Overview

overview

10

Static

static

3

2025-02-27...it.exe

windows7-x64

10

2025-02-27...it.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/02/2025, 07:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-02-27_c768900ce0bf034af81e07d82f97238b_magniber_ramnit.exe

  • Size

    712KB

  • MD5

    c768900ce0bf034af81e07d82f97238b

  • SHA1

    ca61b99c0f0b752d3e18eb7ca12cecf4bb4937b6

  • SHA256

    fb6328ae04d89c4137425fd0643b89e36ff7f2bcac66490cdcd3a232f884dad6

  • SHA512

    686b24d44c8f93e07260f0afdc0f3b70fda4d3d9b827fed130cf75eb3db9f6573a00f873d7c0a06344fa5e008493a4af22c8b089a6031ef2211798d25ff42c8a

  • SSDEEP

    12288:QeEF5m0kU5o5V6V817yQdgdpOof6yA/Vq/G6xQMbGIRWNpGk7jEvf5m+ZgxG6gpa:an7xWTkpOjrUXypuBgYK

Score
10/10
emotetramnitepoch2bankerdiscoveryspywarestealertrojanupxworm

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

68.44.137.144:443

82.223.70.24:8080

101.187.104.105:80

178.20.74.212:80

98.15.140.226:80

209.97.168.52:8080

74.208.45.104:8080

169.239.182.217:8080

176.111.60.55:8080

87.106.136.232:8080

46.105.131.69:443

93.51.50.171:8080

62.75.187.192:8080

185.94.252.104:443

190.160.53.126:80

50.116.86.205:8080

80.102.134.174:8080

110.145.77.103:80

113.160.130.116:8443

60.130.173.117:80
rsa_pubkey.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Emotet family
    emotet
  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-02-27_c768900ce0bf034af81e07d82f97238b_magniber_ramnit.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-02-27_c768900ce0bf034af81e07d82f97238b_magniber_ramnit.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2076
    • C:\Users\Admin\AppData\Local\Temp\2025-02-27_c768900ce0bf034af81e07d82f97238b_magniber_ramnitmgr.exe
      C:\Users\Admin\AppData\Local\Temp\2025-02-27_c768900ce0bf034af81e07d82f97238b_magniber_ramnitmgr.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2696
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2708
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2708 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2116
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2680
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2680 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2564

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    71KB

    MD5

    83142242e97b8953c386f988aa694e4a

    SHA1

    833ed12fc15b356136dcdd27c61a50f59c5c7d50

    SHA256

    d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

    SHA512

    bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    216ee7453e8d6fcab0586a2299ab7ef0

    SHA1

    953ca62b6e74f3d52af3dd67c52794e2c39b942a

    SHA256

    321fd0cb3439e3d4770b083b3aadb0d247917a93259b51731de354dc2af8ce81

    SHA512

    293e2b3d50bd4419e0f42d2bb88768c7b90fabdf7570e70394957373acae2ce0c6e01a048c2bb3242d034fbee4aa32c0a4595426d777e15baa353bffd8fa81da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    47537fff13e747fe2bf926d71a6693f7

    SHA1

    2939e458ebe33f9d0256fe63dcc75977ea269ec3

    SHA256

    9a80c3739094efb10ccdcf6555af35f998e3fdcc5f90539877de747c38644eed

    SHA512

    143391f2f69c77557d66901815d2c7e2b081a66ceb435a98d796fb54fe1902edfccf7cd9eb0f3351ed70da8b3715ec9a8d71d77e3fa6e8eddd7a212616d3e3bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    75d4fadc9656aa3c593c7e542e5ebb19

    SHA1

    e81aee8b25d255300598e387cae2df3119abc1f3

    SHA256

    0ceea1e96f53a85ac41f674f9eeb1cdfe7cfb3521b7e7513e2c8ade4ba1974a7

    SHA512

    49dd75a3e65f083f7d1f84c360eaec033fbbb6419cbe89d195f99c5a43fd9625341b66d1da2ce57e4021a712153787d0fffc2dce7e5b5ce9510ee7cc364ac520

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fb79b0c610d000df8f8efb57ecf2f6c9

    SHA1

    0da4591c4cd4564f0ec3ceb050ff77cb16fcad20

    SHA256

    9603953a97c53415370e525c29e2e90670cc1cf68bc5458f69f43a770f8d9427

    SHA512

    4246f9f6f6e9059a5a656c5157ddcfbe331c75af6a800920c15469c34e0dab7b44434dd083288c5afa4ef61601046f686a85c96592ef8527de8147569aacafea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8014c6116518c46aff7685b1e1f78fef

