Overview

overview

10

Static

static

3

2025-02-27...it.exe

windows7-x64

10

2025-02-27...it.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    27/02/2025, 06:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-02-27_2b2081c4c5694704e014a68a9669f378_magniber_ramnit.exe

  • Size

    712KB

  • MD5

    2b2081c4c5694704e014a68a9669f378

  • SHA1

    0f6afda2222199f9109bc7cc0848b56c6e062f9a

  • SHA256

    21e63aa7fb713f095b210f0c2a77a0a715339a92d36b88b7d6a3f787a9f30a13

  • SHA512

    6a4fc0af14bf852893a32c1bc99480049e3966264501d7bfb0f0e5d9ad3187cfccd4be2454f4bd8bedf1b240027c1ce141a61dd49cea1ef1570446fe32a78175

  • SSDEEP

    12288:feEF5m0kU5o5V6V817yQdgdpOof6yA/Vq/G6xQMbGIRWNpGk7jEvf5m+ZgxG6gpX:jn7xWTkpOjrUXypuOgY0

Score
10/10
emotetramnitepoch2bankerdiscoveryspywarestealertrojanupxworm

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

68.44.137.144:443

82.223.70.24:8080

101.187.104.105:80

178.20.74.212:80

98.15.140.226:80

209.97.168.52:8080

74.208.45.104:8080

169.239.182.217:8080

176.111.60.55:8080

87.106.136.232:8080

46.105.131.69:443

93.51.50.171:8080

62.75.187.192:8080

185.94.252.104:443

190.160.53.126:80

50.116.86.205:8080

80.102.134.174:8080

110.145.77.103:80

113.160.130.116:8443

60.130.173.117:80
rsa_pubkey.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Emotet family
    emotet
  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-02-27_2b2081c4c5694704e014a68a9669f378_magniber_ramnit.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-02-27_2b2081c4c5694704e014a68a9669f378_magniber_ramnit.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Users\Admin\AppData\Local\Temp\2025-02-27_2b2081c4c5694704e014a68a9669f378_magniber_ramnitmgr.exe
      C:\Users\Admin\AppData\Local\Temp\2025-02-27_2b2081c4c5694704e014a68a9669f378_magniber_ramnitmgr.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2400
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2056
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2892
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2344
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2344 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    669ad6435c330aa34bbd22abe1881f80

    SHA1

    e09ab2429f9dee06198006c0c72549a84a16e566

    SHA256

    0b863f867472ea2c0582afa64ecdbaa1b0bd361169874c0d568d42159016262c

    SHA512

    5fce5932cd4981adee22d9045b434c4ef253c4ae0c15cee2051cc0603110271244bca47f3e81a551ca8db5dd451b401377a6842115d0d842b4a649674ff5189b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9d905205d9eca40c4c278ffaa969b404

    SHA1

    8ca0b3638c4da613e2d8a1d13ba19381e4d68d57

    SHA256

    33399b73e8c431b756bd87f538d403c03144fcd3329fb3defc0f4e3fa3971499

    SHA512

    1851df3e61f37fe47c86f6ef923c307b5078b83ddb3d7eae5af547cb45792c4ce5cf7e55608ab7f158c8c49568476456dcef8682eb9d609aafac3ccb8aea1ad1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6eeff9eefdf1a2e44948686da4042365

    SHA1

    2c0f6cf6336c811b3779d4c99693968ac5d5acec

    SHA256

    4034777cc2b8f94a7b668ab2944ae0310c56f35ac947034f59856d5ca23b24c0

    SHA512

    bfe49ea5b4719b39fcbc97f8ded36fc0e3bf7bcdc0ab1eedc059879dac473d5fb0a92f017b5ff81ad9d03aca0b764a18ab70b27fa794096b5de93eafd4cd163a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    59cb7ed7b99d1f03627e4a4a8c90ce65

    SHA1

    0ed37f43b1bea25a00cb0e0d599ac3965594560e

    SHA256

    cd991ff63887edfe08c90c4fa6b888510a7c669661c8bf324c3992881fdc98c8

    SHA512

    1f3a755618ef09f4b58c218d7f0266b8178fe981624c6e130ffad8dc3c6c4082a9dba30ec352b5be26c4fa4a7c1e4713ae39fa917f2ff45450e28f19d60317a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    563dcb448ee1d9dcf8c78a65b1b891d0

    SHA1

    de17e2480402bc0b090affef46489ea72b475ff1

    SHA256

    6bf9da5ab76995b22424617800ee9324bd349b406872764abf96e7097817bd91

    SHA512

    11085c71aa6043eee33e408d2b35b7f890fcdf9e899c7a733974bdd1d06cc84b8b91e3e57476d568488e23a6c3ed76280268fc496c934d63d3db45942f47799b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2d59a95c23e96d56b873945005e2730c

