Overview

overview

10

Static

static

noname.dll

windows7_x64

10

noname.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    957s
  • max time network
    961s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    07-07-2022 11:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    noname.dll

  • Size

    38KB

  • MD5

    651defc532f0e72be60621696aa97972

  • SHA1

    43176a96322202fc8fd8901c213fde820d005871

  • SHA256

    6057d87753daee3c71eb8c0d3cb8582ea88d6e56f02864019db9fd7af3fb4a9f

  • SHA512

    ce847863f83c21489cddb6faebfc6753903ad55235c82768664fbfd01acfeb2745f6a2dda5b6e9ca2e3292c4b020c13d9b1df148211bd6557267ac23e174bc1b

Score
10/10
ramnitbankerspywarestealertrojanworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Drops file in System32 directory 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\noname.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3784
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\noname.dll,#1
      2⤵
      • Drops file in System32 directory
      PID:1276
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 608
        3⤵
        • Program crash
        PID:3260
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1276 -ip 1276
    1⤵
      PID:2448

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1276-130-0x0000000000000000-mapping.dmp
      Download
    • memory/1276-131-0x0000000010000000-0x000000001000D000-memory.dmp
      Filesize

      52KB

      Download