Overview

overview

10

Static

static

93cb5db461...df.dll

windows7-x64

10

93cb5db461...df.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    173s
  • max time network
    224s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 17:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    93cb5db461880af1ec9737b017e213f1216bdf2385ad0fe52dba8d2d38d668df.dll

  • Size

    264KB

  • MD5

    02d4ddeeb7edadf1a605d6f69d95b3b7

  • SHA1

    e15299d6ee01cb747272601c1089ec7229620e62

  • SHA256

    93cb5db461880af1ec9737b017e213f1216bdf2385ad0fe52dba8d2d38d668df

  • SHA512

    aed02b10b5a1b32169d8f9651273feaf5115ea3c982aee9ce3465d8a8d9d0019e498544d2129d483d8576d5dcc45bece18976f35599549d5306e32ecd6fe4b8d

  • SSDEEP

    6144:izQA45pvVPttxxp70OTJimi8nmYusgmdK6MvDUM70qG/M2/UdI:izQAMvhPLR0CimbTuRudMv37N+PUa

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\93cb5db461880af1ec9737b017e213f1216bdf2385ad0fe52dba8d2d38d668df.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1680
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\93cb5db461880af1ec9737b017e213f1216bdf2385ad0fe52dba8d2d38d668df.dll,#1
      2⤵
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:5092
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:864
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 10192
          4⤵
          • Program crash
          PID:3128
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 612
        3⤵
        • Program crash
        PID:3412
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 5092 -ip 5092
    1⤵
      PID:176
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 864 -ip 864
      1⤵
        PID:1892

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\~TMAC8C.tmp
        Filesize

        1.6MB

        MD5

        4f3387277ccbd6d1f21ac5c07fe4ca68

        SHA1

        e16506f662dc92023bf82def1d621497c8ab5890

        SHA256

        767a3fc4a7a6818cdc3f0b99aaa95db694f6bcde719d2057a88b3d4df3d74fac

        SHA512

        9da199ac69e3c0d4e0c6307e0ab8178f12cc25cb2f14c3511f6b64e6e60a925c860f3263cb38353a97b55a71ef4d27f8cb7fa3cfc08e7c1a349fd8d209dfa219

        Download Submit

      • C:\Windows\SysWOW64\rundll32mgr.exe
        Filesize

        177KB

        MD5

        9d4ef42cddc4e975b05c2f3f6235129e

        SHA1

        5f81976e555bfce1389b9304ad4e4e61d94edf27

        SHA256

        72e36957d1c7593d0f7165823e3a27038a2cb772c1f22c56a9086296ff297fac

        SHA512

        a881e4e2dfd9caa972fdfb40bc6dc7e95ad5b69fa5e4437c353d76def7125e3ecc43e6a0c6b07642f7cd4112cfc4dbeb5918de67cd0790ad6764a111f3d8dc2d

        Download Submit

      • C:\Windows\SysWOW64\rundll32mgr.exe
        Filesize

        177KB

        MD5

        9d4ef42cddc4e975b05c2f3f6235129e

        SHA1

        5f81976e555bfce1389b9304ad4e4e61d94edf27

        SHA256

        72e36957d1c7593d0f7165823e3a27038a2cb772c1f22c56a9086296ff297fac

        SHA512

        a881e4e2dfd9caa972fdfb40bc6dc7e95ad5b69fa5e4437c353d76def7125e3ecc43e6a0c6b07642f7cd4112cfc4dbeb5918de67cd0790ad6764a111f3d8dc2d

        Download Submit

      • memory/864-133-0x0000000000000000-mapping.dmp

        Download

      • memory/864-138-0x00000000005C0000-0x000000000062C000-memory.dmp

        Filesize

        432KB

        Download

      • memory/864-139-0x0000000000400000-0x000000000046C000-memory.dmp

        Filesize

        432KB

        Download

      • memory/864-140-0x00000000778A0000-0x0000000077A43000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/5092-132-0x0000000000000000-mapping.dmp

        Download

      • memory/5092-136-0x0000000010000000-0x0000000010046000-memory.dmp

        Filesize

        280KB

        Download