Overview

overview

10

Static

static

3

LedBadge/LedBadge.exe

windows7-x64

10

LedBadge/LedBadge.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2024 07:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LedBadge/LedBadge.exe

  • Size

    6.6MB

  • MD5

    b9c1348d84e3eec720d1e1e02480c139

  • SHA1

    54682a9b74a9fa7f8b8446a6e1c295a7418e9616

  • SHA256

    4bc8dfe2aec309abcd00656b991907bd88b0a84e11f63fa2ba7ca51149299483

  • SHA512

    15837cac92bb2299b8060c0a0f201c120dc109c69cb5d1bd69640c77bb4c6a5c98faf78868cca9b5dd72d3dd8085f695594586b64102e903fd0f03ce0d25cede

  • SSDEEP

    196608:JB/nTBQzSWhmWcBYAkm8dEEMj0sUQ83oBsXUg8GERgK:JhK

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies registry class 28 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LedBadge\LedBadge.exe
    "C:\Users\Admin\AppData\Local\Temp\LedBadge\LedBadge.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2688
    • C:\Users\Admin\AppData\Local\Temp\LedBadge\LedBadgeSrv.exe
      C:\Users\Admin\AppData\Local\Temp\LedBadge\LedBadgeSrv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2784
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2764
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2668
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d430facecbe5f4d2a2e964d6bacdefe

    SHA1

    6d7f9efcd46ef8c992e77644e4a2aed33c9e9002

    SHA256

    4816b59230485615668da14b34708923a5689070bd7519712bf2fe538c1f2cfb

    SHA512

    c9039ff95921d116256e16fef549f5afb5da68a6115022d5a999a2def9c5d182360ee1937371c651edee664896b5f0660dcbd615308362a89f5eab24f304bb16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a21c3097d8e28a08b0a74c32b8d1b41a

    SHA1

    143e6e1b941e9936d732cfaf758a13f7b99e29b1

    SHA256

    7141fe4101c459f8c649264cb7ef700c6e7a37e3378db29caca28977fc31c0fb

    SHA512

    f896959ff9321055c4f9134faeb9acaddf1092a2b59c59b021bc192ce2131cd0f58634aff0adf95866cca8539f266f79c12757305c6d6be569e5d8315ac324fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a3adf1cfa6ff672eb2941d4cab94a589

    SHA1

    a3e79bc7ed785da0de52f9f68c415969276e1610

    SHA256

    c0d22f6879a32f48f7aff1a7c38820771eff6d819ce760f29f756e362686267a

    SHA512

    9f7a2d11c40ac0b120393119e14a9a2cdbc5f45c4e63c96dc1787ddd0d0c541a07752d442cdfbb02a5633eb5d1d63c9e9e16048947e39169533827c74e875dc4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aba7318dd90f09eb1f8b6679e0d241e5

    SHA1

    04058b554760a7a4bf1ec7155d71301e85ec1258

    SHA256

    999ad9629fa1255b87e4497bcc36ba68daa25e1e6d32b3b76da57f8ecce59a49

    SHA512

    e6dc2be3961adeea6687b399dbd2168827396b3b723d72aaca6f7f6ec9a2d5a00b1487e49fe46bbb53386043805ce992d6edf78122f255c3cbbd60c0f1c47f4b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c92fccc900e55ed0e55b2a9ce439b80b

    SHA1

    0a94fb7250f05e4702114b8c9f35b2e8d5460f8c

    SHA256

    2a235d4672ea72a43a0cb37f1a401aeacd74ef2b03f1e7a0bf6a48f158c474dd

    SHA512

    c1320cb5eee7b2f7f13fdcb87edebfb8340f893224f25b87b067aeff5a8312ad3e64bdc0fb819708ed6155f685efcd7a139b5ea7a442f0d5f74a2c65e2e563b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    954ea6022a75c0044fdf41c675d7c267

