Overview

overview

10

Static

static

3

2025-01-09...it.exe

windows7-x64

10

2025-01-09...it.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09-01-2025 10:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-09_ccb9978edf3b36a12999895f72400491_bkransomware_ramnit.exe

  • Size

    4.2MB

  • MD5

    ccb9978edf3b36a12999895f72400491

  • SHA1

    15b5371c6908a845bf7a20ae3b29821892e9bf49

  • SHA256

    fa4fd395f37da0940f08d5966ba6e3af1c570985d91f6cd93018a04452d9fdc8

  • SHA512

    90b746fcb2b06e2fa0c48a76713d17ce98379153883997294d96a2d36c484614ca0329d89836ea9dc54154e34ede3a8f81c0fd7493c814e15795109769ed0878

  • SSDEEP

    98304:LBBIoHkSDVaAYwohLvhTyYfECLacrR4LVos4KBNfzmh19mvgX6JcdCkoLcvTPruS:hHkSubTNac94LVos4KBNfzmh19mvgX6D

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies registry class 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-09_ccb9978edf3b36a12999895f72400491_bkransomware_ramnit.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-09_ccb9978edf3b36a12999895f72400491_bkransomware_ramnit.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:764
    • C:\Users\Admin\AppData\Local\Temp\2025-01-09_ccb9978edf3b36a12999895f72400491_bkransomware_ramnitSrv.exe
      C:\Users\Admin\AppData\Local\Temp\2025-01-09_ccb9978edf3b36a12999895f72400491_bkransomware_ramnitSrv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2336
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2468
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:936
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:936 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    31a78413f7280c597bd6cff654309066

    SHA1

    10743e5aafca966d68978c2594ef5d8d04873884

    SHA256

    a43e338c9f9dc5741f35befd666aea16fede06f5487408c9bebd02f2010d5396

    SHA512

    bab545b927db6fa692e7de1b74f5cca1fde9818be27378b40865901a44ddf964fc3c2d4f94ec2b79dc3ce42845385c911ccf16c2a7a6c3f7eaed163dd23cf360

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8062f35318137d5dbd2b6f67544e4de7

    SHA1

    6299b47476920a231f35e018aa7187d4207b4eaa

    SHA256

    98b813dcc6fea24511e135657eabe88b4ad770fa6e480860687a57a2a02d03e2

    SHA512

    787f678ce5674da0881bb1571b1de4fad5f57e186703a186aa8b3dabb83e8f89ab7676689ab32c3109419535cc59ffd69908b0ec60c3acf3f4507bb70daade0b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0ae5f5528a34e926f72acf2ee24aedc

    SHA1

    a0f985a25888216bc67f48b1e817efa2cb16264c

    SHA256

    c787531d40d7668c4322eb35544bbf97464ecb986e1350c1d6708fed7b6fd692

    SHA512

    35a2f9f0f63f8431864b671924331e03fff999c34975819400b20acd080c01db8c8f471eca080e4a81bb33f12d1f6ec4578580adad08153666f71b62e6bd61a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7695fd1f21359aca39c975f11ad4e93d

    SHA1

    ad169799d960ab11324666209ce5866d3ed065ea

    SHA256

    c3617ae97e4393f8efc6b94d0a452e6e5972ea7fd526b7b25b04be94a3bc0a43

    SHA512

    4386c803d6c1b043769c430587a651917823e4b977be7a4640dc558421672dad6b494e69e28fd6415dacb55b0279a975a16f3bb91ecef2cae4842fd45c0acbfd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dba0d6247dde3410a6312074b514dab6

    SHA1

    e3059fe95c82c5330cca8e1a985a2bb0720f69d3

    SHA256

    f668de570766e74859efad1636427f323c1edbb0b1659ffdf651fb3a3c8bcd5a

    SHA512

    d998fb1904508211404f400e371fbe2438c1213e89a949b2c0ff8d038a72e77c6a8417a510ad379b0399bff4d6a5dd1a131f28047f2f23304dbf5e21d8b0c48e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f4ee3c307171904b2bde56a888c8cc3a

    SHA1

    dcf299e941f3d074e976a3b2ffa684c5da2cf494

    SHA256

    574330805178588f7370787815709f82b9946e69d0ae6f9aa3ee86795b0d2d1a

    SHA512

    71f878c3f1202ee808c578079dd27e80ae6de6d96e0a5abf08c59b55eb4beb529f90521396643e84b33b88244de103590b082972af3835bf254e1f453a8fc798

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fec693080aea33ab49737d7537ccea45

    SHA1

    7917ae1e7c50357aaf30fa4fb6a4cee6f7261d87

    SHA256

    d77e217f134e907b9b7e2f5c2c1e9c3bf7636c32289c529cf2e278e67ed307f6

    SHA512

    21ae7639e52f529ec1a84be68c57175a3aa53c0bac65242979b882d44a4b3e3c12da9c0866dfa50aa342d3f7641511df9d1baaf6eb510256aeef37116adae73b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a08487295a4832a5eb8e1f4e100a3d5d

    SHA1

    8a20153ce6efe77998ba4ae791aee41062e559c1

    SHA256

    3dac4cdf8efb98e4f60fd0e3e233d59358a620b9364585918c1372ad2f0c594e

    SHA512

    59a6056ddb20b8b1cd0e250e962904b869c360efd602b0aed309b73e7eb2b9222e9849596842fd176fb6e3809447c4c591bf1689deb6b7fb16121bd223fbeca8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad8472a70a78cb2dd86b5cba48b494c4

