Overview

overview

10

Static

static

5

c39e4ecea6...88.exe

windows7-x64

10

c39e4ecea6...88.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    94s
  • max time network
    68s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/12/2024, 05:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c39e4ecea681f448917d8406b95306857cf0a64cbdca9179fe4ae376b8a59f88.exe

  • Size

    221KB

  • MD5

    374e234421641c28254644ab16f0966a

  • SHA1

    e595d0eec4c864387da6e1007f8e3c5b82bce0a1

  • SHA256

    c39e4ecea681f448917d8406b95306857cf0a64cbdca9179fe4ae376b8a59f88

  • SHA512

    e8d5ebf793f9fb83fa90478af1dfd4e32996d0797abb9075d0503b0c0ec21ab8d25a84118df2d24826940a4fa4655d9a206fb972274244251f4fcb396a8fdb9f

  • SSDEEP

    1536:vOC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfB+:vwV4OgSzBmh04eZFkz3Rr0gwGj9Tf8V

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c39e4ecea681f448917d8406b95306857cf0a64cbdca9179fe4ae376b8a59f88.exe
    "C:\Users\Admin\AppData\Local\Temp\c39e4ecea681f448917d8406b95306857cf0a64cbdca9179fe4ae376b8a59f88.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:276
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2016
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2016 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:856
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2472
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2472 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2820

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a938c28d0f118d249409e33b4c221e42

          SHA1

          35795b40fa0258801ddf8f85d8ec0fba87231518

          SHA256

          361486a8f139d5668a4016c99dff8e8c4a84b4d1f8342313fa691510934aff94

          SHA512

          34fcaff4fa1fabb976e4dbaccdffa8e5fcf8cfedf670ecadc381f1446abf2678833754a011b370b66f5a983f45c0f91891d0f2e586def321c0e53bf7330aa067

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ee304c0c2fc752be39db0de563aab836

          SHA1

          ff89e1c88620447218484790e0927a27460dd20d

          SHA256

          eee5ba5e192a78e0e3e58a113b26329738470b41875ec182cb4f43a3de7dcec2

          SHA512

          3bd8c3c4cd4fb861d394d747c2010b21371d885fae17c06f9bbde5b4026640bafadb8c3f44174389761dd1787df51bca87175f43b47c53f99e57304ba6f19391

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          daa263f0caaec9db1253d10177b6518e

          SHA1

          8c2fe933c2373baec2c39878849e78afe50c2576

          SHA256

          83ab21796f676b52d49031cc4aa5010ee7703cb0b3fb46820eeb85839b719d10

          SHA512

          d62c5eaadedf51eb2b30208076ea65eb1c983499a85dc45fb58db8d06498a5946839e7bed829e810956fdb10071797aae5abcebcb460a5a51c5eea6e2b1aaa8f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          eb17e47b0252f4aac32172ae49bf82a1

          SHA1

          3aecdb985532e8cdc3243497d8c83f155023ca90

          SHA256

          662521c95c0033443c3c0fb570330bae4f8ad1b866d7da6a92b1de9d1ffc48c2

          SHA512

          f43c6c3ddd9a834ed5ad5b5ddfc127f4ab2123e85dfa64c66e2395a3cd22e93f42e53300d39dea2049166e8a82e99f6205c3c535470b05dbbf773b51cd5c7bc1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ca7ffcf926e9b6d920b58849b9d9373e

          SHA1

          e7e70390c609e49271489edb09e7890ae27d0bd1

          SHA256

          2a37249ff324984de69058532801cc0fa7af0671d77b9d5b2f4a83be4ea435d5

          SHA512

          635da7b70942bd34168cc9251f1c31f577124d9fafc599573ccae4f10d9043f287ba707516973355131714af8ef1adacf2518dcf2b62221e162e739b5750aed3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          80dbea74b50b6cc0314a6f03a52419a3

          SHA1

          653dab70552637993306b0211c4e0ddc3c86e750

          SHA256

          f62619c3284d5251e38062f4225643df9f7a4223e05c66170eef7a1fe130d22f

          SHA512

          ad351b560aabb6583979321a50e5ff1227ae2995943c42d40bcdde3fbf3b31c6cc6497befbd10a4eda5396e9402b40f1fbb0ccdb2c926d7c60a1eda6c496daf3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b4933bd0c334ab162102f3a389ab86f4