    SHA1

    48c77b57173ed2eb0643d2e031f32fc4c71aff17

    SHA256

    77b410bef490781cc96e544a3a3cc247026dceacfd737aadcfa03bc1a8ff8c8a

    SHA512

    ea846119a0f962b3b629c44933247e27e5acceaa52671da62ae84306d4b6a555444770f593942d33cf2529f648281c0a077a059485d5bd48a0538ad982b1b05d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f189bfb4730c5124349a73e310b4f5ff

    SHA1

    3eeab7b5b557b34c38b5cbdc48c6d5fa2b0b8151

    SHA256

    60c469fb27a05a7eeaa86720d1c24ddf40bfbe0a402a1b42fb21026e151561fa

    SHA512

    e09ea2803d7075d8c91f6dbbb1f8c16cb1cd1bc70d5e8555a0816a569936a428424f99a61d086d4e657be3a5428f695cdae6a5b868cf63ba23c0e9876f9556b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e0958dec72750fce6df1aea7bdf5b22

    SHA1

    f731e0802ffa4aa66554c6207ccbef0f478fb1c2

    SHA256

    ddd9cc75e529512decf4116854a67983f4906856428da22c9ffebeb080342d82

    SHA512

    fa854bd7c94fb9c82334b86df926158e2b445d23f20a8a0027e363f89dc70ce15402b26aecc59097df3d6d2c656484c85e0877b8bfdd3af96ef45cf6c5a2f957

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fff0b320ca3ab2cf7351230327abd337

    SHA1

    905eb75c67c3af4ae532d8f99fef6e33aef16876

    SHA256

    84eeccb445eb23b4e1f40aa4e348c12789e894abdd04a40b72eef0c03b506ac2

    SHA512

    1c2396ed8a29e6f40a9c307165758a9fce3ab18d48d8e4b2e26194e0d0a5ff7128d0d2cdf67885aafcc65ebcd648708c1751078b7ae6942b8bf38931ec67e297

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28220e9072d4418587b88616923d0062

    SHA1

    bf03a5009237893db99942fe531b9e6c711ee617

    SHA256

    bd6904bb6525e62f1aa179d1bd134f06bc4e2731be0d737ce6cd80560cfb2e19

    SHA512

    c01823845c36be6d7169a06fdae24b1428c6a41927ee8babcc11093717fa1df45af965ea0071ecc845ef42b5d1a50be2968fad5f7e3e1914bd1d10c6f7bda98d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b9d1f6600780fc495fa435c0173d8246

    SHA1

    b32ea26fe353fc284f476706df848308c8517202

    SHA256

    b7524ff8b6639bedae9edb8f21f6e5191754e2773203501244529be1bf24b6b2

    SHA512

    1d46d30db28c9b5db6147b089f2570c87f57604e059e0861a11021743cca75fc850f37bacc07f3c36523a3153ae9be454658ab9ac773938703e646f61d405bab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    809ee65e4315e46b2de92b07cbbe7288

    SHA1

    791f20c497d8918543476d200354dc99ed99777c

    SHA256

    8a76eeac037fa1aae0b2764dca9c9c4f51bfc10f60421aefccc0cfb6cd60cc64

    SHA512

    7ba2a19d96bfa55f452122327f3ddcb5a57bace306144b5eccd8270371872b0f3e3d6c5edf181da5e1568445f7254f7494769d79159e9862736631e2ec657548

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c1c16dbfde81c854442ded6224bbd6a9

    SHA1

    78bc7219ccd4b9912ede6e04f935c7fbeef4b035

    SHA256

    4be2a77c5aee7c671293b917a85f53058ce66f4548f50abe81401d7ec59d9d3c

    SHA512

    0a1164b072e0c4f9fcd87585772f807313edf209b0dc9580f484466b087161d0f1838f2f28a305b85a8356cccb6eb3b0f1f052f365337cfd0e9f935515aac576

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65d925df01f5a80aa3a45d7d6212fe45

