Overview

overview

10

Static

static

3

f77d4c746b...32.exe

windows7-x64

10

f77d4c746b...32.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10-01-2025 06:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f77d4c746b2ead678c86307ab9272707eb9cdf13fea2901fa33aaf218e969b32.exe

  • Size

    312KB

  • MD5

    8375807672405be267583a7d697dbe49

  • SHA1

    5d688c412dedb64fab2ff87fbd7a90443471bd53

  • SHA256

    f77d4c746b2ead678c86307ab9272707eb9cdf13fea2901fa33aaf218e969b32

  • SHA512

    758e8b43859b15807c9da941154264f8cebbc093fc1cc7444e994b3a8aa099a036b74d15ee6efa4a363451f9f13bbdf5ce5a731381ca7055ed4b0d3c890d9754

  • SSDEEP

    6144:vlt76kgZTzCHk02rbeodnXLqHrtn/RtoRm9zImsIVS95oFBf8dYdyQ:H76RTzI2rRdnXLqhn/RtJ3BkCUQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f77d4c746b2ead678c86307ab9272707eb9cdf13fea2901fa33aaf218e969b32.exe
    "C:\Users\Admin\AppData\Local\Temp\f77d4c746b2ead678c86307ab9272707eb9cdf13fea2901fa33aaf218e969b32.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2464
    • C:\Users\Admin\AppData\Local\Temp\f77d4c746b2ead678c86307ab9272707eb9cdf13fea2901fa33aaf218e969b32Srv.exe
      C:\Users\Admin\AppData\Local\Temp\f77d4c746b2ead678c86307ab9272707eb9cdf13fea2901fa33aaf218e969b32Srv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2324
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1608
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2156
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2792
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 264
      2⤵
      • Program crash
      PID:2580

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b2de3c803d955619cbd78dad18c5808

    SHA1

    9e969870dcd71bda330585173054aad6838e6a73

    SHA256

    735b5714c32b950179a7d76c58eef5aac1aaee479fad411e9b758eff7e5ef969

    SHA512

    bfa3b4918ca6308cca5dfe01f277da33b2a44234180eb9d264af1b8f5483c52a40cd71adede90d09e33b885327fa335ea49fcb8666550f840c96d5bc30026f79

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6f23be16f3d23eb1f41dc264fcf7247

    SHA1

    e4cc1dfed2b83ece9075fe0efa675f5548705664

    SHA256

    19b949cb90fc0ab72ed7f2a36496a0f905caa2377c897003b646afb563462d87

    SHA512

    098fa0a843ca12c1bd85b4db21ad48930acf50615cdfabf88dd5dc8ea1a28c2bab16d971012b3c585bef6e0f0cbdc5d75beb7a5dbd5105be5793fd08c4eb721b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f5d0a1b7d459f09ce1c16faf82bcd87d

    SHA1

    b4bc04388ee69581462028a0c0d5b002725bc578

    SHA256

    332bc2f814df3c5622217e2e5ce9699f5317c0a5108ecc6cb6e66e849e9c787f

    SHA512

    b4f3c8613476bf21da45ef916465e6d15c9b9a53449ae01be7a70c2304ea6248da12e4b9ef1baba5f06ba8f1857e50b43f553afe297870c2237415f0bd562975

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9bb3f336dfe33715a44d32f51a2bfe4

    SHA1

    32f0d19b230144b121ebdc66caa7335ff342f26b

    SHA256

    c17ccd4af8ef17ceec05f3c40fe5e32d11fa5ddaac1afa335dffe4aea689b2d2

    SHA512

    7368673ea83210738c6764ddf295120dfb48f00e7c9637b4d0ae1477d114a8f0c5115bad5995764e09d390d2e331ca9bcc395bac10c61744cf148ed1ab3f92f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aa2c40dd63c6be66c11a7ab9f82f4c63

