dd1a3b2bebc21d4d8641871369f7ce02f9

    SHA512

    48436d7bf5db5f34cb7921f0f1b6df5b66a597207903b4059f953a0382051d28cd91de48ebb167c6f94b2b826386187a0d72686a09148462714f7f139e142094

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a67862ea3366b34b323a91423dc770f0

    SHA1

    b16dfe7d28f4ecf6622c2c877eb9a30b83848313

    SHA256

    812713b532188b62203f507a7f33cb234e8b1c4d3172f51e7c191c9f680de871

    SHA512

    29966413a1d631c6898474b9336f1380bff2df52290d7b2f874b9845ac56ed778b8bb490d3fa7974e4e19f122891902fc81eb25bf8f0a82a7234a1e59e435932

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ac36bc0a107511ca1ae051df08b4732

    SHA1

    2d49dc0929490a8d0f7c2335c31d3630b42b2ca4

    SHA256

    07891d9117bc4d12aad11ba77ec35cd38b6c762b83d5208c03af5a879cf44ce4

    SHA512

    d5dd0baad4faade8e32979184ca606109a02298c51943160455984461fe4134b3560c9b1b819b9501dcfcdbf9d6b046b96092ba6db618bd398fda7d5c1eb2da6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c879aaacaae6985722a25af23359b1ad

    SHA1

    a76e292509c1c25043a26b0ff9dd70229ee65af6

    SHA256

    79b336688dfa7dec0ae887f253f7ee5eba723baf11b7660d1c1507ec9d0c9f83

    SHA512

    7aac7c04c11efc16e2683d4db423cfb8e01426718b75c437fb4e73e7b5977caa840f3fc9050f9d3725a25aa2cf6ca173cc59a62d86b0724b22804de655abb3d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bac9205896542740c8212c5b82a7f53b

    SHA1

    93eb29bcd3c133934fffff3e97082491e1e4ce09

    SHA256

    74a2b766aaa1ef3babc7d0ce8128a09a098a5c1c8db195230f4e39f733e2eda9

    SHA512

    101d001998a3a54e312922428b908448433dc8f4a8933d7b44b6ad3880507117a9a49d3409b4080af2d5c2970ebde15406ede52191d9ebae91f6c5a5069e5579

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    004b582e71d577b7cce4d3de4fd2daf3

    SHA1

    880db15d1fcf33f3138428909365a7442a1761ee

    SHA256

    a38923ffe1155e4a9d68004fbd5d1485cf6628cea97ac562fe6512a31764fc8e

    SHA512

    d9de40a4006a9d670bc6bf9197ce8a381638724160683ae6b8e1a965577632db235d1c315097f05c9edde5dcec71c68ee4d1f60f6ce00f55358c737e3aecc225

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0004c97111f89388bc422b2792697d8a

    SHA1

    870735cff8ca31edb518feb03495a2fbd5aad075

    SHA256

    9451b40d5e45a974e13a0f4b0b49078c3866edf7bcb6b134da05f7a78468ecf7

    SHA512

    7a022ec7e8fe58bbbbc5aafd83e2f240e28833322e1b466b69f6bbf6aa42b9f3a3db1189ed7f696ace380a23046575722e49df2b08134bfa074b7941baf5ffa7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c02cb87c194c30890f8dfa97cb953ad4

    SHA1

    1b4dd0240bfb0701a763b318cfea1bf457d4439c

    SHA256

    b64786f5a692d5aaa3ce62f1462677e000f32bfbbbf97dd4daf70e2e7046d374

    SHA512

    670f373295b2953b86f85e792416a83e214633f5cba2862857ac413da4157407a64c11f610ca37e597d6e2a34cc242576e57fa54a965e9a7c90b932c113a8622

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ea27d809627fc690fbb538e1ea96257

    SHA1

    0577d379606b2cd1dfd3901aae6decc1a904f81d

    SHA256

    4a01c784bb314629462a0bb6c513e0d1d37c3fd9ad705eb41022fbccc67c5aeb

    SHA512

    5f43423439be0137abfde5f96bf7e560afebe5703be32ea41a64bfce6daab20a4a51614810f96e7a33427a16b30306d0e5573f2597c18f80b318706ce1f8f11d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    69c50987113662897858863641860a89

    SHA1

    1e6cee219563d4111e14759a96451b96705970cd

    SHA256

    fe74ac89fb2e67711f4bc82acc84662b8552c99f1b4ea5bf8a6b95bcd2f0edb1

    SHA512

    79a28a68810f09662257a65fa92fc77356715d3de0a59bc0bed6929cb2e8a26e440cfee28a362aa57adcb625e272bfc48c7c0c631125ab8f0892ae5f79569383

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    54a81166f94e6d5b360e176fbcc53d4b

    SHA1

    69ab95c8a961df27b14e33765137ddda80cd4eae

    SHA256

    e7c022d22fb1ac1b6ed17fe5ea6bbf909792418c96402edfb19683a3283eebc8

    SHA512

    72490e9e9ad462ba8eef75e9c7f44b2fedde2def18fbc135ca2bdc154776d4b6d4bf4458b3e0bf7057c165b8d37e8ef81fbb42e954701476d1263c6dac273151

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a57f2ad5c5d69e6a2b182d47ec211a8

    SHA1

    b0332bee097cae21f7e523f968c8e1378e324dc8

    SHA256

    3438f518c3fb224d8f94a997896cf8b7826041d26632652e240bd4a278bbd7d5

    SHA512

    258f93a97b36743ab79a2b8c3d16525e09585074d22d92daa2deb8c2e287264777a84ff87c6519401e9a7ef2af3ba3f92bd2a7fcbe0a1f10f385bc70fd0e5213

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3E799441-BBE9-11EF-B666-DEF96DC0BBD1}.dat
    Filesize

    5KB

    MD5

    e9be6860d66a7b96faaba63873c3387b

    SHA1

    496cd7dd0ebae02ca90e4207251d2940f888a248

    SHA256

    835fc68d0cc87128cdc5c9e561d5bce0a07dca8fad55004a504a6ad1ffa0e8a7

    SHA512

    9fa50c8127354496bf85705adb10971ec2c649d485028ddcb3e128c5c10061830cd7df8305c6a7780af2be807bae53106a14e2264bb16dd4fbbc80760a4c0614

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3E80B861-BBE9-11EF-B666-DEF96DC0BBD1}.dat
    Filesize

    3KB

    MD5

    603470db37a62692225163ae061a0673

    SHA1

    848dd4a7135cdc0ce7d217953d2ceba96ff9ffef

    SHA256

    7ad5f36f69a10cf9ebf23891169cb4d26f46847e074dbc109ea422e764b439a5

    SHA512

    f0a2a2c4383c5ffd9021c77f3e77d5e5024b5202ff0def44f1a6767c273387921198f07ecd057c7561586df7f7a15dbcd272c1fd713217aaa9632904032e8b23

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF338.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF4C1.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2188-3-0x00000000001F0000-0x00000000001F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2188-5-0x0000000000200000-0x0000000000201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2188-4-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2188-2-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2188-1-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2188-6-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2188-0-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2188-9-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download