Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    19-12-2024 07:58

General

  • Target

    4577507144cc50d3aefc90d90076172936f6f36923071ab902affffa3c10a91c.exe

  • Size

    156KB

  • MD5

    d95f3c51a7182780ea08d8214f213cb6

  • SHA1

    fbfd65fc9bc846a01486c17eb75d3a82b08d5237

  • SHA256

    4577507144cc50d3aefc90d90076172936f6f36923071ab902affffa3c10a91c

  • SHA512

    c7c54920f097d4269debee72b624677e6ae38785958f44ea23fe8c797899d6f855d09838eb75472168dd7d7a7d52af22bd22a20325780bf125e15ad9dabaf26f

  • SSDEEP

    3072:zZgC/uOY3G1dYzZZ3JfAg/UhCshlxTQdEL5mmuXXK+yC:zWC/zY3GzYzLJfv/UhFBE7XlyC

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Ramnit family
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 6 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4577507144cc50d3aefc90d90076172936f6f36923071ab902affffa3c10a91c.exe
    "C:\Users\Admin\AppData\Local\Temp\4577507144cc50d3aefc90d90076172936f6f36923071ab902affffa3c10a91c.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\Users\Admin\AppData\Local\Temp\4577507144cc50d3aefc90d90076172936f6f36923071ab902affffa3c10a91cSrv.exe
      C:\Users\Admin\AppData\Local\Temp\4577507144cc50d3aefc90d90076172936f6f36923071ab902affffa3c10a91cSrv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2576
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2912
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2936
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2936 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f5aeebd35e8f71e774505f3282ab6184

    SHA1

    aee5917fc8f1492276f2d8e56a6e491dca96b9c5

    SHA256

    dfbe33a8ff0e044db85e4b0af5879729ab1372335f7e92643f3602390a5413de

    SHA512

    35fccfd2d4cba80dc86ea5b7e0aaec9b8730d29ddc292cc5bb047c307e62a50a7228d32dda150acc96e3028889969c9d3896b549580a417f2ff4fe9822105b32

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9b19e725b2cdef483827beeb0c9ca874

    SHA1

    1d124ee9076dcb2668dff26610e9b0be14872b78

    SHA256

    8f25261e725692cf76b8977f37d4739827ca9b5b4644687a6c6e0ed77400926a

    SHA512

    de6717883fa3cfc5230bcde12cab0c3912ddaaea9666a0225aa204f292a291a666e340edb62cbe8defa211cd2b3fe5b25f93af605125d1f5600271c991a79076

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a43209fe1a100e723d6c036510e6cb51

    SHA1

    90ffceab0bd1ee4120c90645c6878a128a45b82e

    SHA256

    3db8dced98fcd63d19dac644c7dd7d2984f0eac3800765aaef48fa299a084dae

    SHA512

    32769e4345b89b7d52d5338772abace865f338c3103278110f8c85b1bda7704006db051c7741638501bb017587abeb0d0a6b569e2d88124c61931522131b69ce

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    10c30d060a737aa829ffd94571415159

    SHA1

    62ed05223d9cc618a0dff7fc78a5526e56a90264

    SHA256

    376d4a30757cc81da7058e8d63dcabf648f5ca5aff5cf5e7da9d70a2539b33da

    SHA512

    a3cf9d21a6d329105e8db690d8c4b99b250c74fec4b4b4ffaa75abc269b209b913f9e5bb4e639a398b9dc9f6d69fcf13aac1457274467aa4d2be1c98fd028f12

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    58de8b22022d0b12c0655aa04584fb2b

    SHA1

    c4fc24ffb1e7db591a0b8823e082be56b73bf6c5

    SHA256

    ba409e306bd44e33b17d9e637e48dd2017e7e133cb57c23b99d7304db0ddb71e

    SHA512

    7d07efdf737ac884cd802f00b8c5732056129035e827803a3c4a6a1bd36a95ab82d54bd5e435d9637003b3b1ecba4076b884218480d28511841ab0b24f417552

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    84c8f226ae59d9290d52d2815343b6e3

