Overview

overview

10

Static

static

3

f77d4c746b...32.exe

windows7-x64

10

f77d4c746b...32.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10-01-2025 06:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f77d4c746b2ead678c86307ab9272707eb9cdf13fea2901fa33aaf218e969b32.exe

  • Size

    312KB

  • MD5

    8375807672405be267583a7d697dbe49

  • SHA1

    5d688c412dedb64fab2ff87fbd7a90443471bd53

  • SHA256

    f77d4c746b2ead678c86307ab9272707eb9cdf13fea2901fa33aaf218e969b32

  • SHA512

    758e8b43859b15807c9da941154264f8cebbc093fc1cc7444e994b3a8aa099a036b74d15ee6efa4a363451f9f13bbdf5ce5a731381ca7055ed4b0d3c890d9754

  • SSDEEP

    6144:vlt76kgZTzCHk02rbeodnXLqHrtn/RtoRm9zImsIVS95oFBf8dYdyQ:H76RTzI2rRdnXLqhn/RtJ3BkCUQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f77d4c746b2ead678c86307ab9272707eb9cdf13fea2901fa33aaf218e969b32.exe
    "C:\Users\Admin\AppData\Local\Temp\f77d4c746b2ead678c86307ab9272707eb9cdf13fea2901fa33aaf218e969b32.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2436
    • C:\Users\Admin\AppData\Local\Temp\f77d4c746b2ead678c86307ab9272707eb9cdf13fea2901fa33aaf218e969b32Srv.exe
      C:\Users\Admin\AppData\Local\Temp\f77d4c746b2ead678c86307ab9272707eb9cdf13fea2901fa33aaf218e969b32Srv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2204
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2812
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2152
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2152 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2588
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 264
      2⤵
      • Program crash
      PID:824

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72a167ac33af704c4dcd1f535f00cbf5

    SHA1

    5f1aef227b044000e65560be92dc986aa05b7260

    SHA256

    3ce1034439137b2c35a0562aa6591cdcc22a27985a7b71ffc6245432b1413d7b

    SHA512

    2643a0c5987c568334761b234bc17f15076fbd149328e846c7ef5a938ed9b699a006ce3f9c34eba9c8cd06f5c177d3f954d7f19c3339aba61a856448c7a35a94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    78b80a73266125091c2a7bb49418f0b8

    SHA1

    e07774ff436f9a72b3612334b6ba87fac4a2e0d4

    SHA256

    241931cf564298f6ade4c20bf7f645791cc8b7024a8387dcba6525ec30c7112c

    SHA512

    364ede035372966176974b1215aade89acf8f95a1e6fed5bf4b9e8cd8c5d40dfc58010344ed79ef9fa3d970699338c75df090657c4780a275bf143566ffdef23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    97ed3f1b4c338ad10102db962ed46c30

    SHA1

    fc5bdb35949d0d8b011c50b02744b101210b73ac

    SHA256

    77a4d18a32858618fd8789fc9529ee55e956c332f4c65626d91669a80f7d2022

    SHA512

    f692dbfeed0641f5fe2f1d577948bfbd1e507f4f0fd067bd9a4c44ee61ae4869ade40a1f5c7921275a2924e7f3e8849ebca04ac0ef0363f559bba6cf14d1c66d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b7e76cdab04f2ef2a3bf03b30e66a62

    SHA1

    85b26c0c300f3c7e6794852753a7812505e406f0

    SHA256

    66925aa96fd13c29014e25675e75f1bd8bb8187d03b212ce6529e510f3fd2daf

    SHA512

    885d939be4583845dae7dd8a794b05d9822c35efdd8ecd8e2093fd6743275f6aaae00d99f26c1cd56f0aff1af8b693e040d3fdef070a810976159b96b9047a4f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c412d453bc9680f80af3fa2df940e164

    SHA1

    adf011d60091353afbf51e93a687931bc64a13f4

    SHA256

    b9ac7e41d792d1c83b53b5504355a43520441cd2b6e6fe4d50cb9e3a706a5ae4

    SHA512

    df93f01fa24339bbd99600abd26a54960a1caa810adef60de0c83da775f5a6e65fc0fa8807ff45eda9089ee0a4cff51216473710cc30ea4bb024d25a1b8b2d4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    658049d89ba33cbcb2cb39ba821dd357

    SHA1

    1974d52114bf01c8e8ab96bfc26100c491eb06f4

    SHA256

    f6c699b08f75a6097398b33e338ef0de735f1facb28e0c61322115af7f4e2bae

    SHA512

    19cc7ea720bd41395e73b30f01d12f8277d257f98a09b5eee2fc04064a85bafe809d4858246a83747aba84f72ad7c87290624e19755d6e34f0f6cf87543fa50f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    08247020a7efc4916957ec36a5616abe

    SHA1

    ca9b6547048cc85d5feec9e4bd821c034ff556ed

    SHA256

    5c8a4adcda7f5950de39727085b5cff82a673e05be187dab37144db87b5a286a

    SHA512

    18e4b5ca0b88999c1e3539dc092021c78d1be17428da67560d0dcb22e537d46ea88ce132c5e839fe92e0b2c130b683265f19a4740616cbf20a36a16e856f2b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf5f4684c39bafb07cfd80be4920257f

    SHA1

    dc88db5228f59aee00d55c57fd7d372f399c8137

    SHA256

    e19b4b532eea2b624e57b736b78afba736fe395b92efcff1b26124327eccf9d3

    SHA512

    accc6fa145ea98b229eaafad3b04783ba518ab8318150433f65c93677d49498705b5232c467164d07f1a4cd314d3cee69b1c22498f21968b5fd67cf0a47656c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f674b3c33f42ebc6ac1ace810759919

