Overview

overview

10

Static

static

36abaf79f3...a1.dll

windows7-x64

10

36abaf79f3...a1.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    185s
  • max time network
    190s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 18:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36abaf79f3ee631e484e5d0ad2861b3a661ad0520fd1317a518aed60c59110a1.dll

  • Size

    155KB

  • MD5

    17cc44e2e51f83bc83111cf6f9d38b4b

  • SHA1

    9c324141fe74a67e60848ddd097a1a5b67e8bdf4

  • SHA256

    36abaf79f3ee631e484e5d0ad2861b3a661ad0520fd1317a518aed60c59110a1

  • SHA512

    75017d43c72a7d42956477eee3353e4b454a883eed72bce5f71066861a325cdefe91c2a24779935300f1483d3b78ff018cd0368f16b56c4d1462cffe687ea102

  • SSDEEP

    3072:EEerWSF+6RjZiq2uW1xZfsVF4ZCeeZaXBqsWX:E7r2I721vfsVeZ+gXBqsG

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\36abaf79f3ee631e484e5d0ad2861b3a661ad0520fd1317a518aed60c59110a1.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1108
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\36abaf79f3ee631e484e5d0ad2861b3a661ad0520fd1317a518aed60c59110a1.dll,#1
      2⤵
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:4560
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2100
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 480
          4⤵
          • Program crash
          PID:460
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2100 -ip 2100
    1⤵
      PID:1608

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\~TM2FCA.tmp
      Filesize

      1.6MB

      MD5

      4f3387277ccbd6d1f21ac5c07fe4ca68

      SHA1

      e16506f662dc92023bf82def1d621497c8ab5890

      SHA256

      767a3fc4a7a6818cdc3f0b99aaa95db694f6bcde719d2057a88b3d4df3d74fac

      SHA512

      9da199ac69e3c0d4e0c6307e0ab8178f12cc25cb2f14c3511f6b64e6e60a925c860f3263cb38353a97b55a71ef4d27f8cb7fa3cfc08e7c1a349fd8d209dfa219

      Download Submit
    • C:\Windows\SysWOW64\rundll32mgr.exe
      Filesize

      106KB

      MD5

      7657fcb7d772448a6d8504e4b20168b8

      SHA1

      84c7201f7e59cb416280fd69a2e7f2e349ec8242

      SHA256

      54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc4cb9601c9ce3ec9a71

      SHA512

      786addd2a793bd4123625b22dc717d193246442ac97f1c3f4a763ec794b48e68051cd41097c0e9f7367e6914534f36eafccb109ab03dc793d68bf1522e7884e2

      Download Submit
    • C:\Windows\SysWOW64\rundll32mgr.exe
      Filesize

      106KB

      MD5

      7657fcb7d772448a6d8504e4b20168b8

      SHA1

      84c7201f7e59cb416280fd69a2e7f2e349ec8242

      SHA256

      54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc4cb9601c9ce3ec9a71

      SHA512

      786addd2a793bd4123625b22dc717d193246442ac97f1c3f4a763ec794b48e68051cd41097c0e9f7367e6914534f36eafccb109ab03dc793d68bf1522e7884e2

      Download Submit
    • memory/2100-133-0x0000000000000000-mapping.dmp
      Download
    • memory/2100-137-0x0000000000400000-0x000000000042A000-memory.dmp
      Filesize

      168KB

      Download
    • memory/2100-138-0x00000000006A0000-0x00000000006CA000-memory.dmp
      Filesize

      168KB

      Download
    • memory/2100-139-0x0000000077080000-0x0000000077223000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4560-132-0x0000000000000000-mapping.dmp
      Download