Overview

overview

10

Static

static

3

0427934b4f...ed.exe

windows7-x64

10

0427934b4f...ed.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    08-01-2025 10:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0427934b4fcbfcc503167c7f6710a1842bed0a31a599905edc86e2dc6ca5bced.exe

  • Size

    178KB

  • MD5

    fbb75cf022a3f9a7191e1e75594c047c

  • SHA1

    0321d46b7688c3901e01b62c3350651a9780cfd4

  • SHA256

    0427934b4fcbfcc503167c7f6710a1842bed0a31a599905edc86e2dc6ca5bced

  • SHA512

    7efc89a207926da52348e6236628f255554627cb1f849b4857322bfdf3a7a5591264de027fa89069d9cd38e4f2d5c23c652ef3cadfd23ceb91e3302f97a9d3de

  • SSDEEP

    3072:akAwOzhjdRmSZiAqFbrnp+KsYGngdyec886Vw7ZcpjX8od+Sv3JyXOZdQwRJkR:+w8h/7PCkKsYGgd6667YjDPZRc

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0427934b4fcbfcc503167c7f6710a1842bed0a31a599905edc86e2dc6ca5bced.exe
    "C:\Users\Admin\AppData\Local\Temp\0427934b4fcbfcc503167c7f6710a1842bed0a31a599905edc86e2dc6ca5bced.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2272
    • C:\Users\Admin\AppData\Local\Temp\0427934b4fcbfcc503167c7f6710a1842bed0a31a599905edc86e2dc6ca5bcedmgr.exe
      C:\Users\Admin\AppData\Local\Temp\0427934b4fcbfcc503167c7f6710a1842bed0a31a599905edc86e2dc6ca5bcedmgr.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:2316
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2900
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2836
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2852
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3048

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9bd1c371f2191f896d81fc64d35ee6e

    SHA1

    acbe886f94712ded7843da2312d75797eb1b7173

    SHA256

    e17ef8d3cb69a127d50fe2cc8f416bdea4fe1502850d572eaa5bc7f2ecd8bdbf

    SHA512

    2513ac797586a60e14c8c34d5486fe6ef4d506899b98ed46bff225c5b0f709e6928ed400ee082e8fddb086873f6cba3a00545dab86e0812513532410e8a809b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    acaa3863264a478eb7aeb8c6170b2312

    SHA1

    3e044dca92d385f42987d0c8b599e781c6ae34a3

    SHA256

    4c22a1ad2fe224d7100aa471bbb6c10201fbf3edc242a0504c109df94d6a6df3

    SHA512

    93c31839a490ae808d2b068a927a15d3524cb2794e66b358f37ae0b53cf24649f31056e7bb7b4a979d5532ee6118fb4203eb9006527595d025cde10212d9f449

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b980c222d10271b1a27b54124aafefed

    SHA1

    a60ce3d150454c8bfa8853e9d2ce9a9b04ec2c3d

    SHA256

    cc27a9aad8c50db8e68fa9f0341f9455324b9fe13d8aa14881fe8416475f3fee

    SHA512

    434c57bc6d6d3fd1c98f3e637de1b59a630b07fc005a08f73e853a19d57b9bbab03b8e94408cef31fdba73664cba1467adb7c3686bcd10af66487798f3f61062

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    59577957adec185becc3eb3e9df54f9d

    SHA1

    b1860d7543accff21e9b8e89bac9f659e40deb09

    SHA256

    e0725b6b749a31e257ee0bf07750751940c176cbea9baae79b42468b8f83f48a

    SHA512

    27c392db8580b372f6554f748c0bfefeb254afceeaf97901e8035a3da7eefbffd3bbccb7e84d77d805deb39bad3e407ace6ff712dc59608fde5ca33418946875

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    64920335da2fd66a6f539cf5c7641cf6

    SHA1

    c9f467ec562773ea586df78201cd3e8e52a4ba39

    SHA256

    70e323982fc2e97ff6623065756dd57d3df4a615e94a8e86718c61866d144e3e

    SHA512

    962aaa5a19abbc1dd419d143c4559e93cc4120a8300896232e1874a06a7334581ddf528e818a5d24704d8aa784692bf18fae17f8b1e335b36d3a7b0bafb6febd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d14b1716e570264fdace46ecdcd583cf

    SHA1

    82fab6b0de101135cef96764ab4e9b2c454f172e

    SHA256

    769dbce6500a439ba7dbf90224acc82b48e8a049e1692d197e6112c74eec7b40

    SHA512

    b782d0514d4891b9b926ce68e3b043ad0633e6f17f0a2a9ae3c9618b0ed971ed6ccd40a06175d6156f58789f1c096a08c3521b06decb2fe398824c8db3c0e30b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ac6b7283bcbc85e1020bd1fd4b8d89a5

    SHA1

    6799cd5cded00cf4ae734f762907d520517dbaa4

    SHA256

    b42c0d99d3d7e9d480b825a64604313f78651cff3a44e1bf39e013e36ddb2d1c

    SHA512

    8d169b517ba597f7b2db49459d878646f3fc74815817cfd344f106faf1c12aedb09bba84bcd5e72d77bc451475a52a97e4a50fdef8bddec12cb3a61162033109

