Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 02:26

General

  • Target

    b50ff71971bb22ed9a894725adf3c984dbfb4095f2100db10d4ea3c98e1da5b6.exe

  • Size

    572KB

  • MD5

    f92158163d37b58e45d7f40ee8d064e6

  • SHA1

    9f5978451e3850528d6809048857d9831609a49c

  • SHA256

    b50ff71971bb22ed9a894725adf3c984dbfb4095f2100db10d4ea3c98e1da5b6

  • SHA512

    6a598faff4f7fc7322d97c799eb35f11ce81d0a1890037d90b576ada930dfa582185d6ef6504dd2ac25375d891cf7f2591748f6654a309928a93d7871fbd012d

  • SSDEEP

    12288:2k7onL2P1pGj9ompK1Gs2kTdM/MtPHYrbgX1IuSp:BYCP14pOGs2khWca+ezp

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b50ff71971bb22ed9a894725adf3c984dbfb4095f2100db10d4ea3c98e1da5b6.exe
    "C:\Users\Admin\AppData\Local\Temp\b50ff71971bb22ed9a894725adf3c984dbfb4095f2100db10d4ea3c98e1da5b6.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:816
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:816 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2380
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2268
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2268 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2232

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0776aa71e671a5d5c8d5367cbd63edb5

    SHA1

    aeda7211a370d045960680f1c9369490b6d6181f

    SHA256

    ee03d4b1879ef4dc109a6f5d275254c95d40e7fe2997b39cb3d26aeadd19ed21

    SHA512

    49f8c783daac7d53135f556596961890632ee6344d2c8df8c857b7b5baa38ae7adf38c8d1a32871cc6117d384542df25e511d8e343f0fcede0a7f189037ff535

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0e9628ab5d8a62ed4e8961d1dc1c510e

    SHA1

    45d13df29a047d5d02b3141b6ca7cfbe9b9b635a

    SHA256

    114d3c3f83c08933f7f3988cf90ef16ee45bac58f9e3b7bfb3d9bdb404c37d53

    SHA512

    00b8b6a0a174001f6b4fc882a1f2966f537cd328cfd9386ce4cf4abe16963ba1f28ca3bea6d381fbccd5e8880b87ec4b8a8c9b020cdbd523a452f1679ae2813f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a82b2e28c2b14f5992cdbf87551f5bcd

    SHA1

    415e0c97ba55296508278b659027007e084171ef

    SHA256

    3c5a080d9bccba09723c6e51f84516c8bec55c2e91c1e55b9a5eeab6021a98bd

    SHA512

    bb066e3dd97d8c08b949bcb1b72ede83884009620bb69572d3f82ee97cf14ca917996611e6ae8a1d6bf720acfc6a4bd0dea43571bc4d002d2ce016d5c6034ebe

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    21e686f21ce0323ef155ee9ab818ae09

    SHA1

    fb4e8895a18af96dc2bcade42091143f85686a01

    SHA256

    49e32aecb2aa5683ce32e98b42a7c0ab2780efa7c64b77c6e76f7ee70fb85eb8

    SHA512

    ecafbeab6adc80a5b4c553bf7f5c6fdf43c8293146b51dffc7c4f338e39da7fcdaec6262f2de7521312081a74b27ed90939296398a035e9005bc4bb66eb889dc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6d254a97bedead5fd5b4e51fee4e683a

    SHA1

    246b65486bb10b322e162b79da8d104a558c40bd

    SHA256

    4785b78902e1337122c6bed281647f681d97acb2ccf96df59c65fdef2d459bf6

    SHA512

    3bfc88c1cf2162f575b0b8474687772128ee182172a4ac901b63f1c830de011ac126eac83762b9e97dcc0e4b636ed9f47d356c6ce9f0cd2726c4b41a665f2d6e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b5f41374315b6f680f4b4dc306941a69

    SHA1

    8143406b312a9b29bcb0276e76327fa29fc3499e

    SHA256

    c03eda98bba1cee5267eef59f4afcbd21543f6182f75eb38271e9effc59deb4c

    SHA512

    59fe9de9230a3633a9f3733c38dc3159042f32639e22147c541e9af36678bf03d285814988fc8f79bda90f8c28e94ca6aa26599000e4a868a99b1e704ef9245c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d9712abbc55d3080c0dc18043e2112da

