Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17-12-2024 23:01

General

  • Target

    5e7c8b1e0b21dd2d3669076a05bbf101e5d03c085a16e566e909c20fbbc6311b.exe

  • Size

    178KB

  • MD5

    a65264e49f9d2c3648f557d22fff6ab8

  • SHA1

    3db0ec227c1bfecb099fa2a144bda2bc7dc04530

  • SHA256

    5e7c8b1e0b21dd2d3669076a05bbf101e5d03c085a16e566e909c20fbbc6311b

  • SHA512

    30798d55024c62fd9d6e89099a44023b823e1187ae1b5fed38e5ab32dbe910397ed8c871768acee4beac1efcb38401b4d37cfd12e369db8e7a18e8732ef9a3df

  • SSDEEP

    3072:akAwOzhjdRmSZiAqFbrnp+KsYGngfpfP0vHQRO8s2V2/d2y3mJEH4Nu:+w8h/7PCkKsYGgfpfPVI8sA2IxqR

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e7c8b1e0b21dd2d3669076a05bbf101e5d03c085a16e566e909c20fbbc6311b.exe
    "C:\Users\Admin\AppData\Local\Temp\5e7c8b1e0b21dd2d3669076a05bbf101e5d03c085a16e566e909c20fbbc6311b.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1940
    • C:\Users\Admin\AppData\Local\Temp\5e7c8b1e0b21dd2d3669076a05bbf101e5d03c085a16e566e909c20fbbc6311bmgr.exe
      C:\Users\Admin\AppData\Local\Temp\5e7c8b1e0b21dd2d3669076a05bbf101e5d03c085a16e566e909c20fbbc6311bmgr.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:2496
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2416
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1360
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2692
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    54bdb8f70ff2be3fe60593c40f78736e

    SHA1

    4f7f0bc8629646112e239e5855d8e08f6d3d6694

    SHA256

    72ee9f71900bb8145628735c8f230a415c546ee1b60697ed0f4833f804aef899

    SHA512

    972e192e7407380fa61b29079f4fa0aeab8e06da449a278ac55e74d1ae4ecc69916bf233e9c7bf7450ed153c980d90d515ebeba5b94d02d1682f10fb5b6d0e74

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cb721e815acd7883349eece56fa5cc91

    SHA1

    3f6c7295268a85da2b73ec7f3ffb88198512c484

    SHA256

    ba92e9c90508e068279f5f3264ad2d2bf2e71895244b3bc20e947423d62cd279

    SHA512

    1cc997d3751b80ae4ac631ca196e13da995a7307dfce0dda6bb4d74d4201aa27e0dfb8e05157f961c47f2528b4a077cc058a6da8206ea3160fdabac00ca34e3b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3be0554ebbd5d9f2f55535f04d15607b

    SHA1

    6af5862c4a596365c0eeea3c2d626b1a2c781e9a

    SHA256

    facf1795e48aae92930ef955fe05622f089e311411e8d89160baa93f11b640b5

    SHA512

    f7b80bd79986b7f9c9da1c2865136cefe7c519d7a07fcb97c6e49ab8c96a13a1b889ae0d1f579196d29ec80dc1f2e3127bc18464afb798a720b29174ba8902a0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d7bfdfb62e7104653a84df914843c108

    SHA1

    682f5f6056a40972f9fc16054fd30ad02e74bd8c

    SHA256

    3de085564d6552186f93b05ff7592158c94592bb7c72cba618d2a40612c65f7f

    SHA512

    880e4750686d2cd7ebe17e7c4c74dd1c8fdd5a77f02ebad6b0fbed4000d8c4f582e927ad63492e66c715b93784ac0daec63c19f8c09f7ecd5bbcd5084bb23dab

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e611e1a1cbc6f8b1f78f561c149f9b48

    SHA1

    8a15dc899d2e026b1979aa02e622094ba02e3ea4

    SHA256

    f2bb871d19d141fd96576343752b821026865d1340a8820a219cc57625d3383d

    SHA512

    6bb1fbcd09da8bc70b213c2edbaa4bec495896fb974383305398427191696285a2425050ee6c58b23b5999d050ea89cc6fae41881df91fd1323877a529114b0b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c1008c4deebe9ce4da081ae312da89f9