    SHA1

    b7be8a32db0e2860777db4ad54a34e68a892d5e2

    SHA256

    73a450b7e1ce162ad1bcd60cbf6d414a8decbea03891364a167b9199ec1d8397

    SHA512

    057c44d4ebbb872840d8661ab43690fcd1e340150f61c8d20ef5f3a25c9efca8a6fa19218afa88ce48644f5aac0a3bb570a9ae890991ee6c681405dc22398dea

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a6595f43fd08675fa2e4d4304bf8e854

    SHA1

    3687c27bf41c675c757af0dee3399d52e17a8213

    SHA256

    aa16646f54484619da68ab71be13b3ba534295f06410b5adecc1ac4ff4da5def

    SHA512

    422803d64ac69dd4ff439ba79488fa409d6787ceacdf9f792b58ab7f3ef0cda0f0fac86076219bdd54d9ba89bbd917a3153246d85425482212c3e66c7d784031

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1ed858caee9aac7b8fe0b2e06b887959

    SHA1

    87ee2bb587e2f0ee746997de6523eeeb02243570

    SHA256

    cf16fa982996a831648d2cb36315f65f22b978e66843e4167cb8ee82f234f3d7

    SHA512

    24cebcf1f7467df85a55d349239e2555676fbbd948e468682602b09c6ef3b067250dff87193c78bbc3dfcc8ddb59d5001ea440592e1eb0bc86a19ca6d7e06d22

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f8730be511269f44cd23f35010d5c170

    SHA1

    36a3a47b85faa12e7b01a0ab57d8c2a1e03876af

    SHA256

    f7573eddec72ac62ce51d5b9736e61cab40e051bf659ff3145f6c7a51b6c2414

    SHA512

    45ac9d4380dc966e90ebd0313f9366677b41e010923caa63191a0f22d07771e2870f1be801ba1a9b5dbd7e1e2b480199e13004e0d307b22193f86b34363ea7aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1a1c06b6eeef27828737d4da0cc5e2d0

    SHA1

    3036f6d2d400aff556617e05c688bb49e76b5e0a

    SHA256

    f841adc90f9b7ef9db0118c96563134071525966482f31377edf60b12e8f77a8

    SHA512

    eb4a7b43eadb448b49bc5034a0270d3de484ceb915f73ca9b7c7e23321b57e645ab22ad842edac514013cd1db80e51fdb908320636b701b8652236d362bfb012

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8aad22d195f48264b1ae3887b9e08237

    SHA1

    7dd245aeda64e8a26b2e3c75f1db6f024aea15e3

    SHA256

    d554b5896959b1589b65ac4f08dcdde356d5692f0da7a138e75a2e4e21f5d837

    SHA512

    14fffdcf60d2f5709f6b392a4416f0abaf46b057e1bb79f6d1f7b9ed45b078b9ae4f2ac827e5cb1aa14a171a232e51101e56c09f34bba8c8ab599df964eb57a0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5a96989b432d958748cf77857362c5ea

    SHA1

    b10594b4f02ad3d850483924e140118f594df330

    SHA256

    f82b14ce9e1f59b57af6e630cf22a2fc54dad1869bbb22a6f3ffe924b18dc1e7

    SHA512

    1ba47ebddb53b3086244c1d60213064fe6e6a2b8bfea9ebb44bd7a7f6dd17d38ec6e8cf94c4ffc20114d12f6119de5d8dfc51eaf8f23e00bc2b1b989ff1a9529

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    87fb6059663ff77922eaabc78d88a12a

    SHA1

    9ddbb3e27020b4ea57e591a9ce985abf3b811804

    SHA256

    204f4b9267bb26bc002b2245fbe0c4b63490d6947ba46a068d12260d150532a3

    SHA512

    c0a43b75bf25cef60a823b6e445ff4b12810f74f2c0c6e573ca808e2db4ccf06c8298236a1333c4e23b5a12c458e742d126bfc29eb25f0ec820a3e691bd2e700

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9a61e59ad56968c30b879ff3382b7cd5

    SHA1

    f9a7387ec70eb7bcb54e0a271abfbc40283e5ab3

    SHA256

    1c41cf0623f326c34143070d5d4ecb07aa5b92e8f1fb86c2926946ae6dce8129

    SHA512

    f433f76bf5a5651fd3bac786c3794bcdd0cf4fee2cb0086128f6e917b9d551576f90549c74e67097ea98f9e94d6bc078e7bd4d50b2dc5782c87e5f637653e834

