Overview

overview

10

Static

static

3

2025-01-19...il.exe

windows7-x64

10

2025-01-19...il.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    90s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    19-01-2025 02:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-19_a71770683f5474465047295f01644386_mafia_ramnit_revil.exe

  • Size

    4.2MB

  • MD5

    a71770683f5474465047295f01644386

  • SHA1

    4f6415b644eacd0a642d90ef1f0ef367009db337

  • SHA256

    1b0b4e02e3a671fafd36a6440e9bbf08cc2fb9cdf3949cfc0d0391a058d92f6b

  • SHA512

    45ceb8c2b99fcfbebbb2c05751afd9754048d16d5a006a358ddfcf09e716957d3df9d2ea4c1bbf61c5ec54dab94ece6e19d84d9cfe18d8be5d4ce3101b4f6578

  • SSDEEP

    98304:3MX6JVkHSdJ+dw32m1ZcAE/KWQ4SKHdngNvfn7K5:323U32Oy44SKqN7

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-19_a71770683f5474465047295f01644386_mafia_ramnit_revil.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-19_a71770683f5474465047295f01644386_mafia_ramnit_revil.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2604
    • C:\Users\Admin\AppData\Local\Temp\2025-01-19_a71770683f5474465047295f01644386_mafia_ramnit_revilSrv.exe
      C:\Users\Admin\AppData\Local\Temp\2025-01-19_a71770683f5474465047295f01644386_mafia_ramnit_revilSrv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:636
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1216
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2760
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2760 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de36d23b959ea0ac6306b280e567714a

    SHA1

    5627f07c33d177489902e926b982f0e8166c1ed1

    SHA256

    6d2eb15e889b132f9960eb573d046881f159293f2ca2d8f89a7e0114905b249d

    SHA512

    288fc01919f875b8e394c156b31a659aca71a7755f294f249f53965a2bb1ed0ae863da9ca9c5d5f5c01e736d662c784f59219da1844a801b970eb4f35068128e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b45b71168a5c808cdc1529c05721cc6

    SHA1

    44e4c14379dc546759cd19822a21b4cd8a87d420

    SHA256

    9bfca54931a5e8a3e40e1a1d4f58cb356c00edebdfb31d5a0519aa131b10b469

    SHA512

    314cce13700d54a2a7ce023e789ab9472d35e5ceb31da261203dbdf8be06b207722c77e27f83874b0efb4cd0a99f85d581ed9d0fc0fe2a7bbc904abd77d3da37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fad608ff34f0d1b3fd4876ded2eb2c56

    SHA1

    63ca28c345e4600e2fb09877616210a5c505f5c3

    SHA256

    06105477a64c928329309ad0feff6f30e17a0d500c807fa8de30240914db40f4

    SHA512

    1d17eaf5982149237b324eb1c00c46ad112bf1b2459d20822769c6f11d5e12eccc51bcff920c077d7d86137defea8209691ad206beb9323bf79f556a3cb87d7c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12e41fc42fd6427bc7a62ab31f91c2a0

    SHA1

    41716e36c86cf181b034da656a9b0959ac9e7397

    SHA256

    a014db020244a51cd98c4ea8144e1b2cfc83ec7067cfeeab4055cf90e110a9f6

    SHA512

    694a05990e8f622533cb5f6cc6fad74211389a15f8d583d628b8d0b836d0c263415797fba5d6ac339d210bd9ee407f350ffbf05da7c59817936b4d07c83bead4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    05888bed4fd1bbf3632195a9f188b36a

    SHA1

    87222dd2f32a6acb0968202afa9e84bcd4d0b95d

    SHA256

    e52027b7eadeebcb1fbb5f6c87252a6071104ed98155d222fb55456470d14f54

    SHA512

    da503b75787eafabd47c813c82a73e44845ecae925deadb2b698113263acb4abd8bca8f021260de6dd2f8b1d5705da303d30f9ddc949d5509aa693ff6ecfad02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a4309293fcc5c9fa73e07c8cb5ef612