    SHA1

    d9a07fbad77345319576e2cc34a4dfab35eccb5e

    SHA256

    15206d15f911fb9670532474a92064d3543b8743bc8e27e8ef4f9b9018144239

    SHA512

    6072ec2991cf915af5db35895611fe6975cb0abeb1023dd0f7a10be04014cae18c8d0e41defde83e395f1c403f00d3f9ab9b0ecc0daa08a45491bfdd9731a8ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9f9c17c34513c1e25b431e1f6f51b63

    SHA1

    fc1db4f91e286ce0a99a4d9d9581d75d8ac8019b

    SHA256

    232c41892c0b1862322b5e059e862167cc64c59dd51dafb8e87c94b60c47b275

    SHA512

    7f606ce70c47601d2b18fda7bcd4a1922222e06f961c94590cd1fec7c1aaec2d1959d3a5996decf2a3722576eebcb16e7ce07cb4212673a54ed3e97a8caf4668

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    90a6ffbfb7079d027b972825b5a8ce6b

    SHA1

    f8a8a1abbf22f5a708f04da1b1d7d06f2ff1d923

    SHA256

    220c46f49376934f7e7f6bcf21d2bd34bf4a7028aa6ecca3b4035ead94004abc

    SHA512

    a4e7d4c22be1b6f56b0a14915388960ca812e4f296693fccde64e027ddda3bc2c2cfe3a45a70c5c10abbb94866f18073b2a03c6b1257a6d536022a3183ebc07a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ccba7c8a6aebef6de5dff2aa24186ee7

    SHA1

    5f229b3d23eaba7d2280a7a84980772740a89fd3

    SHA256

    7cabd65b48de999e8f77230d3401f5e5c717c0b0022e58aa7298f53339f8bf94

    SHA512

    29d16d6471261120388ed7dd382ec161b9b9549c6ddd96d41a85bb482da47a0dd1a057dceb221cd4f713c376e8ba7ab63d979a3497ae37911d8745fc81e6f1b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b62c364ba46e8671c08738309d15765

    SHA1

    0f8286575a23164cdabcfcf0729f2d966a516c26

    SHA256

    b7340695897141020db424aee4cdaa3df9b535a8f9d48628472e4ce6889ccd2b

    SHA512

    2cdb269846adca7a5cb27af972cdb1bcd60167245396b952bf9040677037c7db459955d6cfaaec5aa64742ab5f5a74600fc94652049582c370ea4569c5a8a9c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    426d2f1b02794f4b8151035b9f031264

    SHA1

    007d98c2798bdbe4b4914ec697287cfb0872bbe0

    SHA256

    148d355a56b06426b0d92e482816d30e5a35eb237a18bd9df289f7bc8fe55236

    SHA512

    aa645a0148d32e401d7f13c806c79a9e930e57094a621c380af8517dce42458b7704e49c98427c7e26ed90250e88d660bebb146ab224cb067deaaca60208f2e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    75f73b3a0e8ba7db6e04e2de5c5c52a2

    SHA1

    c147644a4c9e8795b3a0d5933d44ddc5281a46aa

    SHA256

    a2000d8f524052dff8435d5a676644055c35c0f3e1a20eb57eb7b0dd5660119c

    SHA512

    5e34842b6a46fe871f831e2004e0ea9094c54f8ab2aecabbdb55cb781e1b0ca68fa1132b7ab7eb03c99a2047e455595252b0c92ea41fc26780830414a5f69c9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    41b9f966e5eedfe43e566f600950d18f

    SHA1

    79e096ab3b00cf745098cb1d128212712b1687c2

    SHA256

    19c8d8859d5625f058c45ad3149a5e4ddaffe13b50606deac4f0ec578c00794b

    SHA512

    320ea0f03490118684401346ef0688a94a151666eb9a2f84a83aea7e3326498e40433fb606e68a5248d1e09f582f535ebbc87722a41333c0206a74bb0ab88c89

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4d9a637efaad701e416696ac4c8ecdbc

