Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 02:55

General

  • Target

    4fbbdc9c755eee6d4476976fc803591f41ad9d2abe6fb2067eb396204d06c399N.exe

  • Size

    572KB

  • MD5

    f03151ff4d4da36ac8fa3d38fcf7ac60

  • SHA1

    6ac997fe62b45b72c485d07470175f830c2bdb9f

  • SHA256

    4fbbdc9c755eee6d4476976fc803591f41ad9d2abe6fb2067eb396204d06c399

  • SHA512

    c8d4d8a2b4a878b728e82eca1c467c437656c128625316166ba014fdac5f1477be98348deefcb50a60db54c504a962ddc02c947d5b0b941cf5b513889bd82598

  • SSDEEP

    12288:2k7onL2P1pGj9ompK1Gs2kTdM/MtPHYrbgX1IuS:BYCP14pOGs2khWca+ez

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4fbbdc9c755eee6d4476976fc803591f41ad9d2abe6fb2067eb396204d06c399N.exe
    "C:\Users\Admin\AppData\Local\Temp\4fbbdc9c755eee6d4476976fc803591f41ad9d2abe6fb2067eb396204d06c399N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1652
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2504
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2504 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2744
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2308
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2308 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:904

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e406c51fbce0bc6533147b25306d2d9a

    SHA1

    9b51c5d5e60f3463f77b586497676989c494c157

    SHA256

    6377a079bd2ef3769e1b5c5777983e2550d242904200b1fefd30bbd428237762

    SHA512

    fd8eecd89847370fbef5f7d2f970c9dc7d9d417715bf135049b40b5b63dd31f76663bd464b95ed6cd2481035fe3d07a3254062c0fcf07bc9df651a8de2bf47cc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f6737c4a8f54b1336d218ee9c59d199e

    SHA1

    86929ca4c8c38fdb3354169845e727b56ecf6170

    SHA256

    919904e9d424c5420172a3ae54aab2cc954cfea1fc81c47a9bf9c2566905cd63

    SHA512

    b450443d04fab3b4c6baa11b47f5d42a37fb9cf8a0f1409125f43ac87c282ed44b631090dd4c88ecfe6ca830bba3b744a00033bb566915b17cec23a3b8d3e98f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    965e21f93bab6d30d4c711692488ac30

    SHA1

    77374086b939215696bcaf07dedae94c82d1230e

    SHA256

    de9157976cd4410c68bdc8c0e4e0b957cef48247b8945db6031b40b424f15477

    SHA512

    c235c43b01f92c6783af276a1367112a9408292d30a6b8b2e5ce9762e01f7f97d0f6a787d12eefeda010e40a39b1edfa13705226d843531b558246a20805ed18

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d3a8ee221c37b5db1a62ee04bd5f432a

    SHA1

    db2d5a903d963c8087b65e68c54046ea36b8e522

    SHA256

    28ddfe211d24476f9386d12f02afa496a826af2723f74e1b92ea5d001e9324b0

    SHA512

    b4aa3d67d9658725a121927fa037d6fabb078d6a65b6be4a18661d664f643b1d3b92a55fd680fee1763bae97b39675418743483b008af413fa6a0774b5620c5f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    25b88c2b2b51663c047d7b7b3b318b07

    SHA1

    f86300228c99cc7f176b551153f8463b10d51bab

    SHA256

    5edde440a111895cd6933d588e95d90ddb182bb075c52f293c8832f9f3f0b8fe

    SHA512

    face3940a23c1ee01c70cf373dba1501b6f6deb6d7354aaebe52e72b4b9d2caecc17593cc86e7c969e76cf17137a12506680e198d99740733bb06ed52ab5d3d9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fa0bf22525c8bbe55a8f803d09ece91b

    SHA1

    dfb312b8a5ce61f7d0d2e4200050e10543a4919f

    SHA256

    606dd1487b63949914d2d2b368e69927486680cf8a30a29df6d8602dbf328261

    SHA512

    a36dc70eeaf41e401f313b815bff58478ee38ba787350b53e9f0c0e367e753033f8abb727fe503eedd896a2413ea7d05874299bf02a64cfd8acc400f69a40b8d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c7f5051527b1810bf45b5b6607184cdc