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e0f1c5270a82b840b61abac86c7d3134

    SHA1

    9b7bd65a8160db83d8fae0d87b135552e04f9010

    SHA256

    dc652c1128eb60e32d4a395402824b704cc0eb233e1aec93d940c42814a14f8e

    SHA512

    5136761dadb28a6cef2097ba88aac82e61664f30e4cc35ce366735195229c2880009d979e27cc85aa9a6f1ada8a28ffc82096d0858c506a5c0840fc232e9b3ac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7cf78f07d308ec78f9f9493060fb12ba

    SHA1

    f1046175433ce5ad4803b311daafba13fa20a87a

    SHA256

    0a45ef8cb9d1f32540822e3929cd2b38c1c512b6f0fefce5594f765aa2fe79fb

    SHA512

    da1f78ccf446a5ed85c88f8e8e10f2f2346ad87b142bae307b70f7f0fb15ef824eb45856f381a09cf74a557f54f295020621b7e5c749822fbf794be04fdd00d6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fac89e72e530e175641c8e2aa07fd78d

    SHA1

    960260a32c1a337475e9afbaace6f228627b2186

    SHA256

    652ca422238fbcb9259635f44eb46c9b82bd103e892dc194a855ae07759151ca

    SHA512

    20fd40b9b3eed0bd93a52edcd3c48d45d74e972b2b25a785efda371b9a4d429fe8c35432334bde52283c4fea080dd2b9306560a47d7acd581e2c045ee9ebaea7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0e49f90965c02ccca9935ca81201f7b2

    SHA1

    4ca65c8762b5930dd6ba10dd2bb2897133e859da

    SHA256

    2b2e238fc449daac3859ec7cf6c3d350cd37288c0f906c2c0f8d088dd28a44a1

    SHA512

    0d3ae82057988ba6a177168ff07e2e270effa13573a32eb9de51cbc8357b250864bf24376f356964fc5f45843c041be461ea56939c8ababbbf87242147a679c9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4ed7d3d6a6b7434075a2ab615b5d4163

    SHA1

    fdf31082f1880b11d90bc6678b565cfe2bd1edb6

    SHA256

    5147a3ce4bbbddf896c5f2a0baf1d846b23dc62cb0e8bbfc7e6cbd4146f72bc2

    SHA512

    c2537d5e823c6dfc362f7433a2843ff6ccb0a93f3ef3664febb60cc1a38a7c70e69f8ae1e8f712d4584df994b1ddfa0dfa310b409b97808f6bbbd01ece0f7034

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    937b66913f14ccf16cf8fa4b114e91aa

    SHA1

    595114eafdf4dc1f6edd2e0d52bef142ac9d7fad

    SHA256

    a956ab938d223e4abda3a93534eb9c6e98c1b2dbed8bf891ed5ed4aaf013fc1e

    SHA512

    98e22696b10dd1b8099aa68fbba846afd4c7dd41b6bfbc9bfa544c37a2516d70270ce10b70dcfaf1d25848787288ff47e3af196895c64c88732759246afde2f2

  • C:\Users\Admin\AppData\Local\Temp\Cab9408.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar94B7.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • \Users\Admin\AppData\Local\Temp\4577507144cc50d3aefc90d90076172936f6f36923071ab902affffa3c10a91cSrv.exe

    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

  • memory/2576-13-0x0000000000240000-0x000000000026E000-memory.dmp

    Filesize

    184KB

  • memory/2576-21-0x0000000000270000-0x000000000029E000-memory.dmp

    Filesize

    184KB

  • memory/2576-15-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/2576-14-0x0000000000260000-0x000000000026F000-memory.dmp

    Filesize

    60KB

  • memory/2576-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/2912-28-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/2912-26-0x00000000002F0000-0x00000000002F1000-memory.dmp

    Filesize

    4KB

  • memory/2932-0-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

  • memory/2932-7-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

  • memory/2932-8-0x0000000000240000-0x000000000026B000-memory.dmp

    Filesize

    172KB

  • memory/2932-6-0x0000000000240000-0x000000000026B000-memory.dmp

    Filesize

    172KB

  • memory/2932-29-0x0000000000240000-0x000000000026B000-memory.dmp

    Filesize

    172KB