Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
27-01-2025 14:21
General
-
Target
b045358154f9358338c7055516982872ed6017b58ec396e0cc3344a843838709N.exe
-
Size
640KB
-
MD5
7af5475085c991c01f9530134b5cec70
-
SHA1
3ad78b2805a69a5c3528a0213848e57b984eb759
-
SHA256
b045358154f9358338c7055516982872ed6017b58ec396e0cc3344a843838709
-
SHA512
ac8c8cf34ab6de910962b935bc1132467c3824ab5d7690ff2b51e9f2e7e28d0e42517bd74b8af6dedce59869a56c8daa9676e6ef06971db5c60f01a3235960f8
-
SSDEEP
12288:72f+zZvZ5kjAcUFc2yV7zIFDIyWOy6ba3yd4QCZUv5YYYkx:7ROQa3e4JZ8Yk
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 4 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b045358154f9358338c7055516982872ed6017b58ec396e0cc3344a843838709N.exe"C:\Users\Admin\AppData\Local\Temp\b045358154f9358338c7055516982872ed6017b58ec396e0cc3344a843838709N.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\b045358154f9358338c7055516982872ed6017b58ec396e0cc3344a843838709NSrv.exeC:\Users\Admin\AppData\Local\Temp\b045358154f9358338c7055516982872ed6017b58ec396e0cc3344a843838709NSrv.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2428 CREDAT:275457 /prefetch:25⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD574a127044697e0cddabf4e00116bfd2c
SHA10b045eda8f85649a43971916d59a5bad2f0ed9ce
SHA25659ec51f2116a1e335acc43942274e2facb055f8f859c71bfb93bbea5fe37f3d2
SHA512020cb4bb6d96bd1a0a20f12e3f495bdba368a0ebc2f7aea7af331b813cc3f2804edbada4f4415fba773c1f5df4d3345f1fe67f51aa960f2c84dbeffe552c20a7
-
Filesize
342B
MD582c93c9913a4e418fe8a64763fbc0e4a
SHA16daa7d0aaf8f11827f0aa0ad7aaf3ec90a282bc2
SHA256c143a9207c7dc83a0938ac2727385f35c4130a86eb0954103fafe60bce110b19
SHA5126f834e2fa62cf79ff89409de8e6346d0ac8ef0cade55918ddf43a7730eb950936c8ecdadafff87a5d2dbbedd9c52c099fe499f3022a1b100551eb25fba52fac4
-
Filesize
342B
MD56a14b91db97fe731c4c7ba125ef3375a
SHA1ff41f20eca4800eceba71adbe79ca4f4ae41c0e7
SHA25647f5954c27d563ade3ac6ba791cc5c051c4eabe130749a6bf075efe32b34f6b2
SHA5127ae78ab57b9f39aa3b5379b6d2e195cc7b2beb38218ed34b760bbab9ce434277e29c3d71e737639f52b2fb8418488d9ee04b296884454fd1e3bf4093b51224bf
-
Filesize
342B
MD5fcc510d952b5c874d15bc8b166966325
SHA13eb2e57655527b862229e8b7e85dbee06b62a408
SHA2565021957eba8c838060b5db6b4c0f22fb19f4bf453ab7e9e575627232997e056e
SHA512376f13fbb2a016e541481f33d97761349faefbfb0e2f03dc9340165890203285b2a3d4875cd53945ff6bea4189ae580010cc3a4e6950140a0e29faf6cb8efd51
-
Filesize
342B
MD507c20416207dbfa458d75cff0f946114
SHA157b71db55bad038bf64416b0b779df951737fc7a
SHA256dc89c48a7130319a405ddd186e0de9933b8f6a0d2057cf655544615debf4a45d
SHA5122b4536b0957c594d2fc5f13ef1999d5be7e79280615f2d33bdfa510f4ca68a6958c6fc6899a30c8cd35776efb792fb8b7b85e251018f5e9b547c81fb373a1ebc
-
Filesize
342B
MD5c326cb28803291d0ecf2ae625c26520d
SHA19c954a7bc0eaece820aedb43e5bd201e44df4153
SHA25608bc8e99fede0db44b9b3d7089419f35c636df541ffa2f89488cc71916d8854c
SHA512b9629e35607e23d8dca567a25884ec145d53d4b2f5458511ecfe89b84307289aa1dcaa34d05a41156ba2f32442810d8ba313d20729dcc116070dbfc412352b14
-
Filesize
342B
MD5aecdc4674c639f3923b57a2fcfc1f9ac
SHA17a96b889e7b19c11c7bf250ed2d17b228e1264b2
SHA2567422bfef39d225ce00be6920fa6083f988c126af8b06c4113973f153534bdd62
SHA512bc9e2087b909ee36e242337940478d451d5999d14c04a77b5777eb091f793da97a2ae68a465af65e159dbd64ea5f18bf4f26988b71bfe74e51cd78d1f2816337
-
Filesize
342B
MD5fb39570b823dd91f42cf331b13d646e3
SHA1059b652703140750484244217b94bbb66893de61
SHA25659a7fcd622b8cf156a4c64344c5063e32c6431a9b7423d64ec43bc02d7bd6b52
SHA512a87a3ea41c27bba6bad5b8991d0adeffeff8232a41acd0c61522340b93f1f24274cf95665b1f929e1a947cd0a97dbc303d51c949781c34be948999f358a35e18
-
Filesize
342B
MD53e4312cec88e1758386e6acb0d29f10f
SHA1577ac73529d7f45b5a58ad118b4770d6e0cf2262
SHA25601ada0c871580679c872c65a55ec92677338157b3a8b9d3666f70954c6d4736c
SHA512ecaf8b861502a0a1a433146bb8862caf2da27990dfd586e854dbbdb20b63f5d8f831b6b886ed19d4b9fa038a9b030b95844ed22b1596b5270dbe84f16b3fdd6f
-
Filesize
342B
MD56fb4a2566a09e1d70f6e56050145b130
SHA1800d3ba1c3027b10a93edf1fc879c5381656d2da
SHA2563272cfb642efc45b34f76c005ec1c7ace617967ba07d0eb7b526941ccda92733
SHA5124bd141fc83ce17b3f747cd00679b260b37b47f128a6ef9dbd018b3301c09b7ae690f93d4aa1603c177d0b2d3128336fc7b5fae1e60767fa74e7553db8959015d
-
Filesize
342B
MD5d3fb261ab8f1d63cd72ecb352adec04b
SHA18f53a4487ce2f8782ac4647c851920051506ec20
SHA2567402ec54530a0f066b8580369869bf8a9aea8080f663e5065a002f067b32bf5f
SHA512ca004ca23977e407f727528e490021e06aac10be2375768a3c1f1c33ff37d763bc4f98a25e548fae8375c43a3fe79b560e5b062801ed24e83e60e20cd5d4e07e
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
52KB
MD5ce99b549382dbfc4f41efe99b5dbcd54
SHA166905167920ece3a0bf65441d30da72ad25b7475
SHA256e26d8f6a9c98b949d1f58c97c2dbcf7d90d7a3c3d2f06eb9b6033465d493322d
SHA51254447bdddf475594a4e8f5ccda131190e3e858a02e0147aee7c7b04ae54812b18aefdbdf5e59fc3005686b06fe938b904b2099672063738898f4995fd4bab1bc
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
4KB
-
Filesize
1020KB
-
Filesize
1020KB