    SHA1

    ec7b4fb196df2e2ce411250afa66aba73c9e040d

    SHA256

    f01c8de1cc927b6dcc7432f5f20a7bde03c5342b8f9466be0e577d9a144adefe

    SHA512

    00ea836d87dbb61e97033e9f5507df3ce0d4adf0ef5275a9b8c993205e49e1cbd7e465390890de81478bd3050425904b6e53f6ce220c11dd5988d67806769519

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fa71e7998ac4cd9f6b7bbd48e4b9f2d0

    SHA1

    88ac2841f2891488ea2b62b25a765d332510b6eb

    SHA256

    f41a4909ef7e9c16a7ab041bb7c8797b0c893e4187c05613bc7036b8093ad390

    SHA512

    4b13ad336475c9c147ae67ff1638d51c38fba76e39371ef914234f7f9337b64b59ada4d8f478d916e621f065b5f0a9be84311f0c7b16399a806d8d6ff67920ba

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    042ce1b8e2e4d79cfc4a28312f64096d

    SHA1

    ee1c328988b4a9d214d6c8da2780677150497ff1

    SHA256

    99d03e208118f57b1edcb81ee964aa3591832a848b410229ab929a65ca8402b8

    SHA512

    65b7e5fc44488cd9608572645e116467bea4e7a69c4c48b4e3348c4f8bce7d0253a6ddd1af3aba9a55e033400182ce6b8cd311f97b4c042da299cf47b9312d08

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a2d2aca5e7c683ce4e11efb7c3ed6cc2

    SHA1

    5d1e74bbf136533a18e94a33fb8fe1be4ab42e4c

    SHA256

    dec294f9cce308a5cabea926be9519bdde7c58ad51b9c91ecc8e2c6760f9192b

    SHA512

    c8f29287ffeab587df9fa2b9cfc38cd81837be4ea444a0feb0f42a69a296a74d9015f27a9ba35301ad7178c5f13cf895f4f5ef83d0ecc3066d4ddc2fb7735406

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    de6fedc57eb2f34c8eb1830c7f63bfc5

    SHA1

    857f0b908e369e18737b1998aae5abf143419f7c

    SHA256

    25d83cefc6c94486a61df201f0ab11262bd65605eb25d812ae45620ec61b09d6

    SHA512

    5c2a371fe85fe360aa05c711db7500a6dfe8cc00b9a1f34d33370ec12f82fdd4988eaea70993e9e63ec49e37dfd347f30579bb609ac52f6319f149b220c51126

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e4bb3be6491e19442a62a27f917f4045

    SHA1

    cdafbc2c84cf9d0ac8b0beb56146dc286dc42dc3

    SHA256

    787de35fed4e7327da5e8ab4e6147951b263468324c89fc8a06a1da9ab792f79

    SHA512

    9b1009b864d88923d816f828910ea521eb50df37abe7f2b4dc5aaf0e5fde894d5e36230ae9c6981013c2c458a06493c27d689da756a88693642aafbd153662ec

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e4cb2c7b91579d20d23ab755efda5dbd

    SHA1

    3a4922b6ba004217b177da8514d0e6d71268c388

    SHA256

    88fd282f496a4cfbfb4761c5fd4a111e72e326838ccc02c7cf187bbf8d917e8b

    SHA512

    e20d65e751440c6ee6e2a7b8d745e1307589274b2515bb55e7be2c8d0cfcafc7f5848062a9bc8a18d05388ea769bc4c7c584a293e067ba95360ce8cdcef40212

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    adb4cb13f6f9c40bea7e7c71123ca696

    SHA1

    6fe5816a5068efefaf9dcd737326234c7a238dc9

    SHA256

    0e96ba3927ad8082b8a813d4b4f0fc1d27cd80f0387224fd3454c51d85a42734

    SHA512

    b2c90951799581aedc4caba6b5e0080676306fa04fe329c40996eb03666b671596b846cfd590c81ac05cd26143be9f2cf698750507c7aaae2ab4c63f2b25dae4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3dbc0ab8e1b42fdd4d8b493f6b172ef0