    SHA1

    dc0bb5c398972582d7f6abc87cfee8cc0c58435e

    SHA256

    f8c35f0f9cc2eabaa609470318fa805fc08dfe9f2305b6277311728f69f9574b

    SHA512

    7d0579126e447ad43ac0ff49e79ae4bfdc820e490c03006c92c08ff7b644bda4064e9a5deabbdac086644c5e3e9586081a423bcfa7ce275ed301d3ccbed9d3fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f186fa00e59d1d65207715d2b34d867a

    SHA1

    f21407a3886655fd217bc214286e879c44b1b16b

    SHA256

    cc5a73655e17a8a35cea18a55757050909b92f98a9328f66f65e6f53149d5b42

    SHA512

    7bb826b2cdac9bf8748e484d587b29d5eb737d83dbcc8ed2dd25af12cedcc7a201767ddfff406be765fbecb7902e52141f71682d88778bee9f81492ca9300c25

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d9dbd75afaf60d7ecd840425771e7469

    SHA1

    5abe3e47fd6ea883ad658e465324c791956bf1e7

    SHA256

    d514284d82edfcbb0696edabb25983f9c707d29a4767f2cf51fd60cb479e210d

    SHA512

    a22d4c606db9c2861c5630968890cd33710e08946570f9f2ae397ff5bd981386239bdb14897a4dcb0a81a93d580031512179450283cb2bf3f5327025b959b913

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2ec01314cedcbe52cb279cb4d6293d63

    SHA1

    94e9a4c545ad70fc5be75e9fe071ef20e23a70c4

    SHA256

    3f1db6b54d82756b4dd4902fe385a83ffdccb491b99e833748ee115cce0cf0d8

    SHA512

    ea344e173a3038edbb7b2d4bd9fb97720ce1b8f0e70a1936a47b881e3adaeb22c284ee00645e06c469083c12162ae23df966dd1ca8933e78cd8a7538705f4fd9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5f2e7409c6730c5950bb317ad9a2442c

    SHA1

    f210010a6c9d8b2415f25efa7f9125338dcb6060

    SHA256

    c8cb183c74b4802540ca5ed177f0f2d9e9710c4abad16e1f5cd8c15e346e6006

    SHA512

    73abc73b159996d6614ce948ad2702fda61dd6cbe345c4cebb819ebb34faeddf093f7495088d566e5262476877fcad6a012f5a5ce739722f4fb11c778d6d6104

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e1e5656f016e907bf631e16c9bd1ebeb

    SHA1

    67a7b83004bd6c4633abe7d8b9b42be0348ff9cf

    SHA256

    d4dab92c32fd9ccacdefe74d250457bf87a7205eb0a040d0ea24ae9d06ebefb8

    SHA512

    0d8cae84467c235a22231ae4c16e9a903772052e1b37286591a17867f156284c942a0a0f54381443f7e3d3dac9f41995366b6aaa74c9605bab02d79aceaa2044

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ef123f0e564ab5e2cf1840edadb015d3

    SHA1

    70dd5ad23f2497a748466408a1de15a861178812

    SHA256

    001dfb98f43fe1a16766609308a7523e2f75aee53c410d4d797e92b1e902b094

    SHA512

    73835f3354d0193eb5e1ef58e3667d4a9a6f1a2e409fd4859a4d7f7885667be8dcfd97f9b690112046329b9eef5021aa04f872b240c9c2bda0cddce4a4798f0c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    82a7c3e39cac4c0723e800a07cb5f959

    SHA1

    bc0385d1b035bf63d01bc670818afbf17352c4eb

    SHA256

    549b6373b48d853e0631e3eabd229191afc32dffd385d6ee36cc600e00358040

    SHA512

    ee5490d363f43b7b822b2fe22359b7ad4d831d98d2683bc0d3dafafbc60d0928bea262f1cb175739c6059a81182d1fe2613f5eb04855f33035608b7005b55283

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    36ced3bf624c726873277433bd838089

    SHA1

    e1ecaa3185d3cf6b44a7fd173bcf2c058145e1a7

    SHA256

    7b650f075ef7950c0f41cb788b57b7cc9d9f672238d165f577b189eaf9e69582

    SHA512

    df3a1cd6b28c7f59a3639d1bd146deab6be939e18319c7068417503dea0e3b03c34ee3aca20972faa795918874b1794cfaaef344ff0b0f2257d80c483a2f597a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8418812eda1838f3a993f8b5d7f8a72d

