Overview

overview

10

Static

static

3

4577507144...1c.exe

windows7-x64

10

4577507144...1c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    19-12-2024 08:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4577507144cc50d3aefc90d90076172936f6f36923071ab902affffa3c10a91c.exe

  • Size

    156KB

  • MD5

    d95f3c51a7182780ea08d8214f213cb6

  • SHA1

    fbfd65fc9bc846a01486c17eb75d3a82b08d5237

  • SHA256

    4577507144cc50d3aefc90d90076172936f6f36923071ab902affffa3c10a91c

  • SHA512

    c7c54920f097d4269debee72b624677e6ae38785958f44ea23fe8c797899d6f855d09838eb75472168dd7d7a7d52af22bd22a20325780bf125e15ad9dabaf26f

  • SSDEEP

    3072:zZgC/uOY3G1dYzZZ3JfAg/UhCshlxTQdEL5mmuXXK+yC:zWC/zY3GzYzLJfv/UhFBE7XlyC

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 6 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4577507144cc50d3aefc90d90076172936f6f36923071ab902affffa3c10a91c.exe
    "C:\Users\Admin\AppData\Local\Temp\4577507144cc50d3aefc90d90076172936f6f36923071ab902affffa3c10a91c.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Users\Admin\AppData\Local\Temp\4577507144cc50d3aefc90d90076172936f6f36923071ab902affffa3c10a91cSrv.exe
      C:\Users\Admin\AppData\Local\Temp\4577507144cc50d3aefc90d90076172936f6f36923071ab902affffa3c10a91cSrv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2784
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:3064
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2836
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2812

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b189aa8f0e99f8ca8754c04abda6bfd1

    SHA1

    44fc39b789257dbf513a10612b291e0fba6ddda7

    SHA256

    4554e9702e004ee299e39e01c6bda9eb79f6083393e991814f7bd1a44023bdf3

    SHA512

    767803b2516e25fc685e7fc240274f76058822d2d40227d3eb014eab379932e1923da5df31d4a2f62c1d74bf7d173d63a8e7d9009d8cb19c4b57f6b317ff4664

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e3b2e3b618a3d58fff715fd97694f76

    SHA1

    c2cb7d4074806a15f49e6cc36ce91c7435f3e4a9

    SHA256

    93b0ada7b4687cacea341234788b325c194b065384216fdbddf7db9f15cfb50d

    SHA512

    12ed2ac0671578d1ccc32952c0f2f621ff2010d0a4d5b9b2a5b6fb228d08994ff1f61798d5ef123f97accba4fe9eb8599901e6eb6dfe790725524345dafe4a6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ec356a7ddbd81b82319ec490d6ade1f

    SHA1

    5ce0c544e8a5dd14fc379aa3b2ec2486e2e9f3df

    SHA256

    9ac57008fde02de71cff0f1492a6e28da6f2967bdd60bb1a4a89959c09adf767

    SHA512

    909843fc3efa05bde0ee7674c3ccd827c0cd4012673f690bd646ccd687ae610013d71461623270098b1add27cace69b24dcb2bb73105270b3f326a99c27cf54c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    76dd3e2a55563918f7b3c9f932c43085

    SHA1

    c240c9417c06d85e8e4e98e344e31cd1aa6dc76f

    SHA256

    b2d8c2a1b50c94900a1eee066bd2d2912f9c85519799a13a4329863808af34f6

    SHA512

    476ebe974ac8a47451d8e513dc83dcea1ac5891c805da6600ae0aa6ba9f6aacc3c5108ac81d060a5b4145144b54a62b731723a10548013ab45f3a3281c243acb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3cbb62d9417895903a2d8c82297cf695

    SHA1

    840313314ffa60a24dc06b67d9cedad25f67c95b

    SHA256

    baed5f9c050456fbb1285995e93eca3db2c0da8146ac5be22a0f9c23c874f165

    SHA512

    952ae6c22756e2e7f167b9326ebbe9b9debf0e1843d8c3c7d356c11e77c22ba7c3c24fcbc97fc1577f70b18672c07a4d2a3a4c6999bacb36e5983bf259f18fe7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94d07754bd253a64e6dc88f3cfb8bd21

    SHA1

    43dd7f616a6c2999baaff08855f57fa37e81a34c

    SHA256

    061c83130fdd8a24954c08ff7be737e2446a679f5c22f3310829e7aec64a83ca

    SHA512

    5463720e8d7035f7d1bdc46af84dead41f0ba01c27b15c5109e8ce50176a2772e72018cb8cedca3e5c12ca0a67539f4d7d76024445fc34d0f353d675190f7b2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    49581fd8e1eca9e6ce3985e9c50d5afd

    SHA1

    50233fb3d33f84252e54b0e4bef6cb4b4c630f27

    SHA256

    b09ff746cba091fbc94a9afb7fdc3f9e48075493b1d5265ed115fac2cfd56aff

    SHA512

    7cc811ced92011a37f1d836343e1aaa27f7f7e854228bc7ff087786017c7684923d02175540bde0ab5e5bc718e2b2ad94e3d92420df698dcfd9e61a1746cd772

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    97254f06ab1cb89106b68a75e1a5c977

    SHA1

    d3d4e89e3ac919d293eb907e804cb3b2f7a7cd3b

    SHA256

    fde7e2a5273a40447b249bd337b96bce6b63ed4731c02e9e8caaccd4fa55a3e5

    SHA512

    400506ac69739cb799c56cfa582608233c5f23f68943d2f87c47f10473c7ac6f1cb2fe53d797813b56ff1d4c8aa4929ac53a44c2b7f3bdbfe35d355434ee59cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d11b255e177a3dad09df695b0fc59c39