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b534eadb7df820da7904c61f910d0c39

    SHA1

    50053e26f36b93dafd0533748ec4e616333d4452

    SHA256

    a043e72b3b0707b0106e541e774538561d060cefbc8b670f676528e1cf80394c

    SHA512

    e61d5e48868b0c6f0010eddedaa8a9308d447e57c88288c1847574a53546c6400c69d0d19ab27884a404732830c320542177c1f4dbc4dc60023cb1591dc9625e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    925d573b7411eb03357844db3e18e175

    SHA1

    21095d1c7c70bad5a1076e7d5e1c80f0cbc9eec1

    SHA256

    bbdd83a858c0eefcfb80822ed46e01a80d292e8505746be35bcf271c12d0c9b5

    SHA512

    134824944047642b53f9aa9bca96fcb8324579f0163328de117215398ab3087c1e3d3b29b6c8071776d5e794e8c7fa48c0539c42518a43080a221dee34da487f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    994c6f332d041f38f2a265ce749b3a96

    SHA1

    567bdf3deee134f3a117f6c072bbe66fccb91d27

    SHA256

    23e68efe138b7e213dae018e008f51c961c94c8b0a2b6a888f1ab4681927d35d

    SHA512

    90d5a50bb96bcc954a733427ba20b18c4d4a0ff314e2b40c4242796200e16981d097e343b031ca1b8fe5c568581b04b742f5de6863ae73bca62de31d3cf60d92

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    977c86a404111714b170c1dd2b34d329

    SHA1

    7c346b0c423cc7bb1b3159ba3e138599d5567b64

    SHA256

    06438ccf5841a052541ed6bbde2ed1a893ca1f33a7aab987efd1fbb7abcef19d

    SHA512

    8f0ce7e20d728512e2171e53a80ba7805992abb2c26616b064f1d8332ea51465f7a7044cc15f96ad9a5d21eb4bcd56ac48e5b4a5521278e968235fb90275b7ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    42c4dab72e653d47e62a2d0b61c5f641

    SHA1

    38fe402d0400d7ac091ddf60bc151b34c3befabf

    SHA256

    9f5ca05c12123413291d47eaa9537a49f36a9c4b976317ae69c5c213dcaafc29

    SHA512

    7a5d2b1f8e1fad860914bbd0d8d2ebe049838f3e309b62979fa1c64172fbd4ab8df1ddad64bc090793987d47baf802e93cd110ca358cf203d611d4cf47169eeb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    54d946ea01e200121c00aecabf15f8db

    SHA1

    09124187174c96aef911fa94b6667249072add5f

    SHA256

    bbcfbf439f94b665770442291cf55862a06f80e1f4a0a256efa2c2f884af0340

    SHA512

    bf12dd97c40a8f34547a845332e90959bf06c5e6bb9caf200dcfcaacbef9e0f88d9172d0378f35edf13f028970e85eff0165275744d892a01f0369921d635097

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ac951eb2928b411cd9feea7860f295fa

    SHA1

    bf69b78c30e17a65f6ed8cf65cfdc0b782e40f3e

    SHA256

    a26a2c8473eaff1b94e0cd4ff77414c206b575e0fdc2616d44b448a6b1002127

    SHA512

    6b531b06783d3c368e1a2b74be8e2711ca1a93a2bfb66dfd1ebd5641d0730b531354fa097c630fb8eea8ea20dfb24fb9ab84edd928166be19f8d974be0a7844c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B272F2C1-CDAE-11EF-B731-7AB1E9B3C7DC}.dat
    Filesize

    5KB

    MD5

    7e0761ca573e9ff47af82219e28fad1d

    SHA1

    6906f5ad275215626ad39f8f524a7cba16d3d162

    SHA256

    2aea4ab394b5fe3624173d50fa2a15d271074c7ce4f6e5ac345eb177f15b08a5

    SHA512

    77547577d184843be43b4a72f634419f5910308e0ce383b110ba6ca610769b0aad85a9738fbf39c9eeb9d7206327fbc4b8155d85ba15b3c143f02712ea38f179

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab399A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3A48.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\0427934b4fcbfcc503167c7f6710a1842bed0a31a599905edc86e2dc6ca5bcedmgr.exe
    Filesize

    88KB

    MD5

    a61ea5f2325332c52bff5bce3d161336

    SHA1

    3a883b8241f5f2efaa76367240db800d78a0209c

    SHA256

    e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

    SHA512

    fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

    Download Submit

  • memory/2272-18-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2272-20-0x0000000000190000-0x0000000000191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-13-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2272-14-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2272-15-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2272-9-0x00000000002B0000-0x00000000002D0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2272-19-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2272-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2272-21-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2272-24-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2272-22-0x0000000077ADF000-0x0000000077AE0000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-17-0x00000000002D0000-0x00000000002D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-10-0x00000000002B0000-0x00000000002D0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2272-1-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2316-11-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download