Overview

overview

10

Static

static

8c64aa03f5...ef.dll

windows7-x64

10

8c64aa03f5...ef.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    104s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    29/11/2022, 07:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8c64aa03f562565dd6d9cac1d7223870e6b0bd4814053d8f85b5d209860f8bef.dll

  • Size

    502KB

  • MD5

    2d8859eaec749d1deb324e3323613b92

  • SHA1

    ca198d9246138f7fd94efac868977fd35d5b52f3

  • SHA256

    8c64aa03f562565dd6d9cac1d7223870e6b0bd4814053d8f85b5d209860f8bef

  • SHA512

    5b84a0b9778aafcbb360b71d70f0844fb822e7b6a4036b1a0a664a635c15f55373341348cb2faf8513696d2bab7208112f7ac30231562369387cd7911676166f

  • SSDEEP

    12288:7xGCOXzURlbDC9K69u2m+SqOWcsQQKiY4leDDGoggH/VREG6j4Gm01bje4kHb16U:twXzU4kosOgHT

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 3 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 12 IoCs
  • Drops file in System32 directory 3 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c64aa03f562565dd6d9cac1d7223870e6b0bd4814053d8f85b5d209860f8bef.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1896
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c64aa03f562565dd6d9cac1d7223870e6b0bd4814053d8f85b5d209860f8bef.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:1708
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Suspicious use of WriteProcessMemory
        PID:904
        • C:\Windows\SysWOW64\rundll32mgrmgr.exe
          C:\Windows\SysWOW64\rundll32mgrmgr.exe
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in System32 directory
          • Suspicious use of WriteProcessMemory
          PID:868
          • C:\Windows\SysWOW64\rundll32mgrmgrmgr.exe
            C:\Windows\SysWOW64\rundll32mgrmgrmgr.exe
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:1788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\rundll32mgr.exe
    Filesize

    289KB

    MD5

    f3ae9533fd651e95eb9e300ac89b91c3

    SHA1

    610400db6f891dae9f6f26163f56c00b6b65ea67

    SHA256

    17f93c002b198347acd038d0e32157e04a61dbc2fed3a7696ed70d04b9954f90

    SHA512

    51e5ee1ce9177667feb1d2b279895755a39f694d785b6beac77f468a4ec4de1525ae14d403641fb556541f0687f7a7a5e6512aab97602a05d5f7f725c0cc24fd

    Download Submit

  • C:\Windows\SysWOW64\rundll32mgrmgr.exe
    Filesize

    191KB

    MD5

    f18da83e138d9cd9b2eb6cbfbb516720

    SHA1

    1bca6d0f0b70bbaf536c4d4d9090cc47f200b54b

    SHA256

    3d15a457cc3f7d38f1a8092be7cff6a435feef279cb9ac4c1ab89a7e7e0527f4

    SHA512

    63fb76b5e529efb7f4c831d48654409b93e85796f83ec43a7649aa4f16b01585bc7215e301074a22a665c73216bfffebddb2e0d244f3be3f0887a2eb41ed003e

    Download Submit

  • C:\Windows\SysWOW64\rundll32mgrmgrmgr.exe
    Filesize

    94KB

    MD5

    8abf6898662a995642dd979ff1fe5eef

    SHA1

    08aeda19120993801a6f3a8aa2b73b559ed361ad

    SHA256

    8aa6d0613c1ad6326d92678bc90dd10be1fba7a5b5f9d7a4a6fac6a42baf94cb

    SHA512

    a1e88bde3478d8a0c74824998b13e1fdf4484eec444540352076acc43675ecd2daed86e719b3889e7e8ce2104b2b7259a237b42d474acbca8f7e7fb3f37a3313

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~TM7BE5.tmp
    Filesize

    1.2MB

    MD5

    d124f55b9393c976963407dff51ffa79

    SHA1

    2c7bbedd79791bfb866898c85b504186db610b5d

    SHA256

    ea1e16247c848c8c171c4cd1fa17bc5a018a1fcb0c0dac25009066b6667b8eef

    SHA512

    278fe3a4b1fbbe700e4f4483b610133e975e36e101455661d5197bd892a68839b9d555499040d200c92aefa9e3819380e395c0cd85d5fc845c6364d128a8cf06

