Overview

overview

10

Static

static

46d733e1a3...04.dll

windows7-x64

10

46d733e1a3...04.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    188s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/10/2022, 23:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    46d733e1a3a2876e299decf76fd498d66d57d1b49f36dfab706eb0a3fed9ac04.dll

  • Size

    717KB

  • MD5

    a183bc04453d9947a72914a589f06170

  • SHA1

    e46461c730a8630978cff731c7cc473b9a122f00

  • SHA256

    46d733e1a3a2876e299decf76fd498d66d57d1b49f36dfab706eb0a3fed9ac04

  • SHA512

    e6791d2da44f023b25f9f2a357a7c76b0c59cb4e6e1247f3efdd2ced2d36a87a87c7c472302dd860a154e087ad57083a3feea6d5368da7415edeac8de08643c0

  • SSDEEP

    12288:gzb9rMfc+CKUQyUmjtc4euuzPrs9pGp8hunWoopooK9kwPZoP:gzb1MlCKUQyUmjtczu6Prs9pgWoopooh

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\46d733e1a3a2876e299decf76fd498d66d57d1b49f36dfab706eb0a3fed9ac04.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4928
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\46d733e1a3a2876e299decf76fd498d66d57d1b49f36dfab706eb0a3fed9ac04.dll,#1
      2⤵
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:4968
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:4868
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4356
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:756
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:756 CREDAT:17410 /prefetch:2
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:3176

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    59KB

    MD5

    3a559adda0a4483b1138c8f50fe28707

    SHA1

    7ecc8a51a9e9864eb5317cd9fbf5038f50cdb08d

    SHA256

    f3d6e8b0a74ee958c24cdc3ef529dd24be7fd58ce0d26e443bdca5cf52b357c8

    SHA512

    fc7bc63f472f02f7a233b93d5986163581e9abf4272c831f4383c77008831aaf48b2ed16951781cadb7cf2d45f5246c74b9e2b15ae24bbae2cdea3de97d7a605

    Download Submit

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    59KB

    MD5

    3a559adda0a4483b1138c8f50fe28707

    SHA1

    7ecc8a51a9e9864eb5317cd9fbf5038f50cdb08d

    SHA256

    f3d6e8b0a74ee958c24cdc3ef529dd24be7fd58ce0d26e443bdca5cf52b357c8

    SHA512

    fc7bc63f472f02f7a233b93d5986163581e9abf4272c831f4383c77008831aaf48b2ed16951781cadb7cf2d45f5246c74b9e2b15ae24bbae2cdea3de97d7a605

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    deabbdcb221537d48aed54816739f367

    SHA1

    9ce0f0d21d9bd08823732047e19edbbd909396bc

    SHA256

    494de69d83714780f68a1e6871716f3a4a10835e90b4f96e48610c3e8f39e9cf

    SHA512

    95a80c34ddb83e74e51e5d0884dc7433de78b956db8fb2b1fb54e0f158283991edacafd3e7653161767a69f25f9cf537cc1a654d20e3f27bbc54588b3b4bf5e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    93a2feba4b4c3fe5308a757b9b1e27a0

    SHA1

    094b5def2c1a80743eee9e7537683152ee29b2e7

    SHA256

    a1d87098543b88fccfc7538026716d708de88194249b6612ec0d101b1cf43443

    SHA512

    0321aefbb3d1dcef09f008c1dfa3f7a52a99274022efc0bf885ac0150757ec2be21f4e375376c277e47b2727550954fa062ee2ad904d2d0dbb0754d7b4a5b135

    Download Submit

  • C:\Windows\SysWOW64\rundll32Srv.exe
    Filesize

    59KB

    MD5

    3a559adda0a4483b1138c8f50fe28707

    SHA1

    7ecc8a51a9e9864eb5317cd9fbf5038f50cdb08d

    SHA256

    f3d6e8b0a74ee958c24cdc3ef529dd24be7fd58ce0d26e443bdca5cf52b357c8

    SHA512

    fc7bc63f472f02f7a233b93d5986163581e9abf4272c831f4383c77008831aaf48b2ed16951781cadb7cf2d45f5246c74b9e2b15ae24bbae2cdea3de97d7a605

    Download Submit

  • C:\Windows\SysWOW64\rundll32Srv.exe
    Filesize

    59KB

    MD5

    3a559adda0a4483b1138c8f50fe28707

    SHA1

    7ecc8a51a9e9864eb5317cd9fbf5038f50cdb08d

    SHA256

    f3d6e8b0a74ee958c24cdc3ef529dd24be7fd58ce0d26e443bdca5cf52b357c8

    SHA512

    fc7bc63f472f02f7a233b93d5986163581e9abf4272c831f4383c77008831aaf48b2ed16951781cadb7cf2d45f5246c74b9e2b15ae24bbae2cdea3de97d7a605

    Download Submit

  • memory/4356-140-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4868-139-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4968-141-0x0000000005000000-0x00000000050B9000-memory.dmp

    Filesize

    740KB

    Download