    SHA1

    20678e2227b66538893888894b64234553815282

    SHA256

    759425a707245abc7a7f4be9b6a216893889f01115c4c26b94b640f3731b6322

    SHA512

    2a5d5847d85b7ce8f3c053a398a2aa2db8c5c2d4a1f202bf1b1539dc70eeaf2649bc6be1fa01e36a6df80f94a6f9eced433a28849de9f1a04a6ab0172f0538d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9e43cf80a97d467608cb3524cd676222

    SHA1

    1038d43d3f180939f8fade443e006aff3d2ae2c2

    SHA256

    6c288f3dad63ee9c90590a55c15d084a4e6a11639157b5da1a167156315e0f02

    SHA512

    a38b106cbced30f2fa0d29c32daa720a8e20f78b4d2b9a7725d934a34f4929fd25884a2b12d72d3155d027d495b49789d75193e29ab78d370251cd302ca36512

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9853275915f226968762f7a61c935a77

    SHA1

    00e8c6638c0450021ba04dd215d0a80b0bae72cc

    SHA256

    e990bfed2e738d2be8fb3897873c549a4aa13be5ded983d3a51adb2a97695a2e

    SHA512

    0163bbf8397f1a44e1abad643369321745a5c93e98d286e4b2d5581aa8cebe96b3a1ddf3adbd7ffb5bfdcfd17fec6077d3564878a70acecd8e977decc3ae4ee8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    10b712738a64b53ad651e772e8b93563

    SHA1

    132ef25958a0aa1b6ab5d7c69437b116f3bb57fc

    SHA256

    1ecc43a07669b626832e72c8c8fa9f15ca785acae6a416f08d8569cd87480a7f

    SHA512

    bda19a25db02e20e890dfc326a4caac677b86206736f39c465854f260d60cbbff45c0764e64ab9e79c713f9966750f8b68d69e5ca32f768ac64bc4e14aced562

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    347b126c1f9efb3daf5be00f3ae2c570

    SHA1

    9dff2839603501b2cd0d0e9dc3cafc24a7414b5d

    SHA256

    8f46942a0d8350c8346bc865aaf1411247164aab1bb0c9bee077ccba0f1191cf

    SHA512

    b70fa3dba4a26e010a8dfd02c014ea6c114a8bbe243d08a6c03f0c2e4445a0a3c34f493ee7e3972616f35073b2a4df7b91007db98e280b9bab26ea4aad3e19fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd2cbd37bdcf66ef8392865ce6f63d53

    SHA1

    e8c0ac829bea98221bdd4c1ecb63f342512d8c95

    SHA256

    c2b3ded356e6bb7ae0cc014268ceec686672d7a119d8959147fe4f588f50e89d

    SHA512

    85deed08cbecd50a1f66dc3250147d5d738666d6b47a1c2d9ae07a856098878f1e50eb11a727cc0c1ddb7da6721945ccfb541a0eed1a1052e9c9cdfa5f3e6af0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    024ce1651e05bb6e9bbd8a9c2394165d

    SHA1

    25104184a291e54f76bbfb293de10a20d2eeb458

    SHA256

    9a78496878f7b995cae8b4ee5c65f22de7f6a9ec30df54c8eb34b41578024844

    SHA512

    a7fe3c2727de1353b764bd510ee8411078600850bf4c7e2e3caa169f42d88cacdf19f24d8a7a3b22133a744d1707a3e89850a93d5e4c2d72421d9befca9ee536

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ea2e2794261d1bb3904a0ad752e11b5

    SHA1

    3a895f9d2a34a504436be26f7b2881b226653d25

    SHA256

    544ecbc7fb11d95435ebe4533b6a59dd1c5e1bb57f8ef4846f43d26c437e2cb5

    SHA512

    cf1ec3831892d772d798980c870a9076844444803995f573db10349a0399d427df6896e44dad53ad62aefaf6c3f3c1cfc8cc1b6f057344920e5c2de8620f9a0f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9595397522c3cc57d085e30b7d5b68cb