    SHA1

    338680d1bf9b2422f139962f0004140bc6b84518

    SHA256

    7a3d58ae7ddc180f04a0400c0679cb0fa171b41c24b950b2da4fbda71bbbbb6a

    SHA512

    eaa8a3c427fc99a8286acd62c5b3b8685b4021f12d6f290221488c9b6706075c92b1a876cc8b074fe86f5a8247b82c1d3320c4906e3c3c8bffcc8bfbad6db2d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f555946a202ea0b71c3eace18638035d

    SHA1

    b368cfeceb5d2f54994f46e140eab60e9bff68da

    SHA256

    411e926903f0cd400f4b2a1154b547578132adbdeb92df6e302712648b352288

    SHA512

    5aeba77bf157e1f13530a2487142a8ad0c3d476e6cf43ce69dfd62ccb5d851eb9c4082b27f43c7f03276d986a35f1919c56e943fcb16b22bdb25f3e891106af2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    93a8d7f44b6111db7191e4f4986a6ebc

    SHA1

    8beaf8420ff59288894b312c71c44d670f2c97c1

    SHA256

    8a59afd99babc64ab99794add4884f010dac5c5f3bc1d44405577eebea5877ca

    SHA512

    045c450963d9b28d294358345f6a4eab325983ef8dc17d4f8dc21f2ed8bf2db6a4b5fcf2d9ef7529adb0fd5dfb4e1247b268060e08e3c5b12057dd07d4fea087

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    66edaaccc08438d4db95adaf494e4c50

    SHA1

    01b6f0255f0b0ef63db88b8c3669c80ab85b1920

    SHA256

    a63de0ebd5e7aab786103906c627a8ed757f2d80b2cf8f8f5365fb0487522e01

    SHA512

    e37703976e35eba095cd4e9b384e0c2cb179fc7a5a28e228b897553b061405055dd9c25daa12da67f5b61fad79b4b6cde4eddbd79e369c3b370e03de4550d84c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6f0999f93135bd7940e64523ffb5521c

    SHA1

    1fb4ddd7043fd131823eba9d816add191c2e7659

    SHA256

    fc913d734f884af51798d83321244f0b99dcc949c0d03baf70cb07fb277de0c5

    SHA512

    3cfa31b6c8bd98bc2a4b721a0545d13301e8fdb1058f5c73b934011aa625c74a3cd5b9fb2f20883c48834de6416779a67ba81bf4e3d775ac6b05502688205af0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9ac13da17d995a778aaaf82286dbe5dc

    SHA1

    af1e2456a0f1d6ded336393110be436012bf9845

    SHA256

    bbd7a41b75b86bb2a8cf0cfa2d08002df2bb956be04e4b66f2e2d7c009952654

    SHA512

    024de65adff952310a3b3d99f491f384adffa1fcab909881d060b93a9bdf95aa95102f273a827cab42af5df034ba767c8a86126b3aa4ffee6e17d206ae9bcf40

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A4A8C311-F4DA-11EF-BBA4-FA59FB4FA467}.dat
    Filesize

    5KB

    MD5

    4ac6b1b60c6605e548a174270cba91eb

    SHA1

    9dcf75f48d97de489f5db895b60ddce9630e4554

    SHA256

    92123d3dc53c5d57ffd5ea06e14e8ee197c322094a38c0aae46a56d25b96d4b4

    SHA512

    98c340fad482d634ae547d380658b92dbce3b0dd2e7020361bebd4de4b746f5346fac7207b638f7600ec0bedaf18a851f897f019fe4c9a37c0f8e1977dfdf8a1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\2025-02-27_c768900ce0bf034af81e07d82f97238b_magniber_ramnitmgr.exe
    Filesize

    105KB

    MD5

    d5ca6e1f080abc64bbb11e098acbeabb

    SHA1

    1849634bf5a65e1baddddd4452c99dfa003e2647

    SHA256

    30193b5ccf8a1834eac3502ef165350ab74b107451145f3d2937fdf24b9eceae

    SHA512

    aa57ce51de38af6212d7339c4baac543a54b0f527621b0ef9e78eca5e5699e8508a154f54f8ac04135527d8417275eeee72a502a362547575699330cc756b161

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA02.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarAB5.tmp
    Filesize

    183KB

    MD5

    109cab5505f5e065b63d01361467a83b

    SHA1

    4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

    SHA256

    ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

    SHA512

    753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

    Download Submit

  • memory/2076-7-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2076-23-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2076-19-0x0000000000280000-0x000000000028C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2076-8-0x0000000000230000-0x000000000028D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2076-9-0x0000000000230000-0x000000000028D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2076-24-0x0000000000280000-0x000000000028C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2696-11-0x0000000000320000-0x0000000000321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2696-12-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2696-13-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2696-14-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2696-25-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download