    SHA1

    584634bbd212fbbdaba6e662700b357467908426

    SHA256

    eb40252c05abde65032441972be85e6237ffa4d3a5a23c316f129fa24c611f61

    SHA512

    290c9d906c1cb0ea0a10fe63ad6a32215d61c43ede226bcb7b7b57c07665edcfcb9d37ee9f9a25ad249033d2459ef1e81bdf8f4ddd4653d1affa8b6af710e377

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c928a1a98031ecb33d9d4cbfbce0ec03

    SHA1

    436a8ddaaf8c82a2220e65f52b9f740fe8b96cba

    SHA256

    27bc25f786dc262facfa08422ceaa2584c3a0a6c33f48cf1020d14bc837b764a

    SHA512

    372ae95a16e52da045363fd8758e781e7fc4c170bca066fd85e8e33fc587b0e2f632e9d5e76699daa88001c4e57163be97088c2d9fb598194d766a3a48e317d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a7acae4e112e8d98346f629f033bb69f

    SHA1

    31c1b4265808e4bc9f658c1d1350ae2dc3ae81e3

    SHA256

    80a8fe69b168094f8a664f93a7f80cfd6c848cace898caf8fb19771f0dc80f31

    SHA512

    e80ef8bfd5a2dfc9de0334bbd8336874e47e0f091e9c7dfc06d1affc34718f2dce37dfaab73c75bbdcd84f96fb07bc4640a2cbf984e42a48eb119f53db00f8c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b78b2c90d4436edd43d8530342a1a9d7

    SHA1

    770f1d681702262677921a615d0f3180b6e32fe9

    SHA256

    7d5bc8d618cab8ddfaf11bd4324a53b11bb923885f642cb67d1dafe2bdabafcf

    SHA512

    99dfcd4231ec2081100064d19ea5240671129addc6b8f06675b4cd23bcfad200155d60f261c4d0cbb9bea53679017cc867ea225011acf3fe19aeffa96ae13d36

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    528ddf286d16457b12f78be23636e0b0

    SHA1

    849f5d81b8300266ce652863055e4e67276bf4e8

    SHA256

    8dcbae35f6b7e311e9b719357677e9f7434451d1e2cdca0cd05e5c6f1c71ca44

    SHA512

    0deba12f6e3115ad283c0a341ee377483c3346424fd28212b1b22821174986a27d51ed4e01bfdc501e63ce7d6b93811b053c0c320bc61a14b9b249dc5061cf7c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5633e6fa526c374c6d45766820cde5b1

    SHA1

    7661116e539b1ecb896d28e03bb3786aca9ba6f2

    SHA256

    c76a272ce0b8a5f52fd7b944c1649600247811e30e50a9635a002d8276c9a28c

    SHA512

    202eca73314390015c70fcc94511ec6a31a8a94790b81ed0c3cf797a3a8b61be4832feda8021c1716135fca4e94303fcb4616135dd0f07f40ade302f98314032

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    39b80e68772956267a07122e8f13463a

    SHA1

    ec3c6b6b769f46c00292c671d7f0bb7bbf77e57c

    SHA256

    b7c7b081a5f9436ede6c560af754ebab614d069fbd20938eb1ac5e2e9119fd28

    SHA512

    09dd4dc0b2a91b5fafc96eba71b3ea496c37e0c8c8cbffbfa366b897577e5cb4ce2da71fc88b72ce33ce8181cb37eb87bccacb2a1cdac4045a51b763bdf9f4fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1463fd51659eff727db1ba107f98f41b

    SHA1

    2e8478b042e3a5ae54f2414d0eca949c1782ee29

    SHA256

    de298267902470368022aa884582596626337d0f3cac263550fe0d7a3137671e

    SHA512

    f35337bd7abb3b61b6c67786b6aea5464ab06b432e11f44ac35560a5df586a1896a5852d7902d27aef4db92e535c0fe0e95ce5ab4f88c4fac9c1beaaec1641dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8517da94c7b68d85fbc7177167d4e491

    SHA1

    ef5ceec893948f0e5c446fece83426787cb61f9e

    SHA256

    c2d41e6da4a16f48997478961f97e582139609f099913b7fa7b03be4307f03fb

    SHA512

    7c1b74a6311e80c99d13d5a64b233d7428ee86c94e59569652784360b21437f989b10dcf6ad51231a4f4acd2693d049752acddd11f895d28aa1eeb5b6bf8cb8c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b5d5f5a6fe74cedcc650ac31c833ae47

    SHA1

    b8bfa5e689eafff2895fe6fe063ac61bbbf415ca

    SHA256

    abf4921a0ed0e97b1c04ad589f34fa1206430efa1f0ea592db00833e9ea76ee3

    SHA512

    e3f2b18787c5b104b9a8b1096fcdaee07148030075f94b22019c2e078bda68a17c6c980cf35179a8f9e4adead99f36b76377db4ff4de17ad35e9a1bb56af302b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    05f41470e911a6b843c105a4271ce718

