Overview

overview

10

Static

static

5

164137e9c7...54.exe

windows7-x64

10

164137e9c7...54.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    119s
  • max time network
    68s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2024, 15:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    164137e9c7a5096e5aa479faf3d53dde1bb25fa811afd4d3476d01d95be50e54.exe

  • Size

    382KB

  • MD5

    4abde9a6c0e63e8b6688e4e90103d015

  • SHA1

    20f8380026eb57f94568f3fc7610a7076f433681

  • SHA256

    164137e9c7a5096e5aa479faf3d53dde1bb25fa811afd4d3476d01d95be50e54

  • SHA512

    3adc3ba7e82ab57fd332f80674376c9ef9ba12d1d2d21da5fdee8bf8ec4d93de1bd38962dad357db24c85f33f1a4054896cd196894a8323a101242161c2f0c1f

  • SSDEEP

    3072:4k59fo2r2f0oJDib8iLws7ngPDwGj9Tf8mrxWxfaDAHVyQ0Po3:4k7o2r2fj2P8sbg8Gj9om1WySVyQ0A3

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\164137e9c7a5096e5aa479faf3d53dde1bb25fa811afd4d3476d01d95be50e54.exe
    "C:\Users\Admin\AppData\Local\Temp\164137e9c7a5096e5aa479faf3d53dde1bb25fa811afd4d3476d01d95be50e54.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2920
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1588
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1588 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2728
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2588
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2784

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f03732b67e81bf73146849348d672192

          SHA1

          2da671a0aefc3348cbe820b73c6af103cb15a684

          SHA256

          c500a21911d1c8f710d0a1acb5d8b6a61d41f398bc322f5325caf33a045f32ad

          SHA512

          8edefb5148a0ea2b345845c2f07dd4d58e8368fe65a3ba21044f97d2d0e2e5dfc8c4114ce41881f6d18efabd89572424e37ab19a15f4f2fc49cc79dda4b57f5e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          deed016ccf9ffea721c4ae327f729e17

          SHA1

          05c23160a33f00297c65b00ed675336c5dcc16aa

          SHA256

          965a33fcbc438a1c467200ee51438f921f527c2e95a5c0b9b376521dbe9546a1

          SHA512

          add0fb49a848185937023db9815690b86e4c1282dfc04bb27375c46e70293fc00aef56f5345887c8e78d72e985c200cd508ef54c0377b71c37ba95b7af936442

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5bf7113c3c0afdb0bd80700e78663fc9

          SHA1

          95c9ff6d880ba3f57a51eb8b98f50e7d12e3e1dc

          SHA256

          b6cf993710ab87c174baa48927a47e7d1ef471fcceb379d51a52b094467e1e54

          SHA512

          919d1e2ab733723a447cf4a6a5874c109b798dcf0ffa6c5dbf24fce6d1d21d5238662d5709a417a33a1aa8bfd5d358a538caac70653ef559dc72aafce920da60

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          70ed0c3f7ea8637366e6d2f5828fcabc

          SHA1

          d6ffe9652e0f70e1a01cf34e07ac0e082a74c773

          SHA256

          f2c2aea66e19de14eefb697d8af52e283a473bb61135cc814a4d7e19b8bbf029

          SHA512

          bb3a164cd03443938cb4d8e101ea0b483c02e70324b24679ec08e79ee691d0c536dd3950bd7356ccff18c1799536d76a2120303c02e6210b82b35cd4de4a974d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4b599729d25e790bef2504abdb2c25d3

          SHA1

          0fb727a8189d861318fe0ad7ad8aad208362071a

          SHA256

          b339bd31569e196bda8bebd2ffcb44bdedd058863d37c141277b5504cfbf1bb9

          SHA512

          15fdf4f85722ce8ed8a462c606377bae9157f872eab6a2f00ada880f2451952bab42d04dcb53baa610e02c4db302e704c96c09fc61f5485feb51dabda1020da1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4741f283dd0f4b4915fdf42a3525468e

