Analysis Overview
SHA256
e9920abdd6c85d8b633bab9d300c266d22a4a3b5808d9b347a3ebcc36dd866c5
Threat Level: Shows suspicious behavior
The file 2025-07-04_ec1442bdce32615359d3ea3f40e68f08_amadey_black-basta_elex_hijackloader_nymaim_ramnit_rhadamanthys_smoke-loader_stop was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-04 12:18
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-04 12:18
Reported
2025-07-04 12:20
Platform
win10v2004-20250619-en
Max time kernel
104s
Max time network
139s
Command Line
Signatures
Reads user/profile data of web browsers
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_ec1442bdce32615359d3ea3f40e68f08_amadey_black-basta_elex_hijackloader_nymaim_ramnit_rhada.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2025-07-04_ec1442bdce32615359d3ea3f40e68f08_amadey_black-basta_elex_hijackloader_nymaim_ramnit_rhada.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ec1442bdce32615359d3ea3f40e68f08_amadey_black-basta_elex_hijackloader_nymaim_ramnit_rhada.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ec1442bdce32615359d3ea3f40e68f08_amadey_black-basta_elex_hijackloader_nymaim_ramnit_rhada.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
Files
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
| MD5 | bbe75266f42de9d095b2c2cec6cca459 |
| SHA1 | 5e363670551b66e446c5d0dd2c6f2275b5f6dc5e |
| SHA256 | 608096e9a2ee07c2afb6eaffae904ea4c5044753ab1cee9d8dc7bc98e6c38947 |
| SHA512 | d3b9fa6970732329f2528fed50ac882d13e45b668ef18b9a05a0acc94d81fbe423033e6ffd2766b66cee61df99973f9bec0e51a928ace403b5072840a4ee5ed9 |