    SHA1

    d9661507d244913beaf9de8ec39707036f4b41d0

    SHA256

    9bb227d6e17b5517671a3be02bbf8b8159d6e40b45d769be2635cd88fa90b191

    SHA512

    cdf8cbd7078dd70aef68f6b7d8d59e89c7583c7342b12aeff3d6b37a391ad079f543918077004a4ec98b50b9b4a9a1983814987a7de726cdf55e3a4bd5398815

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef02ed2db9286b20bb03d265477f05d2

    SHA1

    b43fd4bcb463481437cc42d2b06189bfa88ebac2

    SHA256

    7f4736117b648358bf26b1c80e1227aef0ac0fd98f077b3342c8b887eff76751

    SHA512

    b11a94a1eb10460fe1ceaa463b00e0aa7350c1ad06ded937dfdf6ec3a63cf845967a5046361b7e205d8bc3d555bdffa67ae3efef7db1f04182a0b1232f73abc2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4d3f6ea1531454d386eed20955c09852

    SHA1

    7a8404240dcc8cc5948ba84abd109c04000af2cf

    SHA256

    cd61524a00f6df660c536becdb84493f81381f1cfdf114299b14a459a50df45e

    SHA512

    c48832e0e93020bb92b05b4b70596c860386b3c35d50a1bbcdad625bbf411bcf5c6caeed50e0d5252127e11a8d3d637039e7a0689e94aeb588d0a11ca5d68fc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5685d79611fb2784054889895977516

    SHA1

    a3d2e26e5c24b9c33e24dc86536e903ef50b36a1

    SHA256

    f3769031413c4fbadea665a9d3837a6ba9363224f600f32f709645cf7fc36858

    SHA512

    225c85227f5ced413bd399081fa69e19b9bf427917f5412d6a3897157fd0a72d1e7e25365658f27e66dde3da613fc161cd9b0c2ac9120ea966a249f86592ea79

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8da8a35bf340039322dc2c176e95b456

    SHA1

    b866dfc357b71c45406ecdf3df26b4ecd7d10f46

    SHA256

    7ff6b46563b00fc62e23647f83e671aa6293e6ef8d019fd82cbac3dafca03b62

    SHA512

    97d15a38b966400426fb7004b0acc10f811bfaba9a237aee768a976138168f1823adf4c02239f5a7e165eb8e556d3f00edb77bdd23d3c8174a2c5d1309bdc46f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    13a05e59ae97ca4856e695dfeb106507

    SHA1

    8a19f5d368a7291520c68cd30516ca31250079bc

    SHA256

    0cbf251b123e4f08cdb19053a42d598f58649b7290d9e0f988fb0305da22a31a

    SHA512

    2fdc13c85b92e56fa99bd517c0e897313fde391e356b3d9fdc9ea638a5f86c3a0583dba2959a39f2b81be4e9ae956a25c65cbe5e01018d6f6d987cf3e1165c34

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3dm\load.html
    Filesize

    3KB

    MD5

    c2446faa12434d5575720fab791488a1

    SHA1

    145076bdeedeb8b9c725cee1830d721f09187671

    SHA256

    925d2bfd8f63a8d8da6e44df3fc0fbde634aa6d5ead6e0f3ded54d59578b0367

    SHA512

    36fb27ddcb9e2fb74d2b5b5f3de5d8879a155c54fbf0e714bd07461f8cb1d5513d98846b3c3ef239f63ee4594d6edf18d8842cfa391422977b622e87c445d9b4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab94C2.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9582.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2025-01-19_a71770683f5474465047295f01644386_mafia_ramnit_revilSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/636-7-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/636-14-0x0000000000260000-0x000000000028E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/636-9-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/636-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1216-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1216-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1216-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1216-20-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2604-6-0x0000000000190000-0x00000000001BE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2604-1-0x00000000011B0000-0x00000000015F9000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2604-24-0x00000000011B0000-0x00000000015F9000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2604-43-0x0000000000190000-0x00000000001BE000-memory.dmp

    Filesize

    184KB

    Download