Overview

overview

10

Static

static

3

2025-01-19...il.exe

windows7-x64

10

2025-01-19...il.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-01-2025 03:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-19_a71770683f5474465047295f01644386_mafia_ramnit_revil.exe

  • Size

    4.2MB

  • MD5

    a71770683f5474465047295f01644386

  • SHA1

    4f6415b644eacd0a642d90ef1f0ef367009db337

  • SHA256

    1b0b4e02e3a671fafd36a6440e9bbf08cc2fb9cdf3949cfc0d0391a058d92f6b

  • SHA512

    45ceb8c2b99fcfbebbb2c05751afd9754048d16d5a006a358ddfcf09e716957d3df9d2ea4c1bbf61c5ec54dab94ece6e19d84d9cfe18d8be5d4ce3101b4f6578

  • SSDEEP

    98304:3MX6JVkHSdJ+dw32m1ZcAE/KWQ4SKHdngNvfn7K5:323U32Oy44SKqN7

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-19_a71770683f5474465047295f01644386_mafia_ramnit_revil.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-19_a71770683f5474465047295f01644386_mafia_ramnit_revil.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\Users\Admin\AppData\Local\Temp\2025-01-19_a71770683f5474465047295f01644386_mafia_ramnit_revilSrv.exe
      C:\Users\Admin\AppData\Local\Temp\2025-01-19_a71770683f5474465047295f01644386_mafia_ramnit_revilSrv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1184
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2684
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2696
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2972

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5803502f99634f46a812b69e783850e7

    SHA1

    4da3dac381e6366212f123c38fe6f0fa470efc3a

    SHA256

    3dfb552250c3f2e6e8c0ddf88ba09af55f7cceb26e6784a969ee46f525ab68f4

    SHA512

    cb8fe9f01408790462bb609e5d120c05a10148bceef54a7bc55909fda87fe8b4d4abe93f44ed6b004d710c1ebe6b1836c34f81795bd853556b95f2cb615b3393

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e0048b772532b9b5a602d617488303c

    SHA1

    e3cfec654fe7643a1e1f8f1b0b54bb933efc68c5

    SHA256

    72ecae7e2fadec99120f210a0f47a0c37b3c0923ebb610953c0b89fc65bca9cc

    SHA512

    e45403802bf1d59326f9c548405e98cb58f94e9ce450e0e27b4071cd1468a7c30086d91190f48d4c6c565882cc7501d3d8cde92e58b078ebe9c7d61794374a65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36a209a050302b2cdabd74639a08a407

    SHA1

    3fa1229bf37d4c43bb1eff85a87b3b28a4a5dc2f

    SHA256

    722ecc5c342f319606676ebdfc7d0ddee5e1b5d0f79e52dd5f0076d7b21a75f0

    SHA512

    4bb917e1a8edda9a39b53f6f725efa81a0b6f165ace5d3cd136998737521d6984aaf4597ecd08d9330d022ab1ae502cc021d20bcba216a4533db221d18acf70c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    526d93acfdc9d8adedc60513e7bcbb0f

    SHA1

    98f0440dbe8429b8efdd5fa0b5489d01492483ac

    SHA256

    5044c1f79336ae9f0a4d0183f7f742cf8f453912a0bc0cb0b18df42442522407

    SHA512

    64e03c4f91e9fca6a2a68a03abd7adecd5bf946f89140898b46fb4fcbccb57f47de62693d3661fe56967223200108f99ab399b572b6eee47cd27e155cbfb59d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef1262481ebb4ae902bdf863ead10658

    SHA1

    47dd33448fc59eeaec92a19a4db9754786df50c3

    SHA256

    f789c79f871a85d3e9758dee858e750ef05e07e3102e0ac8a2510ba515050e32

    SHA512

    8489e0dcb2412cb76606bb88b0848d21e3d1d18c93aa372b9775fea8335159321e0fcd665aab472ab14dcff0b26d508de925a7d05ab357539e6957f04ede5ed2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e065246a510a70bd56637a3b71274291

    SHA1

    6a7897d0af6139c220b673ef6e0f61300f0310f7

    SHA256

    079ff6b873da606e3c2c9964fcf2d9bdf0d88d879addbd2e0b419db4a8063db1

    SHA512

    b0af3abfa7fbe15bbcd77329a597e711c92852a061bbbe6515f38e2c15fd5fbb09f49191c635ea040415d70e4aea93f540ad9d33e621339943eba4d68af8d287

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a378651bbcf1b2483c445089ccae5003

    SHA1

    9c3e17d1d45f71ad4b41748e7e98ecbb2e284ca9

    SHA256

    1e4753dfdb0f63a2093e381097f4ef9cdf6b2d3e0d4534f81464d519675e5a12

    SHA512

    c9ffe7e1a5cd37e91f2f5f7532db1cab0a33c7d3831f23028dbefda838e04465f3e03849b75f53c5c15cae6a9a9bac57ad6efdd443ab40b4dfd0d5a7209ad904

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd84032267fe4fad2818a71f1158199e

