Analysis Overview
SHA256
353a2c7984e84dd27ecc61285f80d5f07bfa763886e16200a52a0b9299251afc
Threat Level: Shows suspicious behavior
The file 2025-07-04_dd9ebb381c60279f75f8b7887edae0bd_amadey_coinminer_darkgate_elex_nymaim_ramnit_rhadamanthys_smoke-loader was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-04 12:15
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-04 12:15
Reported
2025-07-04 12:18
Platform
win10v2004-20250610-en
Max time kernel
102s
Max time network
142s
Command Line
Signatures
Reads user/profile data of web browsers
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_dd9ebb381c60279f75f8b7887edae0bd_amadey_coinminer_darkgate_elex_nymaim_ramnit_rhadamanthys_smoke-loader.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2025-07-04_dd9ebb381c60279f75f8b7887edae0bd_amadey_coinminer_darkgate_elex_nymaim_ramnit_rhadamanthys_smoke-loader.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2025-07-04_dd9ebb381c60279f75f8b7887edae0bd_amadey_coinminer_darkgate_elex_nymaim_ramnit_rhadamanthys_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_dd9ebb381c60279f75f8b7887edae0bd_amadey_coinminer_darkgate_elex_nymaim_ramnit_rhadamanthys_smoke-loader.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
Files
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
| MD5 | 17f28db71b1282cf51eb260009e9878c |
| SHA1 | 627aa1335a3a5fc435286be9258651e7ff77c19d |
| SHA256 | f4a8b824370b9c99c7771c70089007b0b7d5bcbf96d33f2aa0af96458d2ec10f |
| SHA512 | b3650e7ac66435ecd6dc6bdeaa6b41fa4cdeeac458091476eb1611b867cd0339d43d4b8cc37202092ca2aa3d96719214025611695b298bbfc57388c895cd8a95 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-07-04 12:15
Reported
2025-07-04 12:18
Platform
win11-20250610-en
Max time kernel
101s
Max time network
104s
Command Line
Signatures
Reads user/profile data of web browsers
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_dd9ebb381c60279f75f8b7887edae0bd_amadey_coinminer_darkgate_elex_nymaim_ramnit_rhadamanthys_smoke-loader.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2025-07-04_dd9ebb381c60279f75f8b7887edae0bd_amadey_coinminer_darkgate_elex_nymaim_ramnit_rhadamanthys_smoke-loader.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2025-07-04_dd9ebb381c60279f75f8b7887edae0bd_amadey_coinminer_darkgate_elex_nymaim_ramnit_rhadamanthys_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_dd9ebb381c60279f75f8b7887edae0bd_amadey_coinminer_darkgate_elex_nymaim_ramnit_rhadamanthys_smoke-loader.exe"
Network
Files
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
| MD5 | 17f28db71b1282cf51eb260009e9878c |
| SHA1 | 627aa1335a3a5fc435286be9258651e7ff77c19d |
| SHA256 | f4a8b824370b9c99c7771c70089007b0b7d5bcbf96d33f2aa0af96458d2ec10f |
| SHA512 | b3650e7ac66435ecd6dc6bdeaa6b41fa4cdeeac458091476eb1611b867cd0339d43d4b8cc37202092ca2aa3d96719214025611695b298bbfc57388c895cd8a95 |