    SHA1

    cf2c89de22c129907e267ffbdc16ced832a9bc51

    SHA256

    3e198c3c02d1418a30d90012628b9bebeb414b608eb112eb7c589d72ee586e75

    SHA512

    72426efcae954db515d8b66da1db6818dd40fa9bb1d62b65cc317fc935bbde03453a8a1298bca3edddf7749d246b8553775484903af7499ed60557312bddea01

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0fa854427a465ec56f49ed8227bed948

    SHA1

    95206791dab18be41958d77e0734a1ffaf47437c

    SHA256

    682632a00792fd034d7958140256e5e9bdd14f5856ed4a7e5f47c87f3a0b6b76

    SHA512

    43b3d4425548f591cf6d1b989dc592300d00e384a856f34c60a6a523262a66c70af803a06f8afe4b0fa30df7f878d6900df3797f61b6f8a01c560570c7eb3a4f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2ae10bf0f4f2fb327629b8714c94085b

    SHA1

    07fb9eefb0833a4e4be4d5112e5879baa74bfa90

    SHA256

    5a63b1b0a0b73c8891fd9fdbf79fc33f85195833fd519e18e8d0d5692b198138

    SHA512

    1a5225d121016df5641319bf24f05162894d2a04a21b652775e1da3ae10c9ee569c525aa8c369775323e61a761cf1a60004fd76d6030bfd51de3fd7628ce15cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    55f780ddf36ec5131342991f9ad99dfd

    SHA1

    96958db3dee7963a7aa6d983b879562bc83b9358

    SHA256

    1e2f7f1fabdef37add5cede8748339c0339485e04f7b1a13dd16109e8ee593b3

    SHA512

    6bdc2af9f56c15b9de79e429f36cdf5129c00c5fe4bfa221d96b308a7f92ec2b537d044c7f93ca0cbe3b43c765ad28d497bbc04c6bc80f559dad1dcf57765406

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b119bc1136ea1e74137c98c5536c78d0

    SHA1

    e61b4faff04676e234aeff4b74bd9c6768d3730d

    SHA256

    d885cc05309ca72ee280307f94424816deb5e132c2f430e99384cabab75739ed

    SHA512

    740ea8cae10e0c107b0028119a46cc3fde4587fe204d98e744ced1667a93042a8436c784374d197b7c44620be94c6cddd618ea456deb65e1bf1c1266801b93d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    76596040ae16cade8fb832ccb9599e0c

    SHA1

    7b5221eaea32540b4602e1c1bb6737981df5012e

    SHA256

    87a929b807d07e0312ae7994a64bfe1ee014e8f637da96b4cdcea6b09d8c4dce

    SHA512

    6d152bbf97439444217d772c1fdf0928cc99ebd68f8fe8c3b8dab2aa5cf0287c1c62f6d55c336d3f573807a012a67be77516c5bfb8d665b90eb687e933470be8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a45c4fa30ca592b8ab9cc6261ce83af

    SHA1

    9a0b7e62ad7044498e04009a347a2b9a552bf3c3

    SHA256

    811ab6ed3594c1447d61407488b825610bcb8f6df7f35a5beceb11a16c4ff940

    SHA512

    df2c39db98ba5c61ec90381bae5f6107add545276ba60bebafd2bc92a8fadb37f7d0939e0959a52f7d6bffabe1083a2bc920def768c665f9322cd6b3047a70f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    273ae851f3c5112bc9a299b5ebf2628a

    SHA1

    d7bbaf2f3cae012605017681112f77e93555dff7

    SHA256

    3fbf70e596d78ec01de1e7c5f1db0d9a9fe8fca298ae9e14dbccc3c7343faf94

    SHA512

    3424cd6287c0cc6b204ac2e109248dd354ec8f4e62355814ead79f6d21426f47272f7175ffa8f183f99e0dcd625f5cb6a6d067b7414622ac34f53cb19226b33f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2e2ac7c1a1a38aeaa669a00bb3785a5

    SHA1

    0947c4bd99501b2a3257282dd1dd4699beb1f598

    SHA256

    2f2b0f0454f82b58921e85cd626ce0096fe509804cc997bcba5a9040feec989a

    SHA512

    5c4c93b45a6aab3597d9a81641d788909fdc8a852e11a8a5447bb22aff0cc34b76e036fcf86bceb87f6adc795d3747e7c69db3481a7cf1d6f626714c5f37ff59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f2612e860e8bd2571b6057438cb26f0d

    SHA1

    9742c10f22f0ed7aed4a919b1b017523be9b6781

    SHA256

    eb5709b8eaa8368f3fcad65a322b1c60f5cf914365c7687e11a72e2f0d1c518c

    SHA512

    460ada82c100fc43b3dd57670ad40a957e1b275436aa1164dfecb3dfda399c9b7823f1a17df3e0b784ee3f81a702a06482508631bc7e73e850f68fc8085b9c8c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8097de9f5600e1dd12ae4c7a5790212

    SHA1

    0dcf63257c5e6998ef7ee2d137f2acedb498a545

    SHA256

    7864db497e91f7edfadac7889a9813053249a13d70bf3a5c5e7f24157fa014e7

    SHA512

    dd2a1c25c6e9e44c2afffa4500400077ad689788a2996604b8d7280dd56215d600063a498c4083ec1dcfa3e95d0c163789b1acab9abf92a3d46c872141baf28a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF385.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF444.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2025-01-09_ccb9978edf3b36a12999895f72400491_bkransomware_ramnitSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/764-20-0x0000000000910000-0x0000000000D5F000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/764-5-0x0000000000910000-0x0000000000D5F000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/764-453-0x00000000068B0000-0x00000000068B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/764-450-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/764-19-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/764-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2336-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2468-14-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2468-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2468-16-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download