    SHA1

    d1743ac6ebce9805e27e7bd2260a9ae2c85eac90

    SHA256

    110cccf90a02e2b5dfa49a1e75145b980338d8119274fbba704d4d1bd2fb3b5e

    SHA512

    3f701574e59d981ca2e20e3b05dc53ff13499a5d2702ba4400958b60795d11ee40198fe5033d7dcc1f2c6883b20ebe2b1a09867f34cd6b2330ec0192179f08a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2203f81f1cc82b45db748ff6e947d5c2

    SHA1

    0d4b892e60169a599abf24794bdc9e292d5b6273

    SHA256

    a932eee886e39ef03c6ce5561b345a9c45e88034bc90b55a53cee1d2a3e6182e

    SHA512

    36586109dba35456d164ee3f074ed7120235330d8f123088dc31c0068a96e8d8451945d57f7a793099a51571892420dcfef04d01c097522b67abdc5e4121e5ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0ea85909a35e9d40dfc310c08f875000

    SHA1

    a5e34e13592288ba839aa149f05bc6946b372f21

    SHA256

    6669378ea07adde5892d5d1a44a011c9125f6b0ab58a368ed9e9ece018453696

    SHA512

    c3e244aec9f3c13ec852ae2e181042409df1942aa01d740ab947121288c4987016a761a4857fa444565cf11cb1c4cbaeab70a7597dd73909ac56bd019017d9f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e0c445ce62fdd8c036a206c71b3d2a02

    SHA1

    be72ddf99e4116195f83f736aea9d686e763e887

    SHA256

    0e8b7fb2fde26d43f581e19430b4050dc76590b97329cbbc564b26e9feed69b0

    SHA512

    9999e322ac4f60a855ba4b2916ac2242136c426c452ca593f2e70eb38fc6cc6055d4624f4f5b5dd7bf4e70939c8cde99a259071954d084e1932d2633b7480540

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af140372b63030f360a849e2d66e81e6

    SHA1

    d57776f9c48a64b1fb94119da4bec917b694f241

    SHA256

    99f7c9403f79903745f2b66035316105369b970f9ad568a2f6fbe4e57b702b19

    SHA512

    77ba7b231da89212b9db6249124b0be6f8cbc8dded15912e75c22964f4da497667807d61dd124ccbd8f492b05ff2f9c61480057b9775ac470bc44942550b7dce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ed091c48283c4966753dbb9108c04cce

    SHA1

    c53a35318d50c79020d8dac32da3d1c5d49f4816

    SHA256

    95c93fba4d3e22344abf733e4cb47967fefdd95b9accb030ee7104e8c13db2d6

    SHA512

    0cda06c53276287d38b3d778dd4c26cb08e1424faa9305e3b129a86ad6382b2d7817c1d0bd0c350d7f7d0c2b20125d3162f8fe1a6031ce2220692fb971044b3e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    83d4d68677f93ae18341353416047782

    SHA1

    a8fbf9b788ac964b8e7fd324835c5159a35531d3

    SHA256

    71fe9b971f8473cf431bb1c7f45d929874b49e574376fd1a3db45e7ef4c902e3

    SHA512

    99e047cfc00560ddc6035f575bc549ddb38ec3db444d8e90c1707be178b67b2b1edfeab6808b3faeffb8a123449ea384ddbf7567a65b5ac62c45e20c8b089e74

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28b6e256bad3441e9b74471e645a6d56

    SHA1

    5ef3846feeb8bd4f9d7c1fb85493e49f6dc2c0bd

    SHA256

    aa8a06763abac01ac3021b2200da3f60f5288bbacf8584767fd24f8272dcfc46

    SHA512

    f2e677f68220ed1e874cbecd1e530da3adca884530547a67031dd6379b94dde1f46d4198818e0adf47e78f75da43354b65409dae997bb730f9a694279a51300b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    173a9547b1afdef44af512ae9dc78bfe

    SHA1

    0f3cba45c88ae5388a4eecc4dcc5f0ad4dfcc5ea

    SHA256

    66cd1514aa2572364d7ae0a338344bd21ea7e81a9c6b462e7c89c43a6e2f7dea

    SHA512

    58096a042fe8aea111cfc8cddc1dd9fd1537ce344e8b817eda8a28c251da6e74b4922dce294a325e25051df6c09354deaf20b92bf4387e4f1b73050f4e12df1b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3dm\load.html
    Filesize

    3KB

    MD5

    c2446faa12434d5575720fab791488a1

    SHA1

    145076bdeedeb8b9c725cee1830d721f09187671

    SHA256

    925d2bfd8f63a8d8da6e44df3fc0fbde634aa6d5ead6e0f3ded54d59578b0367

    SHA512

    36fb27ddcb9e2fb74d2b5b5f3de5d8879a155c54fbf0e714bd07461f8cb1d5513d98846b3c3ef239f63ee4594d6edf18d8842cfa391422977b622e87c445d9b4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC6BC.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC76A.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2025-01-19_a71770683f5474465047295f01644386_mafia_ramnit_revilSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1184-41-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1184-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1184-14-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2108-42-0x0000000000110000-0x000000000013E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2108-40-0x00000000009C0000-0x0000000000E09000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2108-7-0x00000000009C0000-0x0000000000E09000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2108-15-0x0000000000110000-0x000000000013E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2684-16-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2684-18-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2684-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2684-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download