    SHA1

    0158442762ef1251910332ad915eec54bbf33639

    SHA256

    a27dc371486db8c1261d6280ad5e7a9b9c9800fd9933e2342abdde0470a88439

    SHA512

    691824ce6845e7dcba23c5e4e74c84b15ab967b6e10d009059c920e7256d30e11e53cd369e14944d6cc053f635c534cecf4110244ae33ba099bb70cd4d1ea05a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    32cea3668d8de03b1c3de9ce8bcaa30f

    SHA1

    388f9b05cf365e07d36af53778a480d6c781a251

    SHA256

    1b306600d3a94062a4735c9012c1112ebf79332ee5156d6ee898ef15bb08977d

    SHA512

    5b690130467814237076e78501ed957f710d666fccb6c2c79170ae04d26673f8b4f5c939e9fc17a2c8fcebdab44fb73d33d5fb4b4ab56450328798464a5795bf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0228d673be1ab5da30a791667f023e4c

    SHA1

    c1c169b50ef7f48a0b5bf5afc97bf842adb138e6

    SHA256

    4bd13b91c4493d5380febda9e8b32e3bb2e82a762bebaff7d877ed7bff9c6ff9

    SHA512

    75d603acbbfa571d794dd31870d410bbb71d2919e5f7d4202d20f8f9131eccdeaa67b828b9a20e92a547df7fde13fa162978ef55b30391ed3af0520e865809c8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9c159dc962a36fde17656f237522349c

    SHA1

    fc6b6eae7f12c9669f9bfc8d8b53b53c5e9199b0

    SHA256

    b53a702c715f54344c8a8eafbde8ce8b89c6064fe62377445908b0fbdcf5f623

    SHA512

    92f47dbcf13929293f49a78a2dcb03e370f862f8c4bfc9872726765b4bebae7e87eca8e16f09af02c0dd265885b6168d8345fe1cec65a91b40c8676640e2c7cc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    524c04773ac2d7e9959207e69aa361a2

    SHA1

    191ad39bcb5ed6de928c55ac44a4cab8efc98210

    SHA256

    8ef3db8ea07a4f5cc0c2a2ec340ba129e639b0c489f9801f78ae2d9341c23256

    SHA512

    9490656b493539c78cc5ba395e43274ea7949d11116e17df9b02a19166439a06210a40a64e3384986ce02a5e0420f7c43502d45499b238ee27b8e83f51d8ad5c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    15953637714facc8a9daa23adeb4df3e

    SHA1

    b88a92810eabbc634772bab02fabc864dad06eac

    SHA256

    ae82a0c5f5193f3bc866ab069f3dfb74fb2d052cd2771c3294fd8afc38f1d1af

    SHA512

    c621aa83e47f918791621371cf2e90e53367f8f1a8a3a6f290eb2244f502bb1045482d795833f6b84f73c4ce9b8ab37abb55b88d2559d2df7244777ce98939d7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    70924edc01bbc54cd899e670ad0f67a4

    SHA1

    5fdb5a01f0a388701ce6c2495cc2ed7e46b665f6

    SHA256

    42a7d4c7a5a7280cd256948ab01d4a8eba05d6bdfbb2351dea01215e7b31c1b9

    SHA512

    abf8d9b54549f625ed1573ab8dd24727a2a2f041739368eedddd67cbed5066de035eb62f7232a0d06ba593c03d47b683d2496986ef6f0cfc401334efbdcfd45f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d33fcffcf31d92a2e9640228a9f5ca29

    SHA1

    0139d0a08df3aa1392610ba403de25ab0029451c

    SHA256

    800a02ded715387af6a91ddafe5170800e7fc05db4660a635af00a9bac249af1

    SHA512

    ef1e06f3a9a20c65ec0b5e51c5c00059bdf1d916703b874a3b5332904ad327b25009c6f004c84fd5a1f4f929d6d440cfc4dcbeec6f9f64f5a8f96211ed5e6995

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e64a3f91f8ef520dcd20f703f24da208

    SHA1

    73b875d7bfad498bae166a69e634d5e2d404b5d7

    SHA256

    3da3707de03f4096a9b1e5973c258998145aca2951224cf6942652a1bac2e9ed

    SHA512

    dcadabe9bc8500a0e4d047556e4598d56e111d90132d7d7b811eb9f8c54d4ff651b125c040aca99d44ec64574183478c2a5218aea6a799fb5ca57b8f3f21c34a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    31c593ee6b8806251f4ca24a01f25499