    SHA1

    daa6d7e3ca24ee7010967f43f82da78177d63262

    SHA256

    a9bd54d6e4ac4ebceace49b1fd443005e5529b65ef3ee49745ee16e897bb8546

    SHA512

    71be4ddddd8d243e37b188974f2bafdb64d875ce66a25823a0c23c360a97f60b0508a2e27685697eb8944dc1b939aab8a61d4018fb64ec7449bc3e2fce36aff0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    45d6f801ed6c502aa1ab1c57a7c51c09

    SHA1

    4e72a7a4a76b2a3292011a1111a5d162063b4ea5

    SHA256

    33bfb87c885c2917b028dba581178aeb8eccc7826b746f4dd876bedfa235b8fd

    SHA512

    1eab652ae008dfc376af12fc64953bb6f815e8eed9c074b5376663187c87c15f7fe1df726d3a51de60dfbd71610758c762cb63dd79d97aa34e234f40fda7e582

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    67c8e29d2f4a22f997dfeb5de8e05ca4

    SHA1

    33108f4a9f14a53b4e62f3b0bab4a1016971d757

    SHA256

    15e758b529919b67bcf24ed1bdd221280cd30b14b461236e60b6d24facd3f0e9

    SHA512

    cd64be73b12e54c3f01b2e3c13ae576cbf624acacb4e3dd636f7d3144e83680784f300db97c04693ba3dad1b82a531f1a7eb4f12d611bc736356887037b6f8cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    affce8448f0d2afca4a987e70e421590

    SHA1

    fe33a2eeccf652a40933daf79ad6ec6d06201809

    SHA256

    7acac961d60eb10b84a8aa6b53613a674c6c2b5ab25a97e7b0493e10fa684cc1

    SHA512

    fd78d3ed8aa548832504e58ca085b24b20a77f7bc02dc3bc1d09a892f863c8e85e454bf0fdeebd85239601f7a0829833e1623b346e7dca743b62a763fc82e880

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B6878C51-F4D6-11EF-B387-F234DE72CD42}.dat
    Filesize

    5KB

    MD5

    4eb47b3087161bf8d5fc4cb5c66a4285

    SHA1

    52330815bd773325eb099c29cc912eb6306afde0

    SHA256

    18d7b9ad2993aa2cea7374283a6166d65593931671e7adfd4d15ddfde6517a1b

    SHA512

    4d24745373c2602e8709cd77e3b4da22d4744d8b30eff0a7567183c8e25b2375130c8ad3cf74d8edf14cefa3515867301ad3ba65fcfbdfcb753bce30b9f6ddf6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B68EB071-F4D6-11EF-B387-F234DE72CD42}.dat
    Filesize

    3KB

    MD5

    509d44938f74d2bc19e833f3d71b6ec4

    SHA1

    9a2b0d3282776e336ee7da9779501ed5f9e588c5

    SHA256

    2eba233ad2210484d22ac15cb55631f93ff29c49c5c7933ac68b70216685fa57

    SHA512

    8bfcc4ac72e7a92280453d933dd1ab964f99dc32f0bf81388333b019ae55837080f2f817ae2dcd8c6032afa7f417202c8b0b197bc59638fbede2e5b1c57e91a1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\2025-02-27_2b2081c4c5694704e014a68a9669f378_magniber_ramnitmgr.exe
    Filesize

    105KB

    MD5

    d5ca6e1f080abc64bbb11e098acbeabb

    SHA1

    1849634bf5a65e1baddddd4452c99dfa003e2647

    SHA256

    30193b5ccf8a1834eac3502ef165350ab74b107451145f3d2937fdf24b9eceae

    SHA512

    aa57ce51de38af6212d7339c4baac543a54b0f527621b0ef9e78eca5e5699e8508a154f54f8ac04135527d8417275eeee72a502a362547575699330cc756b161

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCF26.tmp
    Filesize

    71KB

    MD5

    83142242e97b8953c386f988aa694e4a

    SHA1

    833ed12fc15b356136dcdd27c61a50f59c5c7d50

    SHA256

    d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

    SHA512

    bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCF58.tmp
    Filesize

    183KB

    MD5

    109cab5505f5e065b63d01361467a83b

    SHA1

    4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

    SHA256

    ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

    SHA512

    753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

    Download Submit

  • memory/2116-26-0x0000000001CA0000-0x0000000001CAC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2116-21-0x0000000001CA0000-0x0000000001CAC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2116-25-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2116-1-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2116-12-0x0000000001BE0000-0x0000000001C3D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2116-9-0x0000000001BE0000-0x0000000001C3D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2400-10-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2400-11-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2400-13-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2400-14-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2400-15-0x0000000077B5F000-0x0000000077B60000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2400-27-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download