    SHA1

    7560cfbf12c073de215da6c87d020c71b2818723

    SHA256

    7953c43ea516a905a62b2b3923addae59a5d80a71ee1f1ccaa25e5bb09c4e578

    SHA512

    5f7ee83577f162b83a91a7e55238565a3b7511e1d56c013dc8e0d6f81a62de561a64fd798aaea126619512fccdbd4bbd9fa5a652f09c8a7e0a83cb5ed62ae520

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c60e808524ac34cf41fd5dab8c820cb4

    SHA1

    2cfafdca09c74b053938b171ee0d167a539e515c

    SHA256

    2072a517a6b580225869a39d2fec7a725f2bf46174aea0a7065437d3076a7367

    SHA512

    26b95e6ae0e347cf8d637c05440622e5650b735f19b20bac912a0d6243ef6a1a5c8bc856ed72c34dcbf09f2ac9c5f92741f28227cc10cd5c90ccb2e5d1a54abd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a10cacafa13fad07c49246d6a7378f8

    SHA1

    505b567e29ce840792499e7c2202e674efde1733

    SHA256

    94319c8afe5bcc0a82c59ceb4338cbbf8abd9dbbb7eb352df2dc4c5f9415706a

    SHA512

    4d7be319b5f1115290e284eb248cdfa8c9b7791bff53366319251913a3a09b2844ab65f8a84eda5f0299b032b44d25d32a657deefddbb5db4a66fd6ecafb9fe2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da6b0c4d4357e5294e8f1b08f7cd308d

    SHA1

    48f549f920f6b119f5906aa414b65e04e13ed892

    SHA256

    2b571e7f94accb392efee492d0fd6e86ea86ddc9317b0d3da7d0ba438448569f

    SHA512

    55a283fbf6f9fa91b27e9eea5974401c8543470226a736d8dfadb2290f383d941dd992709f99ee49ed6ea90be5f5e79193756a5a9b7ba376f9e4fe9b39a125c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9324cc6d2220c185d4c245d6bfdf7890

    SHA1

    74b012a0a8209815d5bb9ec4dc0653d7824a479d

    SHA256

    28423b27d67b6cf72d2cb71153d2da03a18b6b30edbcbb370be51ed1466134d9

    SHA512

    a45261fe2be473f0c74210ce79a24a672b8fb4689070c3cf1d529ab8bea5695b1e5ee2a7af9f923de8d7b06498a2325855d787b175e284c6abf3feb52f6d6b70

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc89614e1fe08498e842ad5405bc64a0

    SHA1

    dda031c6c827abb3a0fd3196ce56e978a5ead327

    SHA256

    1faae8b26ac8bffd53c46508b8a3f7cbad5f3987a949213ad99c9bfabab10044

    SHA512

    4548e3fb87c67a39fa9d5274fabbd82354973254395dc00adf6b4559f7defcbf27524a56e7e215efeed0cfc587a7e17217e692cac51233524c1097d701f33a7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    88933f3792c93ba99848fce29b04eb43

    SHA1

    39760665780b311b0e0492437c03f62a379a633f

    SHA256

    f9029ddeb966e680f49ecf198e9befc48f02ebb427e5f6a4c723d816885fef7d

    SHA512

    3421eba29e3aa958a5e3623c7bb23327f3ebefc8e81e6ff2bc0dc00ac1db8de751676512f9f7430af92a959cbdbf94f14b2faabdfdd8af119b10875f0bde57dd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFF87.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFFE8.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\LedBadge\LedBadgeSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2688-11-0x00000000002F0000-0x000000000098D000-memory.dmp

    Filesize

    6.6MB

    Download

  • memory/2688-450-0x0000000000190000-0x00000000001BE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2688-439-0x0000000016BC0000-0x0000000016BC2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2688-20-0x00000000002F0000-0x000000000098D000-memory.dmp

    Filesize

    6.6MB

    Download

  • memory/2764-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2764-17-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2764-16-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2764-15-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2784-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download