          SHA1

          d8c4e7f1227b37d35de9a7ce610729d1cd834d88

          SHA256

          1e7a5b6c16fd3dd698672c91e86e1071a1ca9e1217619e3b52176e13fc62b7d6

          SHA512

          a6a9bdc19d2bbfd0ced0a7e18a96f9ae355c72e9b9354ee3d9a1bd894fcd5f31080c1f1dfe6b02218a37980a7346553afa2e76bd4c12a49c3fad64f6edfaa847

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          30ca26dc9141fcafaca46427b147e403

          SHA1

          a04920a0a553c7ae48fe643fdeb10e45b289dfde

          SHA256

          201b6476161144e048a50c11cd60d91ea1e91ffb32657b2cd5c054c669062fe8

          SHA512

          78a3a72023f0e4b5e6968cb7029ce9a5f8eb56516189873a77f6395725ac73960132a5b1be84cff07862378841d5405802e0f0daceb3f86d176d89403d70b482

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5eaf4887005b1f3dfb490f320fa63eec

          SHA1

          f8a3f7a725ab2a5c36056080db45e4cae6a969c3

          SHA256

          bbcd2663ef7e7e918e98f3ca9f4a713d35ed688ddfa4cbcda6b71fecc68f4783

          SHA512

          9c1c15a405c1bcd3a0fbaaba12f94d14d83a1c99d1804445b83f854b4fd8c52d2e8aa128844e29f8baa01169213feb08ac9257fa5b21e33887d8f1a509073bdb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bf4664c0064ae4f549a753f2730631f8

          SHA1

          14bbe41780265846629b2af73358eeb942a26e32

          SHA256

          6c04a48c2f15fe800c963c1f9b05464842d2c216024aee5d263024b305e76c43

          SHA512

          3fb9de465993578477b22282cc65d37a909e496b986634b18e8525d2470ac092ccba399d3c5231e4ab729491d32ccd33c5d308c88e2ff5f79ad6f8236cd4db7d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ca083e57112286eb1ab4e1d827e2cc3c

          SHA1

          aa9906b894708456348071613796b0128b1f2ff3

          SHA256

          8f544ea27e3ddfa5604b7d35cee85d6ae4a7a5095d5a9b80929e7d295d0ba50a

          SHA512

          7bef0d78d1170de3447318d493f05ff451db81876d559d2971cdf5f10375209cbf85559d7d441fc925be1e924d858becd9ff6d4a12786061506487738ff0e361

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          dc6fd2580de1f8d6bdd557715b0182a5

          SHA1

          9cf0a4338243a4ebb56d43c12f82fa2ad6be891d

          SHA256

          b6cd4e2d8c86a8f07439cfead9269ad13464ad0c5bfe15470e96cc24027eeee8

          SHA512

          7b40c0f9ee81260a292adfe54356f5c575827e10b32599c4211f441b722704bac3bec9976ad44c3c66a9ef08d4634153d97c2ea4ad95b7f874b3acb9594c85e3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d485cc3687630417412d5f1fca1f9a67

          SHA1

          d7a9df89d3fafaeee50dfdbfe20ba31c43754f89

          SHA256

          86ce4942286dcff0ab21cb1a5a8573c778add61c67d1f7ac17064f3d72126e31

          SHA512

          f756e9da014b20a36153236354f0c7b493dde173ad8a39daaacb89cebbfdb4526fc97df65739ca318bc63314756442ab19627ff3c7b0b4fe204325ae9e873738

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9bf58268a9e957fed05c765993ad98c9

          SHA1

          eb97f310166f9de76fa38048ea08e8c4d4b48b04

          SHA256

          1650a9e1c5acf14b9bfa8e940a6ae0d0618ddcb87952b713a91ae3148a8abba7

          SHA512

          7fbdb033139e1feecad55ecf39c3244861eea0a2f476a5983f974b3fb1ea285dc5a07df5ff42ceccf6171d8f605999539f159ac732f8f83e8c8880b6d27584bd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          acd755e022bfe6fbdd9c0693a3f8ba81