    SHA1

    ec8723eea2555dec5c1805a697547c685c32cb78

    SHA256

    9c9bd7e3ab9b0414dc02a01d83708ef4df2dce3a8a2968353a62353e5bc08388

    SHA512

    31cda9c2d970278d2b441eb7d6ba3d1e23e39b47e60538dc9fabe166834ed7cd81a31d74f62a09262caf7f0d71d9212b05f5f6d073b873d51851d0ef2f14b077

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8026fb0fea35d15cf0c777dc67d238ef

    SHA1

    591faf8691b66e443df8402b10ceab58d8b0dbe3

    SHA256

    1ab2bc1abc3722ed4b10d56c576220d28772e6713d4c6652615c0c05a18256dd

    SHA512

    f99444f34d184d95fd05c3c6c450a193ed0fcd0c49954668596c0b6749ba03949cf1cc527756077b8312e5af8dc24fe2d90ae3a18a2f9679a5c0e1abb9231885

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a3a1f0c10e3155bbe375dabdfbf70523

    SHA1

    2f7d79b6697b36b3a5533985aa3a75ed14e9c19f

    SHA256

    9e45ff1777ff258ba190bdd2ee86cd37ca029e0fb0b1e2c5f212327ed089e082

    SHA512

    3e9c0f44da377d63b98b40eef603548eb867f209b9883877162b315a35f75a99c9245e91ce58e821c50b8594c0a68cdc7257ad4f176eeb5efecd06617720c96a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d9a7ff9c66e0f13120df7f61a58d8eff

    SHA1

    12baf5b714cb336cc942e9d83924608ae141f3e9

    SHA256

    93ee696b4481226430da9a653dadaa70033410bc703b6b7c3f59b19026ea171d

    SHA512

    cfdecddfef46373504bceb0db57e4d2143eeb69a7e4de78495ef1812b79a56d39888db24cd25237e94a2c9d8c7ce17933de7b574a435e197b3afe8198783e623

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7795c1a7a1657d92a5a7a3eae4c6dcd7

    SHA1

    08b34bff84f7952c260b7de35846819d33110eb5

    SHA256

    793123cf5baf968a40e6f4b41340b0332b4c5ba3525b87380579d7f0d631f894

    SHA512

    c07f76522de7def254d6a91037bc6d6f04abdebb53e22db6fc6ba9665d306957fb5ad21290501ab19af8b3c50849329f0e5a825be2578dfb54fef35854475d54

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{89A16941-BCEB-11EF-8250-E62D5E492327}.dat

    Filesize

    5KB

    MD5

    28d441e787c6488eb7c220d447fea103

    SHA1

    8f0f85e60e3c9a16d980fe6a0455c06d016a6a06

    SHA256

    62941fdead8fedcd30d65180d45fc2ca37e0282e7ba8f03b31ba15bd11cca325

    SHA512

    3c088a2b5cdc2d5f528fe500ff1a57bf027b6cd05f22e17bdd0e2eecc6adbc8075c7eb0629a1deefa6cae033fd202259add5c2cb43901a68f79d9a5b12666515

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{89A19051-BCEB-11EF-8250-E62D5E492327}.dat

    Filesize

    3KB

    MD5

    e019dd11ae2f5a1c4c8131318c8bb21b

    SHA1

    0c0c733b8a279d22b12a6686f86b84d088d61171

    SHA256

    031789e4bbbdda53c60a386f88aa485ee9bb87577574372d5afa2b8b3b50571a

    SHA512

    bfb5fdcc22277d265262229d06e934ef482b9181367ee839cd0562d07108140f89f8ee9c1253ce6c9904176b25b7b7ea0b20d89856d9b125e92e30438d73f66c

  • C:\Users\Admin\AppData\Local\Temp\CabDF2B.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarDFBB.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/1652-2-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

  • memory/1652-1-0x0000000000400000-0x00000000004AD000-memory.dmp

    Filesize

    692KB

  • memory/1652-0-0x0000000000400000-0x00000000004AD000-memory.dmp

    Filesize

    692KB

  • memory/1652-3-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

  • memory/1652-5-0x0000000000400000-0x00000000004AD000-memory.dmp

    Filesize

    692KB

  • memory/1652-4-0x0000000000400000-0x00000000004AD000-memory.dmp

    Filesize

    692KB

  • memory/1652-8-0x0000000000400000-0x00000000004AD000-memory.dmp

    Filesize

    692KB