    SHA1

    26533ce146a343bdba89b556dc615ffcb0254363

    SHA256

    6f7de1f5c1caee0f8b2d6b0c05689f68562b1c85a0025bc36866314352a97cb5

    SHA512

    51417c0e1053dcac5b2309d64e1f2236a144fdd5424a81895d81211a81f79e350b17e4e0d327b8982d84f0da2cce352d41c9e013d32493897d669d06087af95a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    460af5892d83aeeaa9a4763d69d955c0

    SHA1

    9464ed28ee9143668bc68dc0c0fd04ef9d53ea4d

    SHA256

    9518ddfc200ca8d134fc906c7e36f7dd08785879d5ed86bd9d7ddc75b9899c53

    SHA512

    447996819ff95e79c5ec2136ac921a55764cf4bed910ba390656720fdcf73e5ca2aa79d3caa181ecbb276e8f7116b3119ad6b669c5ef8e08c4f881c914ac411b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8495147fa7922721c85964c055c8f087

    SHA1

    c09601a33c9a962e47527305460d8fce97a2cb81

    SHA256

    79c17361730c099c9246edc6d2b57a526aa8ddbda393ed8b3eeddef83ef202b6

    SHA512

    196d29cd74f0f9e55dc688c21d1c60f131642f7a43db133bb3b8a2e6426a80eb742ab8e5d39c02762ad969818855cf81f0d218a7ade721f8e7973be38db2937e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cdf3584431c6e0039d6061c8a8ff1821

    SHA1

    623db370baf9e7f2161ac40efe0f85289aa26610

    SHA256

    49a5f99657e1ecee2aa587290443224ef74a244d771af4178777190807a59935

    SHA512

    eaa3e5f2e792bebaeca8e9af641a2b97eb8f4e24b9546697fb2b56262c779f69142db0e6d9b5d3c2d786486bd641ef4f1bda4f15bb69d7df4015c03fe14bc08c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f775019e1387bd7fc67ce4366de43255

    SHA1

    0ba82ce8dd7b98fbecbbf6620fea6fcab6e03b58

    SHA256

    be09be7691631d8bea8a8e9d82be391d28b770924d66a8e1a1265d351ac3faa3

    SHA512

    8f3b17204999d1345cc7ec5810cf3ac6a19ddc5b26808b331f9727ca65ae3d31fdc227db4858993a0a6684ad9626b1efe8fcef8447bd88d767b3faaac3d8f872

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    33b813cbc1cbc5855f8a11e93a8a733e

    SHA1

    b6f55238da0fc583a9715d23c882267a2619e1ac

    SHA256

    5041bdbe85c901507595c099057083383a813e093e1b75997c5e5dce7b8e4f75

    SHA512

    9c8c3d56fbef7e545f1916d29ef677123c5024168021557ab420694e0e28aa8d89d90420d9f2dce0e9492919e6249a5811cd031661f86a4ed333c9c8196a471b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c48dd3ee86c5c7649cf41fa93b5e224c

    SHA1

    95216843a0b9de1edd16c37d654175672dd85d44

    SHA256

    4634975ba64233bca9730615e33f1bfaf271e19e572550158a145d05ae016648

    SHA512

    e393839e8357dafd27330f49c63c03b724f8f4fab9b609c81238c5157d0c23f5901d5232b466b15db34270ded9205bc367ba240c2af81f78c235614295f1b5db

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    78c78b32ac97600912a8c164f4b68573

    SHA1

    ac1fc2221888715b884bd9a02b8cacfb8487db5a

    SHA256

    a25817267d2a2d572a0d79b62cbfa0c4201b7f386d39cc801e9bb1b812d24bdb

    SHA512

    f71c38fa1b3a5e5f599fec88bf7c4271ce058772c6ef4f637de680a303a4602a34c13a42d5bc719ee0a38b89282574a1381611b9bd158a6f11e78cb971198081

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    79bcb4c313ec44106144ee40aba342ba

    SHA1

    1ffcfe1cf7bf7dc4ac9344df4ba81d1233d281c8

    SHA256

    64f5917a9b24f5446cb8c514279d799afb0463a03bbf645c99c45aed032bbbe1

    SHA512

    3c3521dbf743e43635defec797dd0286f317bb0af28133c5d5427d573d8ac87a652ef6caf85ef3dc50d8f55127e6856c637f202269d1e6287f4152709c3438de