          SHA1

          17e99502bf4878a3921e7a542ba65b23907c188b

          SHA256

          b007bd724631ce09b5ee57b965ed617b675b95b05531240bf44e422223dde668

          SHA512

          f7a6650a333986d4ed2a614fadc225c10c45c701c038893c3b43377bd514bfbe4afde2863f6d49f9d61c0c474ba1e25b3935404fdab906c1ab5a418a875869cd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c2bbf568293e0fa2563ccc24e91faec3

          SHA1

          402150610346515a9257d8ace9cdf13b18e5e574

          SHA256

          b184e33042f6bc9634f6bbf011491159e182976b32efc62fe7bdbe16c4c1bd55

          SHA512

          a78736b4dc2896e7ddd429b7cf03fc40c9e8dfb1a121df13e20afa3cbed9475b2f0587c3ff9df3d310fd75f5372530968f55a3c06b3bb481b80fbe5f3c51a578

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e087c48bd255f187cb58ff05cba983e5

          SHA1

          ead66b947c958869a6707b57b39b587ceaecad45

          SHA256

          7cb42d9e3836c136480da53142fbf54184795db0387b4e569246e756a3c2b041

          SHA512

          0b998efa9f2b386afe7b8b1c5834cb80d4d3f95f113005f11719c2a0c5f2f9e2ab44bb9c6da2b80ceb53ad89727a0e519832a6a631cd8572349c24a73085c54a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d761c06baa0d6783cbdfe3897d6ecd1e

          SHA1

          f9e567fdf216a8992668f4eeba3c049707642b87

          SHA256

          be92d753acf6f3a0954a404f8359cd372f9cc46b2e47b5d9611daa9d070cfae0

          SHA512

          9cf71d0138b55b7146f636618d001f33070083f7e4b8881d846d38e6675d26928eaea81b2c4160971ae163e6786c68a4279bade37ea816768ceb75d300a75b27

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          93cdcee0d4865b6ed72d73708f01f060

          SHA1

          f2a2096ed8ad2e926675086aba3c44418496f489

          SHA256

          7837c9413301043f63e75db27f262d27399095adfa3836c6481ef7ee234fbed9

          SHA512

          376156d89681e8fa6938e2d0331fe973e77beee80c0a0f24572d2fb4f9e46ce62876da0a880d0b3b3bf732cb43952a379a25803916314348ad900951dc2dd18f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d800d43a3c996dfc4d8a1e2dccbe7acf

          SHA1

          7e38365647895a287881854809de1004e49b9f1c

          SHA256

          61d77ceb15cc5f3787c6495ae18efedbf54131f861eaead0e2a624967c9437b2

          SHA512

          1a3e434ad3e62ea605e6e189d2f7af789bae0f86d7468cf957a1021048e0f28cab6361693342cc57092a3a6688abde1d55da162b90258984893ef11991e293c2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3731cde74738dad617e7f5225e18dea5

          SHA1

          99d297834750065045ac776035bef72812997f85

          SHA256

          0d8e47f4a15cc2c504995ee3a4b554ae80e11bc6888bfaafd7a1f6072f9e2889

          SHA512

          5a1fc1096c53794fd10ffa6e97b5dc86eaf49698f35459dbf3e5790d5467861231941f8faa7daa4882fb7cf045a1f9cf6e50362c9978320a018abd4257aa875f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7231a0c122e4c211fab5f9e19bf4e600

          SHA1

          f93a9914f755711f089b28c20f81b440e6af08fc

          SHA256

          672c2d585948b89ee7d8e2a9ce751533312b322994307e8b590986094c552f0e

          SHA512

          4edca23f21b40ea0548c755c0d6a81b5ce876760afaedf5af1844ac973cd1d6b89e6f657b9c002c135b94275df445907aa0f7fd13b7bece9ed6961997fbd7bbe

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bb6e1beccc0c5e0abd52bf0413363cbe

          SHA1

          a93d71b62512bf9349835b9db7b758bb7c990a3f

          SHA256

          8345bb6de90a6b4a6c657a0ba55719a1013ace68f449c63bd63597fd6f6d80b5

          SHA512

          9af0f9fdaa657416f00118fab23edb061446cc2e98985b1ab2a37eeb041181f1a38b571ad08fcc8f75744e0ecf5d41e0c3946cde3a26a2a14cc10710b5e02778

