Overview

overview

10

Static

static

3

d76f3053f1...c1.exe

windows7-x64

10

d76f3053f1...c1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    92s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-01-2025 05:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d76f3053f1adc61b301254e79609c1f742af1b6f2f522d28115938e93921f4c1.exe

  • Size

    294KB

  • MD5

    7e2866b0b8d0cfa03f53e7503dbf985e

  • SHA1

    cc9e74bd26fa22ba4534155fd45837c593c2ff77

  • SHA256

    d76f3053f1adc61b301254e79609c1f742af1b6f2f522d28115938e93921f4c1

  • SHA512

    7cbe93521357cc78fca62017d5c3b5e198c49fdf5a4fd4499f1ab2785184720acce75186f0e2f7d6c65af7bba1427cfb770f3970d71ed68256f9646d4dc760f5

  • SSDEEP

    6144:9pHIJY18OuVXPF+u464y1Jfu/ZR5zgVoaO/r5oFBf8dYdyQ:9uve6DIXuBkCUQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d76f3053f1adc61b301254e79609c1f742af1b6f2f522d28115938e93921f4c1.exe
    "C:\Users\Admin\AppData\Local\Temp\d76f3053f1adc61b301254e79609c1f742af1b6f2f522d28115938e93921f4c1.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1216
    • C:\Users\Admin\AppData\Local\Temp\d76f3053f1adc61b301254e79609c1f742af1b6f2f522d28115938e93921f4c1Srv.exe
      C:\Users\Admin\AppData\Local\Temp\d76f3053f1adc61b301254e79609c1f742af1b6f2f522d28115938e93921f4c1Srv.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1116
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:3368
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3616
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3616 CREDAT:17410 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:4244

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    dc142ff8759ecb81417ba231bbcf25d0

    SHA1

    201681d524cde8af5c11b5111f5fa697521c5739

    SHA256

    d6e2a573b1e137d8b823b82cfeaadeb30df36a0fa7a268a1278465b28fdc7bb6

    SHA512

    b36456cf3ef37e4bbe0e4acf8b25cc85a39f8517d1b80b3191b1be7ddc6d58c74247b2d9dedb0b67ac4f8a2f3d92773e90aee326cfe612f8573ba6ad6b73e833

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    9dc0c5bbe53353dec50af851fa41429a

    SHA1

    30895a8f46bff75b47fd0ec633276902cd5f7f7f

    SHA256

    d76d65451c180b2d375485e52ddf04fe3c9de07a3b2ff87a6f6796687f51e3b5

    SHA512

    dcb5e43fcaaefb9c7c6dc0d26815760b884d76f0960212398f8752a3b4a44d95ef9dec21163292f737c3c2f0208a11948399be803590073f8ee5b307a3df5718

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6IJLDY7V\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\d76f3053f1adc61b301254e79609c1f742af1b6f2f522d28115938e93921f4c1Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1116-4-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1116-7-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1116-6-0x00000000006A0000-0x00000000006AF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1216-0-0x0000000000400000-0x000000000044D000-memory.dmp

    Filesize

    308KB

    Download

  • memory/1216-17-0x0000000000400000-0x000000000044D000-memory.dmp

    Filesize

    308KB

    Download

  • memory/3368-13-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3368-14-0x0000000000490000-0x0000000000491000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3368-15-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download