          SHA1

          c939ce04ff7a8004da1e574dbf0684f75281f02c

          SHA256

          f3af02639003c26bc50a18ec46cfbe180cb902623a27b633b05942e60b97f6d1

          SHA512

          9a34a9d6674638d28fff7abbc2b29de197a6e8647d3a029055337ca811413934c37976f7f734cfe0e970cb67eff4cb94cef93dbab456ed207f6e909d374a7608

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b072b850f6f54b9e1f36ec9bf97e0876

          SHA1

          85e18084c6794ddcaa5a179429f4e30b52ca8c61

          SHA256

          e491f71a01986ffabbf0f2e54a6d9123a707ab2c189b49052b81e5bcfbb90346

          SHA512

          fe7b90377ec0dcc4004a05f10e21b2ffc6e3a3ad4758fbd52e6fd7d707697f42c54332912726c1f93a19da4d6f9624e4920ad4945d8a11d9654348819aed6de6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8bf10b67a9045e395a0f7a7e34e68a0d

          SHA1

          653b5c486981cc1d758becd90bf463779604d125

          SHA256

          39e66c70f8c53524d0de89607889c4f30ca2b73c6ad7f7d38deae7fc3c85fa84

          SHA512

          ab379d5c7399ac7e9de11a4c044f38c84a966fbc823928e48aa4aff05bf21f93f689fb26d748dee09e2eaa2c262d08582bd9ad3aec69dda22d080f0bfcaf0867

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e87635fd5520af335a502dafce4319a9

          SHA1

          6fefc0354f16c9366633b95f0c405d4dd937525c

          SHA256

          e5a3219befd54b852765d257177a38769e39ae44d1a3fdfb65d868d1f6dbb919

          SHA512

          f95620bd3c41eabc6d781c8ce8cac33951b928d277c043eb643b0d0c1aa62215adefb81012d126286dd3a6b59cd3b73cc1c55409c13d3b9fbbc8c9f3bccfa29a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5532eb57ce4c8b98ef6e7ae94f6dfab6

          SHA1

          1668fe73acc23098f546f692774b5975f674a55e

          SHA256

          b8475146ad7a96204fd49a809db1f53e0850f85943cb58b97aa8e7ea33524201

          SHA512

          5bc3d513e36ebf550eeca09535b0072714a9571591e59c54a1c085e0c64cf4f2adf326a644cf2558711a30632e8fbdca46d7959b2afbc2008a587bc4d21e0016

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1D29C0D1-C3A0-11EF-B30A-EAF82BEC9AF0}.dat
          Filesize

          3KB

          MD5

          1c4546b635b70858c2ead35bddd6d1ad

          SHA1

          74187a1ca217e577a24abd362a2ce1e43783201b

          SHA256

          b1c26cdc18ecd466f6302f18bba0651bb7db7e6ee968cd3cb08281f5e6a0fb2a

          SHA512

          47ea17a28fd1e5c622fcc9bdf756f8fb0022ba676ce10027650726c98e3b4d98d7d708f323a81ecacc852927863120be3ec502e42667ebaed2ffb6bebcfabd38

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1D2C9761-C3A0-11EF-B30A-EAF82BEC9AF0}.dat
          Filesize

          5KB

          MD5

          e32ecc9024efc50960153c0c9e93ba73

          SHA1

          0873d17a97858656b01a2928ee71d7374f12d312

          SHA256

          ee7e5a6ca09b8228e83eaf049aa53807801d9374aab224fed56a0d6eacdcce27

          SHA512

          9768736652e57d0c6e6c73dfcaeff399a3d44bef56fbad1b52e08e43a8c6d75550288d0f2625e8648343dca943480e7e668918f5ce08f5aff2feec984e56f4f9

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab6B61.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar6C31.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/2920-2-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/2920-1-0x00000000001B0000-0x00000000001B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2920-0-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/2920-4-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/2920-3-0x00000000003E0000-0x00000000003E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2920-5-0x00000000003F0000-0x00000000003F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2920-6-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download

        • memory/2920-9-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

          Download