Overview

overview

10

Static

static

3

778ca73699...da.exe

windows7-x64

10

778ca73699...da.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    92s
  • max time network
    115s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-01-2025 14:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    778ca736990c712c5eb464234f1d05904fd75d969556ad9cbe262070d0352bda.exe

  • Size

    88KB

  • MD5

    ef33fe40bcb4caac404839d83889f250

  • SHA1

    002b7951e8e836f446dabd81cb894fa8b9e1b864

  • SHA256

    778ca736990c712c5eb464234f1d05904fd75d969556ad9cbe262070d0352bda

  • SHA512

    f58f9c4ec34e074305af7b13646a3887d986a673932ff7d4524bee1c23b630db638f09c395e2fb1c2a4811bb0d4fb46852f3422e556c271a447ec665f84cc087

  • SSDEEP

    768:w06R0UKzOgnKqGR7//GPc0LOBhvBrHks3IiyhDYQbGmxlNaM+WGa1wuxnzgOYw9j:+R0vxn3Pc0LCH9MtbvabUDzJYWu3BE

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 45 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\778ca736990c712c5eb464234f1d05904fd75d969556ad9cbe262070d0352bda.exe
    "C:\Users\Admin\AppData\Local\Temp\778ca736990c712c5eb464234f1d05904fd75d969556ad9cbe262070d0352bda.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2440
    • C:\Program Files (x86)\Microsoft\WaterMark.exe
      "C:\Program Files (x86)\Microsoft\WaterMark.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:3752
      • C:\Windows\SysWOW64\svchost.exe
        C:\Windows\system32\svchost.exe
        3⤵
          PID:380
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 204
            4⤵
            • Program crash
            PID:4760
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:908
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:908 CREDAT:17410 /prefetch:2
            4⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:764
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2408
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:17410 /prefetch:2
            4⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1900
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 380 -ip 380
      1⤵
        PID:4752

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Microsoft\WaterMark.exe
        Filesize

        88KB

        MD5

        ef33fe40bcb4caac404839d83889f250

        SHA1

        002b7951e8e836f446dabd81cb894fa8b9e1b864

        SHA256

        778ca736990c712c5eb464234f1d05904fd75d969556ad9cbe262070d0352bda

        SHA512

        f58f9c4ec34e074305af7b13646a3887d986a673932ff7d4524bee1c23b630db638f09c395e2fb1c2a4811bb0d4fb46852f3422e556c271a447ec665f84cc087

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        471B

        MD5

        0ada2095c461df5a751955aa41dd491e

        SHA1

        8366c54b31e1ddc8016aa22aab8c83f73c690810

        SHA256

        80cd542688ed3a45669b53243c3f4922d6eb21a34d8dfeebc6c101484d3bac09

        SHA512

        135991affe343d4358bb15a693effa7a6813d6715e555729d2aa04a98555e13fded55d3100a41a92a5beb57c68fbdacb199a3e66407944e37880b28d42d79e7c

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        404B

        MD5

        4fb9f90d5ba0b505b50b6a6d445603d7

        SHA1

        07a9dbb6baff74379f6575e9579f1390e6a5d4a0

        SHA256

        8731eb24b0624d996785b682a6126d3b95bc2dc188bec955c2dd7cded98eacb5

        SHA512

        4eb7e68d1a3cd1733ca466f6e98732229a42b730ba502ca8da2a14b3c5cf34ba9998f44477707b54bda42290906d6aad8eaccc36036b057b1fb51668620bc368

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        404B

        MD5

        44a17c49382c735c086e4590d32f9cc6

        SHA1

        dadc4a993f35f167e0b60ee39ba86a3653b888c3

        SHA256

        ab8d306edbfeee29f38e9d7373d5547fe4e109be27ef426170413fb5a8e1a00d

        SHA512

        4f8b3582911752e2997694e44a59861e726a94bcb5270ffb824457c906cbc874d5e1596eafa9ff4585cb0887bd5b1ce52c8f092b336ab643a89708c6948b5d89

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B74B248C-D73C-11EF-91C3-C67090DD1599}.dat
        Filesize

        3KB

        MD5

        12eff9a0040476cd68ff782a7b20bb26

        SHA1

        7d9c4305583c737146d447029d6580a2903de6da

        SHA256

        e5bf8241536f0ee59f94959c2dfbe1c39d87787e7aee085dcc4e7f986cf4dde4

        SHA512

        346320a372330c4d4a3b9896eb2a04cb2683c3f494d7dd59a1cd5a69e508f44e8c156a3170578ce442d3c5859bfde6783d1d339fb370abd01f14954260046413

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B74D86AD-D73C-11EF-91C3-C67090DD1599}.dat
        Filesize

        5KB

        MD5

        f4a2980fc9f01702bafb5ea9546932c8

        SHA1

        d41c91dd40d0be6efe90cfffc507405dce2f5ddd

        SHA256

        bccd9d01e8937808c6fd30884b901a5856da26451e10780dd33c54501142872e

        SHA512

        01cd0dc470631438d060973e47dfdfbb780e0728a90ddaa6032b105f70fb0eebc4d74ccd656a21a7b3e51b298873cbc8124b7c54858fca47d01b0d9f798f5623

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XH3Z2ZON\suggestions[1].en-US
        Filesize

        17KB

        MD5

        5a34cb996293fde2cb7a4ac89587393a

        SHA1

        3c96c993500690d1a77873cd62bc639b3a10653f

        SHA256

        c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

        SHA512

        e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        Download Submit

      • memory/380-33-0x00000000007F0000-0x00000000007F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/380-32-0x0000000000A10000-0x0000000000A11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2440-17-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/2440-8-0x0000000000400000-0x000000000043B000-memory.dmp

        Filesize

        236KB

        Download

      • memory/2440-2-0x0000000000400000-0x000000000043B000-memory.dmp

        Filesize

        236KB

        Download

      • memory/2440-3-0x0000000000400000-0x000000000043B000-memory.dmp

        Filesize

        236KB

        Download

      • memory/2440-0-0x0000000000400000-0x000000000043B000-memory.dmp

        Filesize

        236KB

        Download

      • memory/2440-1-0x0000000000401000-0x0000000000402000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2440-10-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/2440-9-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/2440-7-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/2440-6-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/2440-5-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/2440-4-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/3752-30-0x00000000778E2000-0x00000000778E3000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3752-36-0x00000000778E2000-0x00000000778E3000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3752-37-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/3752-35-0x0000000000400000-0x000000000043B000-memory.dmp

        Filesize

        236KB

        Download

      • memory/3752-34-0x0000000000070000-0x0000000000071000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3752-18-0x0000000000400000-0x000000000043B000-memory.dmp

        Filesize

        236KB

        Download

      • memory/3752-40-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/3752-19-0x0000000000400000-0x000000000043B000-memory.dmp

        Filesize

        236KB

        Download

      • memory/3752-27-0x0000000000430000-0x0000000000431000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3752-29-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/3752-24-0x0000000000880000-0x0000000000881000-memory.dmp

        Filesize

        4KB

        Download