    SHA1

    033f0e30d5c4e0bdebf01427f7e5b4c864a891c5

    SHA256

    485b9b51b1b5a0d67722fdc3e1b4fafef5ee5967176a47ced05bb74a42481921

    SHA512

    289781b6ac6a35096ca9804efb3ce60853925a2db8785d93800f4bc2b68f2ff6750115cad3379c8cae68da2b2101d9fe6e2b03c1136609847c8c9dbfdd7308fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    50d28223916e26c5204c0ca0dab46d21

    SHA1

    8abfa4e5fdd5dfea3b0b299eea1c0b0a993a1e2e

    SHA256

    126a5011070007a6267b4183f575106cdb2d82034402f5da309a96d220ccd963

    SHA512

    b84b295e5a97b940515566083e3ae915ae2cacb27c024c76cfb9d56dd89a8794eda6bcd4868e7ef03b2f1a999543930023bb6fdb8c6dfe4b99dc392d74bb5008

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9b2d69faad4c22c8353376f82032b6d

    SHA1

    21841cc29da93dd9c4d499cbe774410b8c0554af

    SHA256

    4cbdb265d623d6246a1701d035c6c193e321130f14313d35872de0ee40c150e7

    SHA512

    ea5b39d113c0947b7906d5088c2b5f488bf70a2b89d93e691e6ed34e3435a1f954ed6056197d5477c919ffbac7224b9ab37a8192746201dfe94704ec0fa10a56

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e26708b5738a28769eb66d183a237fdb

    SHA1

    5e7a34e0810bd600aa31ae754b96706e845bef8a

    SHA256

    02a1322d30a9610d0a1caea809a3ec4e011014efb917bbcd041de3403d3b241c

    SHA512

    5b65bc297a917b8866477099c194ba54838248f0f50ef4f995f586106e778838bc8e705299110ba075dd27a92d38005ba2eb5498a8eb7a3df47e76f8512951d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd05c38ced17895187d159d69fe2f503

    SHA1

    9ebc7da0a8285edb00b2368b638b58a476a2cab8

    SHA256

    5a67894cff94cba1dd90d02f07c4a80a80799be56ed164546eb132e23a1032c9

    SHA512

    a77050a35294ae40acfef60ac3a8ccfd2989227cc1fa28a59d2d5deac8db8a7205fb6d8de24e6c16f2dccc523e6672f94b2bb019b2d1de0e12729cf63e6396c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d9cfc946c95095da714e057f96cc5f5

    SHA1

    42d241c74feae51592f0ebbfb90b52daedac463d

    SHA256

    5a31ad92c3b9dd5128d1c3ca380187df851af226d850db3fa6b2bc37847bfde6

    SHA512

    3fc824a9bc2c85f50b71e3bf2f395ef2e2e700a56797fab3277db854b436a4c279c55b71913666472b59df9e7771a32a05da46585081cd7db7851ea87a6adc19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5df760d81e3beadfa1a0b39d4b294284

    SHA1

    4e4f576fb0ba461934026a94a0247ed75d140aab

    SHA256

    c37228bc882acdb759583ff2ea17e5486e1f679bef6346739eb74130750545f9

    SHA512

    1458a2a133c70420765a8b2002d5c26d8074261550b14664a31f40f30e0a58ed5211e3a70ef847b4bc499e17f9ece7aa98b97c55512b6349af6895b56108a173

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe5dc98521aa6e129c91823f80b95a4d

    SHA1

    444b801681872cc617dff20b386f2ecadcb2d693

    SHA256

    386aa4e9c5973484ce4f88167b83d0895b2afadf44c9aefc18e5a5b10f60516d

    SHA512

    5175f8d25c8ab3cf5f3307785258818c4e21e709e6de0ae511bd5ad4989de98b722c141e135c256a77993a69f56894ee50b16f45f9018900edeebf7c151f7920

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee44cbe5dcaa29c22531f36a4f37994e

    SHA1

    c9532029ffa115b2a15c3a4f8db410ace97f2b8e

    SHA256

    c7e8b96dc6a91d8c86e816c1e201abf0517b0ce63a068ee3dc9bea2e7fea630b

    SHA512

    37d8793bdc6bfe728ad1d7479461d4600009943b6a2222359fff3c25000682f3d3a87ee8b28fbbec7cdc747ceb91b7e73467a8a1fe923c5ecf5b97a33fe52bed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5726a32ee2cc742878ba11c99aba1267

    SHA1

    65de0e968204b31f3ff115a527398921dad2cb6f

    SHA256

    d6ac8e0442721f2c81c7542416353ec4624e8bea667d552bf34e4c0b64445e22

    SHA512

    2beb3b566be0bdcb9d14a9cbd63b533ea52683a2e0b50100e9c163acd85ab6100b8c1b0d24c5e997a4f76b8b245210e7c02e6ef54b07b752e13e4dce4d70d74e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF72E.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF79E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\f77d4c746b2ead678c86307ab9272707eb9cdf13fea2901fa33aaf218e969b32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2204-14-0x0000000000240000-0x000000000026E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2204-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2204-9-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2204-7-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2436-455-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/2436-0-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/2436-26-0x00000000005F0000-0x000000000061E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2436-25-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/2436-5-0x00000000005F0000-0x000000000061E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2812-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2812-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2812-21-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2812-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2812-23-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download