    SHA1

    a5f3a84bc29520efd1c6bf83c4064fa2f86f94b0

    SHA256

    ac31ab72ea3f248cafdc7c614f4015e81f2e1e2d3631ff990ce1e10154252494

    SHA512

    5cd823f769e7a87b4542bda2cbf582602b94f470600a349996e19a29827071f9113873e52a27e459b10ead01e5ef3db6112762316351f45506d2309658d53e37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    908843281b50243b09e6b3c5e2f4fb13

    SHA1

    74cc411b35834deefcdb2f829ed82fbea38f3cc2

    SHA256

    2de4767f3cfd625458900eaa345aee99a4b1617b9be279321e3423c11e2350d6

    SHA512

    5cf2311148cea50e766fe25e2abe333407534a3793445317431eaab47e3a7891049e57d18e8f4136dc113ee3934a936f68d33801724746b79d5cfbdfc4f90c39

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6682a07ad2b3ef0f8357ce462e942dd

    SHA1

    ef0757b28bac33599e28bde6ec3adfe8d050b3f9

    SHA256

    21cd1b73f1afc4462891e4c50c8f492daf727d569ecf38483a434f230b7e55fa

    SHA512

    2d911165877a75843a8f8b446646ce1de0a7cb912dd817c4fcb8527a8af4a906ef9b0e551d375ff630607c25f3a3c2e3db0278275553223c7a1e8ae30b372d7b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9001ec3b2bf1576a95f443ae418f076e

    SHA1

    a395a4e037b199bfc076831e43a4f859bc64a35a

    SHA256

    a4f3bf587f51b11b5a0aca7c21696190de009ebbb64f250577d5948e8b848fa9

    SHA512

    0e53ec525f2edf99d5a0eb09fd308ae0ed4db3abba0298af5d8f7163b36bce9243180e38f0646aeade3ea3b8f6ed7dd8c056da4d30b7fe3e5b0fadffb2a6161c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c10b713834740b82eb256b62414c6de8

    SHA1

    3776d2ef8f700bba6451f3cc559fd88f8350d13f

    SHA256

    034bffd9356f9ac2b7a31c3be96972e60c2d946670545451abee32d75b66aa67

    SHA512

    fca0c797860c8b9209a772eaf74c7b808bae2b05524034dd21f0a652e37b21e608d65007f0c2895d87a6b2fe168fd7048c47014decb657c78d3326f74be5fd0f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0ff15c783bb5354369e27517016c3a65

    SHA1

    ca23f73b8bd946f23f54ac5fad89f5a48680551f

    SHA256

    5998440d2d250149c1ba0fc19ebd824439acea0962a844a27a06ea8db9c4170e

    SHA512

    32e54265616aabc39c643c7585b8f10cf252f268e65f6a4d2b26c0f0d6b7d2d2cf24aaee8dd746cf737b155f6e12e3d85738c0b868269f1ec9036ad65be75785

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d8cf3c62a288b572ef8883ab9df33744

    SHA1

    8e68a1f01a22c669b974f9a46da0c822dd5168f8

    SHA256

    60c79f2b94c382f78543bbb2ba561073bd9fc8ed2709e1d69645b842bf37ba59

    SHA512

    0c8336bc82839510f1bb7d0eecc680f5061376089f199fde2be290f508370526e9f66a1ca1eacbf4e75ffbdfa98443ed226403ee0d068591f4a760b0d2cd3743

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    61ab5fe00549a02349285c7f5568bca4

    SHA1

    ed519c82de8580b2af9e1de391cb51beee91783b

    SHA256

    a32acbc7cfc411cd8461453397dedf96f81e99ddd8f4f2b4c5e943af2625f552

    SHA512

    9f781496cc95bee09aa893fd80451354563634a1f4b0e4147c965998b731dadea23cd5352f058949ac19299ae9f4a97e3b7c9f2250eb3c59518a35719fbf6f9f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    76fba226d3476aca581e2d00cc1c9826

    SHA1

    c720c566316c1d8a48e3c9dd26a0b4621a6c5011

    SHA256

    b46364ab469ddc0edc32a91e015a3d9d89bc3cc0a8fadd4038ddc426f071af1a

    SHA512

    bc97e4d1f5da8b4c85600de5e70644ca343937e94331b677696d11777d2d2c42f3e8020422f54dd9a0c56ffde6a3f2dd693991b84d19cbaef4aea4c7e6e6d316

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aeacfa1c6ed390402b905436310ecfbc

    SHA1

    5293fda1cf18689ca13e15916ea370dcf9a52968

    SHA256

    26cc3046f499ca818154ea8851dd8847becf61ed9949b83d73a66fd09c21fc93

    SHA512

    9c06596f6be94aebfcb4b5d71d6a87da423943c1ad416967dc72ca0d47f9d1abf368d93758975dde49134c4593627289f0eae3a4fbd496c7188e96455c1e3d4c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab94F2.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar95E1.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\4577507144cc50d3aefc90d90076172936f6f36923071ab902affffa3c10a91cSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1612-2-0x0000000000820000-0x000000000084B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1612-9-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1612-6-0x0000000000430000-0x000000000045E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1612-1-0x0000000000820000-0x000000000084B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1612-0-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2784-14-0x0000000000240000-0x000000000026E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2784-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2784-15-0x0000000000260000-0x000000000026F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2784-16-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2784-23-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3064-29-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3064-27-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3064-30-0x0000000000240000-0x000000000024D000-memory.dmp

    Filesize

    52KB

    Download