    SHA1

    a1bb7149f7d8e66b5ba327b100599f400e127313

    SHA256

    fbf55f2b0a2cefad7569b206b5b5211ceb39fe85b3c01e9150f06d93287dbedd

    SHA512

    5ae078af186ce7758978c4da228070124cac8d3aac0cd9b2ab6f205c06f2bd2107597c0698e43eaf30c3d2b0bde0d8c37f4c93a7e5ce5f394b55a0cbde2c57de

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ba8b9a585bc2e81c2d60a7a7284dd403

    SHA1

    2ac9fbb2ac3cd344f0e6039e28a1bece6fb8c4e7

    SHA256

    7bef87ddcdca8897372c723376ca43523570eba542fbf338ba42353bb27c451c

    SHA512

    51fac7a6100a4fd82742a445e8c81e5d88131fd66a9c3a30259b908fe1a376796c8377a5c9603542aa6f72023dd6fbf426738e460ef5f256fb8fc78be759a9ab

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    62935486c877a477a9a6bb9ba3306163

    SHA1

    b2f00c9554feabb1c84eb990ede36bc75a10963a

    SHA256

    a01835c33defb7a48823cca12bacb99551116129476a304caea946694c2c1f24

    SHA512

    fbf73360d6ae88ac660734c460f2d0efc55fe4a209751a55a608fef84bdff1beff0e4b6cc2d4bd504e890627eeda09e86ac8be985f92874cae1a40da4f8fcf8f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3c9a6a9cd39a9d14dbc45e77be617781

    SHA1

    9a3a6bf3b057bc10c3fc5a8da84ac27136f3ebcc

    SHA256

    a775bf7f23b03bd20a01a1a2bbd4eebbdb2ec008e1f67d45252cca280e342cac

    SHA512

    ac0cebb6ec9a2344c7130396093ace23b3d508dfa7e5fd1c702c7df79bc895dde930e1e0c6735de89860c73d67ed85b44aa7e0870016203b6574330c92cecf27

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D3C3A221-BCCA-11EF-A17D-4A174794FC88}.dat

    Filesize

    5KB

    MD5

    e837e151f7bd799f6cf7a95ebfef7052

    SHA1

    6153347218c918a22d15f092f60112f72ea3e9e4

    SHA256

    0963c3fdab0fe487377a20cef8d86b7fe43a88e3bfd41c10acbe9f628610ca2c

    SHA512

    fc5f930022a460bf06606064964b79b1fff00ec9ba3ce28da978eb713fefdb0a990007238c9e9d5342ca73519329433e2834cf21718be89f300c0f3167cbf6ab

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D3C528C1-BCCA-11EF-A17D-4A174794FC88}.dat

    Filesize

    4KB

    MD5

    6493f54dc26e587d77467019c74320fc

    SHA1

    09b8ce035c8bcf0a5fe8b65f12000a97ef939db1

    SHA256

    d43a3980f04c919b687ef9e62927af5e06099ef5a850f98033c37c849807f5f3

    SHA512

    65b025d48cb1fc03e3bd18bcb6abb50be4bbc45dde3a4237bd9b1a8a4a0f46c7d849aacd37f0ac463b169e1f583371b108c18d9fd489a6111db105d44e49db69

  • C:\Users\Admin\AppData\Local\Temp\5e7c8b1e0b21dd2d3669076a05bbf101e5d03c085a16e566e909c20fbbc6311bmgr.exe

    Filesize

    88KB

    MD5

    a61ea5f2325332c52bff5bce3d161336

    SHA1

    3a883b8241f5f2efaa76367240db800d78a0209c

    SHA256

    e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

    SHA512

    fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

  • C:\Users\Admin\AppData\Local\Temp\Cab2CDD.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar2D4E.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/1940-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

  • memory/1940-9-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

  • memory/1940-10-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

  • memory/1940-11-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

  • memory/1940-26-0x0000000000190000-0x0000000000191000-memory.dmp

    Filesize

    4KB

  • memory/1940-15-0x0000000000320000-0x0000000000340000-memory.dmp

    Filesize

    128KB

  • memory/1940-0-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

  • memory/1940-13-0x0000000000320000-0x0000000000340000-memory.dmp

    Filesize

    128KB

  • memory/1940-18-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

  • memory/1940-19-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

  • memory/1940-27-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

  • memory/1940-17-0x0000000000340000-0x0000000000341000-memory.dmp

    Filesize

    4KB

  • memory/1940-29-0x000000007712F000-0x0000000077130000-memory.dmp

    Filesize

    4KB

  • memory/2496-16-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

  • memory/2496-28-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

  • memory/2496-30-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB