Overview

overview

10

Static

static

3

2025-03-07...it.exe

windows7-x64

10

2025-03-07...it.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07/03/2025, 03:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-03-07_429e0065875465913b84e3f2ce5e87a4_icedid_ramnit.exe

  • Size

    384KB

  • MD5

    429e0065875465913b84e3f2ce5e87a4

  • SHA1

    85a9b74a654d1dd0e7eb2eb690d17f36d8213bf2

  • SHA256

    30841c3bddb578e1bef746343116fdbe85dfecd6064055cc927dc01374057ce5

  • SHA512

    5d4d7edf4cb353e3d70a45a5f18891f91af6f97de025ccd744804f970eaaf39190c5901626d0887f64e126817f2a57928c703fb6ee8923bab87d88e90cd0495c

  • SSDEEP

    6144:sU3MtP2xXEeeWFEuC3h93Fx8u2qEuIE2T9YifJqCtc9HeGbfUTpYDDmu/+3fb3:sQxaUCh93FxmuIE2tFG+pG/Y3

Score
10/10
emotetramnitepoch2bankerdiscoveryspywarestealertrojanupxworm

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

64.88.202.250:80

212.51.142.238:8080

200.55.243.138:8080

104.236.246.93:8080

61.19.246.238:443

79.45.112.220:80

95.213.236.64:8080

169.239.182.217:8080

103.86.49.11:8080

87.106.139.101:8080

74.208.45.104:8080

113.160.130.116:8443

209.141.54.221:8080

203.153.216.189:7080

73.11.153.178:8080

186.208.123.210:443

37.187.72.193:8080

201.173.217.124:443

121.124.124.40:7080

24.1.189.87:8080
rsa_pubkey.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Emotet family
    emotet
  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-03-07_429e0065875465913b84e3f2ce5e87a4_icedid_ramnit.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-03-07_429e0065875465913b84e3f2ce5e87a4_icedid_ramnit.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1980
    • C:\Users\Admin\AppData\Local\Temp\2025-03-07_429e0065875465913b84e3f2ce5e87a4_icedid_ramnitmgr.exe
      C:\Users\Admin\AppData\Local\Temp\2025-03-07_429e0065875465913b84e3f2ce5e87a4_icedid_ramnitmgr.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1936
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:532
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:532 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2676
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2132
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    71KB

    MD5

    83142242e97b8953c386f988aa694e4a

    SHA1

    833ed12fc15b356136dcdd27c61a50f59c5c7d50

    SHA256

    d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

    SHA512

    bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    588d42469fa05650ba0d2915dcb2d9f7

    SHA1

    2ab3e7e68804c81a69f354c0cca81de8bb09873f

    SHA256

    0fb390f36262174a01886da8978f8c6027a42e7ab13830aa1b07648eaeb995c5

    SHA512

    ab1bd9eabe116605f9fb1f21eb467361aea7bf17e1c96a7477fd1f890183e117a0b296ca8c16b21368c8855ce6d15d6e63b1c53ffcc814cf4a675498c6874f3e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b6aa427981567697aa4750bef1cc2ea4

    SHA1

    110452fc150420c601122f815e3db78de5bbf6ae

    SHA256

    f5f6541efb4c4d749ea60a9ad18e09f9587b17d66307afaa5840de89ff7ea9a7

    SHA512

    e4f13c0b6dcf114e2cb438b605c8e75bb85b6e17372bb2accbc3d3d0c43e6be23a6f726a56846f76fae920745debd1bdfd171b1e43fec4b8a2f1864394a4f32f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    84f2c5a301a6efc779058eb0e6139c5f

    SHA1

    065eb516b4b9962e49d9553c83cce776ced7d8fc

    SHA256

    5b0582099fd7d9075934f1f5e750e7367cc162c9ad64012e5c228feefabf19e4

    SHA512

    55c02c1e60baec451241743497128d5126f2c908a9afee5273016e53efaebda185e8775785343805e37bac9cb18fe3ec1feb0c7d0698b671e414b4786185dc7b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    92771ba54eb9dce953af2236587499f4

    SHA1

    25aa90cf063af3c9c560490e377aabf6d3e8aeda

    SHA256

    10be954329c60466bad31a4e555cf2a678fc4632d7c7c303b65fa3f84a4e82b8

    SHA512

    462764b02c39b6f20d150c48e08c164350d2194665a30b6735f1871d05fbca96a787966a95c401904f95caf59f5ee5fdde0d492864b7e0e8ce1bfeecc7105027

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3660436d01d7747143fd5b02b836bb20

    SHA1

    459cb69f59520adadb69af69a255b91138eab096

    SHA256

    094a8e4ed3d110280229efc0f7e286e2b13dfbac28851f2cac07884242064492

    SHA512

    47576c1eb7f26465e1b3516196ce47b2444610317e7b2a142ef73e3f8c4924364431268bb77d6ebef724d1a846d731fcaf20863aeb6f65d9e6b04f3e89d0cd82

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f33a763a1c212915700b280f1d25a032

    SHA1

    0f55a38fccd316eb243587df5ad4bdafb2504c3b

    SHA256

    ab5e55c153903269497e48f7e362e953fa3bbdd14d9761d664186084fae75c57

    SHA512

    0be1cb8cbb5e8531add83c10ed0b1e95fa4ff5b0ea59bf8b0678102d9726d1572ecca6897bf0e4c54569dee34b0e823695a44a3aa3096640bd85e2b1a2667f0e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    18fa045384be90487643fe81efd0a812

    SHA1

    88c646e98263ffeb36e4b4760dec980116f53ad4

    SHA256

    456c72d5e94527eb2e791f371316bbf64c655bf5d210652666e33737365f8577

    SHA512

    bbe4f91258cecc19c81986681c9b5cd3d8ae2478c7e8dbee22fd17d5b7f6218c371924a044c35b0e958c29fba1ed4a89afb6059ec8ffd50a071e650c4b24ab0f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7d9a64734b549b8f194f133f5ed566b1

    SHA1

    cdd8d89c4d91a64c913bea63d6347d040a975aa9

    SHA256

    61788bf2351cdddb4ec44ff3c8097143b95ec757e13fe1a11034ba64dda415ff

    SHA512

    dec98afe86634b8575b02d7d74b716bbebb080c1be2d9f19c52d76b1d53a5943bb5c7ae4c2253d81b51de4178f23d8488d5f2bb01023f0090ce8f279619ffef8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    047c9919089bccf721f024a6d22e9f3c

    SHA1

    5403b5c4f54600dd433a9aeb0f569bf647911e0f

    SHA256

    47d6322438f2e9ed90fad4b4e1bd90b8e4f30f6d73fc525fcfa6eab957d55031

    SHA512

    d63f776c33a9b843817dda849d6ccbebb25b0ffae561dda5556ec9e8b22a198cadc28c7f2a7e7673647db8f385ec74eaf6fde961dd58de37fa8250e36513b508

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    18ce6401f00cc7e358d4e9374b63c647

    SHA1

    3c08135dad4a7428cb089b522091c621f6386ea3

    SHA256

    bb508b2eef0f8e1520604226082fa6d50aa5e7252ec266ae0de01cacf7aaae4a

    SHA512

    bc793640ca34d930668432ee5ca46a2a9842b65887878831ce2b9a16681d24882103824eebe3e33598cad6746385891eb5f24e7972241edc779a1c1ae652ba0d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    612debbb099142dcbc5b52e561314054

    SHA1

    ee29f168a3cd6444be64b7caf7d9afe3b72c089e

    SHA256

    49fbbe5c2a4cb0f518c5bcb8c9e9bd6e00eef8777d6a7e3c2aa839be58fcdb26

    SHA512

    71f3a7f2ab99fac668df2e6a9bcd5bc55092b197f804036a0e5bda1e8e61b36856290876eeaf3c2b5cbc941354d28ea29399f65b89fa208d8d287e6131398b2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f88342a280d89b99766f73d727eacaed

    SHA1

    c9f30830df318231f99d8eb4566c87099545624d

    SHA256

    64d1d1ef0763f0c911f9c767ffaa5dda739473486c602e6e1a41b3e2dccea6ee

    SHA512

    0bdf0c7035adf0fa1ae3348a1f837882a650d66e39af935566e9368d7b6953674bf06bc82df4c043b5c4fa9e20b9acbeb5412deed3a313c99ec97c877780edd2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4f0eecf3b330fd341121b020208957ca

    SHA1

    683ec5730ffd87881a969e5f1aab76b7c35f60bc

    SHA256

    1a1ae17bf8ca622c91a1512cc766d3e399bc0977c93f7740db54984dfdf94709

    SHA512

    f05d1318593b5118630067f638a015348972e4e6ab29a8ef50c64be2970040fcfaa7e678b20e956c2f7fb09c71dfc340c15c2c16145e7606265123e14d06a3d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5a6b527265a56f76414a165ed0d26e47

    SHA1

    31e0ad99a5c72a91923f4118fb5dca678d27ecf1

    SHA256

    329eaefa5b07f63a21590c779c6053bf359c32caac09dfcbdf7b3cc624692dc8

    SHA512

    70c7d960b0162bb1f40076246ff9e61820822aeb1810052be909e2852a0813dfb81caaf739428b07df904862f016900cc70ad95fd85d38e6aee935f98f7345ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0bdd3d99efc183afc7a19f0b82679c91

    SHA1

    f3683dbb146cc1f1d5f488c4cc7880eea4fe3b97

    SHA256

    27971be90ec377a5a966a19d4326988a34f2e4b5d1b8fadac160703bc37a7e6e

    SHA512

    d3004dd1cd0f7d53c2501c5a77ad3d0a66e1c6336efcbdda16b67fa6a7d296f50d28350ea182c7027764f190b9d98f8ff1021531df89482afafd98b78b43c013

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    03a4a1a4a154327ef11dcc370d59d1eb

    SHA1

    7c7801ff71f3996422b73b6df4b4890777ed9e25

    SHA256

    87d2db53e5745777de85f8ec16ffeb6a16bfc857b15007bc3e4a5f661bcfabdb

    SHA512

    2c403817065e176e3993529c67be1776f41c7f8cbfefa273cdf2a0ed16ab6f44c4250304d52f9eb8e3fdcbc44bfa8a7073816d1c8f8ee488f56ed5430f9467f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d98970271871a335c223e8ba65c3bb85

    SHA1

    e06d7416890cbde8b07165002e917cb170a9ed9e

    SHA256

    ce081373b88dfcf5a57519e169b42b3bab0a95d9c85c4d0b25a26d55f9f52411

    SHA512

    0a6d7b890e2ef4585c9c2b9862d6a10b13172839f8a6459c0d74c0fe88d059708935c9db4602c413074325fb6e93e1ffaf50aa0284989a6e91d4302b6d3ff0b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a988813438ca62473cf3fbf6a8aea447

    SHA1

    54f619a3cba958afb4ad2757ee7330cf0390fa4b

    SHA256

    6d782b4571cfb0b252d418dfe52738bac1395e24c00e927e8f9129d71cc71600

    SHA512

    5f8a0df6876165d8ab1673a533c553d32f99d1a7376a442f94820fd35e29955f39375c6882d57a9a5e7b7a733ade475012570ff8fea02e06439e4221f7ebc319

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2b916e38fe485fbb16325e96cbd73300

    SHA1

    d6af3631ef4f2095cecd3c35aec2c19d4a00db1b

    SHA256

    a3bfb1768439f626a16e93edb4c8d132ed7812792d2d7994510c2d8a60cdb964

    SHA512

    49885e9211b10cf679ecc35f42af63a5307e6c6e058f211485fb0b033694df69a573382f0fdc3c979597d33414c5a96c1abbad44825b2d5c3a77b043bea6f92c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1107c39ba9d68b8b76db33d8dd08be3e

    SHA1

    ef3691331e5225a4c0c48f1c0b63a610c6a281fa

    SHA256

    28a8db51a160aa24acfbf61694d28b69710f4d8891b2d18cdade2c463d7fa6eb

    SHA512

    9d27f9429f70f54327cd28db95eb2cfd1473fa73c885c41dd523b5a7d8f9bcb54b28433b8f48b06d2bda1ab9f32d4bb52c58b4a8470b2d247b8c0cab9bb966ec

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5C4C3DD1-FB07-11EF-B788-5A85C185DB3E}.dat
    Filesize

    5KB

    MD5

    ae7e2229227d960e6c6de9f9ff5ecbbe

    SHA1

    a04fb6e8196d28948cf43d428477fb915e30fcc3

    SHA256

    2bcea9e7bc1b86511d0cd08feddec304e7e255da52a0591c3084ca67c5b0ed2d

    SHA512

    a98a3250bae6da864ec88ce92fe2a25215c0e6995893e448d5004cc508541b45e7bd10eae90c9d37c7db4f2066b3facf8d948cdb58ea98e3cc4c37fdac323fec

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab13.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC6.tmp
    Filesize

    183KB

    MD5

    109cab5505f5e065b63d01361467a83b

    SHA1

    4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

    SHA256

    ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

    SHA512

    753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2025-03-07_429e0065875465913b84e3f2ce5e87a4_icedid_ramnitmgr.exe
    Filesize

    105KB

    MD5

    d5ca6e1f080abc64bbb11e098acbeabb

    SHA1

    1849634bf5a65e1baddddd4452c99dfa003e2647

    SHA256

    30193b5ccf8a1834eac3502ef165350ab74b107451145f3d2937fdf24b9eceae

    SHA512

    aa57ce51de38af6212d7339c4baac543a54b0f527621b0ef9e78eca5e5699e8508a154f54f8ac04135527d8417275eeee72a502a362547575699330cc756b161

    Download Submit

  • memory/1936-15-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1936-16-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/1936-14-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/1936-13-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1936-12-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/1936-11-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/1936-27-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/1980-9-0x0000000000360000-0x00000000003BD000-memory.dmp

    Filesize

    372KB

    Download

  • memory/1980-8-0x0000000000360000-0x00000000003BD000-memory.dmp

    Filesize

    372KB

    Download

  • memory/1980-0-0x0000000000400000-0x0000000000464000-memory.dmp

    Filesize

    400KB

    Download

  • memory/1980-17-0x0000000000260000-0x000000000026E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1980-24-0x0000000000400000-0x0000000000464000-memory.dmp

    Filesize

    400KB

    Download

  • memory/1980-21-0x0000000000270000-0x000000000027C000-memory.dmp

    Filesize

    48KB

    Download