    SHA1

    22e327d6b19e9b0ce5b4d2d39465ce8438f156bc

    SHA256

    50588473345dd5ce9dbbc98b0a5929804e30a64663a5bbd042d69438507b32c8

    SHA512

    cf661ffa945fc51868e95b33b2bf3e8b8cfc15ae0cc093933a9a687d33ca17fc5e7342a00d43b13603727ff870607e866c0f14088f9801e540fcac5980ec59c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fcac836261d002f280ce3cb6fed32116

    SHA1

    6955aa2a9fd33dc56a659728570ef8302c98852d

    SHA256

    4953f1f8b921bdd7ab96857be755dc6f28a326eb52fadd686d0ff280b832927b

    SHA512

    4430a5f1dbda1eb43e344d910680eb6e0b78e20cb0d71165a34771e5a0a8df3f32b596ff2eb8b4880cf52a6d271bf01cb41b525fd5e437a3ba96b2760bfafc4d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    89206cf9f84572e61530deb1350d99b5

    SHA1

    bb914009de1982febeaab2d5dd004aeeb3f40897

    SHA256

    2895c3ddb697e90eb9428393094fafb81ba98592bfb97bca46095ae3d5c6783f

    SHA512

    8fa9c552703069ef32e453e956c3a5d9f8929704eb5f988df35b85281ae1ebb349ea4a3ee8f57b694d961ed753f7f63ec73846ccac1d6adc27085080e091e866

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    621e6b4257307305ed77f82946aada9c

    SHA1

    f2cc03ea08fecacddc55fa13a685749f77410cea

    SHA256

    b64899acda8a5b24ee81799f6de9ef1c0e0b432e1cd55e987161a74b9c9f1f35

    SHA512

    3c8498131d955ad51366960c2eeef0058035052f01098baa44cbd4e5b9d7a2b18bb9f7bf65d8408570e753dffc7f0cdddf22eaeec03a10ea72a28a649113e4a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    34b2cb1ee3e3c7349dbb992e204ca22f

    SHA1

    29b7dd6626b9e0093df20681a1d66119035ffb66

    SHA256

    c5fa8c32b01bdf1aa43196988d0a980126eb322b35f9580e27aa15658d05f75d

    SHA512

    21c130de3b08e880c886330e777ce2af95c13d864aea294c5671806105636aad674ce2f51c190e4bd171db983b9b24ee7b559da7ad13082f6e820a264b307b38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9cca97b6c61b86d1eb0472b8ece84a9c

    SHA1

    da096c0199b80d63a725a9d2becfc55d4fb2810b

    SHA256

    1b01e51db2f023e5471b500edb315fdeb11905e106a5271249c910a45dca20d6

    SHA512

    1badf4bff308026e5261ae8181c27fa71983793a28d0db9d0bdbcad39546a4200c1c73642f9efd021ef95d98726e19e3dc0ff90a843d56859ebe5d809b190cb3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    842d0b2867c7ae5bc32aa7ad3933c2d9

    SHA1

    0f1d31d5d887f71769086faf1e243c0409743516

    SHA256

    a9795ccdd378ce4ef2b9f8d42921e63242cf02b6fbe9ee5e5f879fc30d3948cd

    SHA512

    8ffbbcea45c588d699360c82406ba95a974bcc8746e3f1884f4260f54d66c9523300ae7acfeeee635e00a6eb52ee4035ffa6fbe276a0851698a2c7d471545a43

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF7F9.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF859.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\f77d4c746b2ead678c86307ab9272707eb9cdf13fea2901fa33aaf218e969b32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1608-17-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1608-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1608-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1608-23-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1608-22-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2324-8-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2324-7-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2324-14-0x0000000000240000-0x000000000026E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2464-6-0x00000000005F0000-0x000000000061E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2464-0-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/2464-455-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/2464-26-0x00000000005F0000-0x000000000061E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2464-25-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download