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          069a55e45e6d08ed7e76af8fc4e89fa7

          SHA1

          1cbff3cd13460d8bb5aac334e42def210510cec7

          SHA256

          6ba97d8944925a4519430ba7d218578be3fd5557fd9333c319eb2d0c230fb825

          SHA512

          d4a2d1a2d4d105d8ce57699e3b757038d44561f7185e2acf90c6277527fb777e2007335e34c4fe9a51717743756561c96aab64df9dbdd8e24073d3d92f2924d5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ddb129e8b616c64f40a811f11a5ee940

          SHA1

          6a27c13e5c9c56f0d71a176ef5f4b6e39c3e5eba

          SHA256

          15cfb91407ccd8dcc0385951cdef68b0b2de995c8636562da76bbc88de6b9c04

          SHA512

          ecb154ee64edb08b18ae5df8cc21f271153e3797d12703f5e27519daf5e2d68cda7ad2498530b496a0a804791d0b654ee8be4e3a3db4d981a40674fb2b7144c6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          72cc57192de98da2119f67ca7c7fc90d

          SHA1

          cef36630aff609f055ad54ac7462e4a7c22a9872

          SHA256

          bd09d2b260b1201e780925705528b96ea1b33963e48888cc3ce370b2c224aa69

          SHA512

          ff784028a97a28787e5007816b8fee825684626e40ab6b041928fc91166e4a8fb72a9231ea14b786bd5fd3113f40e38e0ce90a1d40795dcce8c5f7314cbc0761

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a82c425b1032e8299fca7658cb00daa9

          SHA1

          98fd81506b0fbebf2f4038327fe475d85bd19649

          SHA256

          d181381d90c842df09784b11ff00aa7a91d41acb3113a551a6f3e4326ed43fe1

          SHA512

          7d2594db828778986747fc65223a340953e05e935e0314036c2c074eae922b068290483b7c036c6c60f0079ae03d9b88d46a1fd8748c8141e707872a4a113ff7

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D6F51CE1-BDCD-11EF-BBB7-C6DA928D33CD}.dat
          Filesize

          5KB

          MD5

          152b615222b0149704b3a7d312bbcf13

          SHA1

          0ac68f10fad679f7849bc7accd013b04f86584d9

          SHA256

          033625d0baf823d8e4fc5091e7e7e458ae217bf1bc5e846778aa09d1a05b70f0

          SHA512

          cf7890e2cf61c6b9b78ac76658593020c51dc26c0aa817e71272b8a1a70721ef7e637653b5afe2ef8e5de4272803e44ed34db68f838ef4d69291d74e9e65686a

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D6F543F1-BDCD-11EF-BBB7-C6DA928D33CD}.dat
          Filesize

          3KB

          MD5

          4c66df0824ccfca14a9fb459520f4b34

          SHA1

          91f0c9cd1ce2ba0c195836cbb24e879271fa8c88

          SHA256

          28181ab6c146f38cd7278db127fbba3d8b585f278e4231446cd78ed2fe233e2f

          SHA512

          7b4514301dda019078af9596e8d8749cbbb1967d41aeef52cdc86672c445ec5bf6fa5f34044ce3beb18a997a0b4c971ffce02b672110e9830f6ada4b12f193a6

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab419.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar47A.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/276-3-0x0000000000260000-0x0000000000261000-memory.dmp

          Filesize

          4KB

          Download

        • memory/276-1-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

          Download

        • memory/276-0-0x0000000000400000-0x000000000047B000-memory.dmp

          Filesize

          492KB

          Download

        • memory/276-2-0x0000000000400000-0x000000000047B000-memory.dmp

          Filesize

          492KB

          Download

        • memory/276-4-0x0000000000400000-0x000000000047B000-memory.dmp

          Filesize

          492KB

          Download

        • memory/276-6-0x0000000000400000-0x000000000047B000-memory.dmp

          Filesize

          492KB

          Download

        • memory/276-5-0x0000000000270000-0x0000000000271000-memory.dmp

          Filesize

          4KB

          Download

        • memory/276-9-0x0000000000400000-0x000000000047B000-memory.dmp

          Filesize

          492KB

          Download