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8d7ffdbda2cbb8269e46ae0f671e5b68

    SHA1

    9f51236e02654bf71523d6db9cbf01fbfbf25299

    SHA256

    72ffcd214a3dcb8c9691b48924850d41c38c77a9233cebc9babb8a070de6c5fe

    SHA512

    54439e54828ddc15277822e19d75b53c7ef13b760c212f7c2b34da4e35c1d48cdc74f803f5dc70e8a2ec0af884f9d837bd81992300975418e606dae99f704b45

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1bea637cba038ad33b034efd26d2af16

    SHA1

    316e94cbcae59bd05f71602b414ab7afdc597060

    SHA256

    6e561db1a37d878f467c724cee3a335953e731c5ba3a01f975b085e8ba93eb1b

    SHA512

    a728e87727f05eda3fa9583078cdafac3a7162a50faa24549f4ec4474dd5653adc35cd753ccf3946b82287b172f6e44b1038371e9c880e47b1f18de1562433e6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dec36bc12f77adb51861c07034d18208

    SHA1

    a10714596adea825ca8303ff91cf9e643db9b1db

    SHA256

    9f40c247ad995daad49ab18d370003ff3897f6dc24cf397c0d2be34753d3a023

    SHA512

    5d6f8786312947900fc6d2f476f8d8c61334b8cad9abf6207eebe964e0d705677e7a6d44cb05a6d03a8de89bb88e85cbe7afcd31aaa3848dcca7bc2a893c60fa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    939e54f222cb7b61d546682eba2eafb7

    SHA1

    6a7b4d98f58c2abe5626244565207f6ca1d81525

    SHA256

    3a98be0ee1eb4bce9d45a9301a805ee532c373ae96deb8f999b4b8c91dae7109

    SHA512

    32b706e5efcc0666bd7d05a1979a4688877632883b5efe566e4043410ecd0b90dc1657fb3a25dfd92b0a6a565699c6ff275ff89ff99e3fe290b4fda535004885

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8C925BE1-BCE7-11EF-809B-F2DF7204BD4F}.dat

    Filesize

    5KB

    MD5

    827b18ec9814b714c378b41a2b7f372b

    SHA1

    271538a272ad1c90a04a805dab4cacd69c782956

    SHA256

    104ba5329124ae4255baac760dc36f5e45ca51c6983cf99326bab6b9033ca370

    SHA512

    04701a07655f630f13daca550639e4a9971e33c9f85d5d53fef3891160bc745703f82a713b15584b7abefd9b9b0771141b6657c6a407cf98c7ec383bb34a7809

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8C9BE161-BCE7-11EF-809B-F2DF7204BD4F}.dat

    Filesize

    4KB

    MD5

    e4cbd0f03c7887975a0afa16a83416b7

    SHA1

    91851494afc2a2a3c0e617fa5a73e4051647abc1

    SHA256

    afee55680e1c8e5e35293debe105a48f14e4a107bc821ad7c1763d409408f133

    SHA512

    ca7e624643b87a2c235d0f47d704eb9326ca08ae4ac24e0cd42855bedd841a6d9739e86156d91986d3254182a091ba60180a2c842715a46c4a0da2c61a57ea7a

  • C:\Users\Admin\AppData\Local\Temp\CabE312.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarE3C0.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/2156-1-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

  • memory/2156-0-0x0000000000400000-0x00000000004AD000-memory.dmp

    Filesize

    692KB

  • memory/2156-2-0x0000000000400000-0x00000000004AD000-memory.dmp

    Filesize

    692KB

  • memory/2156-4-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

  • memory/2156-3-0x0000000000320000-0x0000000000321000-memory.dmp

    Filesize

    4KB

  • memory/2156-6-0x0000000000400000-0x00000000004AD000-memory.dmp

    Filesize

    692KB

  • memory/2156-5-0x0000000000400000-0x00000000004AD000-memory.dmp

    Filesize

    692KB

  • memory/2156-9-0x0000000000400000-0x00000000004AD000-memory.dmp

    Filesize

    692KB