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~TM7C23.tmp
    Filesize

    1.2MB

    MD5

    d124f55b9393c976963407dff51ffa79

    SHA1

    2c7bbedd79791bfb866898c85b504186db610b5d

    SHA256

    ea1e16247c848c8c171c4cd1fa17bc5a018a1fcb0c0dac25009066b6667b8eef

    SHA512

    278fe3a4b1fbbe700e4f4483b610133e975e36e101455661d5197bd892a68839b9d555499040d200c92aefa9e3819380e395c0cd85d5fc845c6364d128a8cf06

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~TM7C42.tmp
    Filesize

    1.2MB

    MD5

    d124f55b9393c976963407dff51ffa79

    SHA1

    2c7bbedd79791bfb866898c85b504186db610b5d

    SHA256

    ea1e16247c848c8c171c4cd1fa17bc5a018a1fcb0c0dac25009066b6667b8eef

    SHA512

    278fe3a4b1fbbe700e4f4483b610133e975e36e101455661d5197bd892a68839b9d555499040d200c92aefa9e3819380e395c0cd85d5fc845c6364d128a8cf06

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~TMD903.tmp
    Filesize

    1.1MB

    MD5

    9b98d47916ead4f69ef51b56b0c2323c

    SHA1

    290a80b4ded0efc0fd00816f373fcea81a521330

    SHA256

    96e0ae104c9662d0d20fdf59844c2d18334e5847b6c4fc7f8ce4b3b87f39887b

    SHA512

    68b67021f228d8d71df4deb0b6388558b2f935a6aa466a12199cd37ada47ee588ea407b278d190d3a498b0ef3f5f1a2573a469b7ea5561ab2e7055c45565fe94

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~TMDA0C.tmp
    Filesize

    1.1MB

    MD5

    9b98d47916ead4f69ef51b56b0c2323c

    SHA1

    290a80b4ded0efc0fd00816f373fcea81a521330

    SHA256

    96e0ae104c9662d0d20fdf59844c2d18334e5847b6c4fc7f8ce4b3b87f39887b

    SHA512

    68b67021f228d8d71df4deb0b6388558b2f935a6aa466a12199cd37ada47ee588ea407b278d190d3a498b0ef3f5f1a2573a469b7ea5561ab2e7055c45565fe94

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~TMDA1B.tmp
    Filesize

    1.1MB

    MD5

    9b98d47916ead4f69ef51b56b0c2323c

    SHA1

    290a80b4ded0efc0fd00816f373fcea81a521330

    SHA256

    96e0ae104c9662d0d20fdf59844c2d18334e5847b6c4fc7f8ce4b3b87f39887b

    SHA512

    68b67021f228d8d71df4deb0b6388558b2f935a6aa466a12199cd37ada47ee588ea407b278d190d3a498b0ef3f5f1a2573a469b7ea5561ab2e7055c45565fe94

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    289KB

    MD5

    f3ae9533fd651e95eb9e300ac89b91c3

    SHA1

    610400db6f891dae9f6f26163f56c00b6b65ea67

    SHA256

    17f93c002b198347acd038d0e32157e04a61dbc2fed3a7696ed70d04b9954f90

    SHA512

    51e5ee1ce9177667feb1d2b279895755a39f694d785b6beac77f468a4ec4de1525ae14d403641fb556541f0687f7a7a5e6512aab97602a05d5f7f725c0cc24fd

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    289KB

    MD5

    f3ae9533fd651e95eb9e300ac89b91c3

    SHA1

    610400db6f891dae9f6f26163f56c00b6b65ea67

    SHA256

    17f93c002b198347acd038d0e32157e04a61dbc2fed3a7696ed70d04b9954f90

    SHA512

    51e5ee1ce9177667feb1d2b279895755a39f694d785b6beac77f468a4ec4de1525ae14d403641fb556541f0687f7a7a5e6512aab97602a05d5f7f725c0cc24fd

    Download Submit

  • \Windows\SysWOW64\rundll32mgrmgr.exe
    Filesize

    191KB

    MD5

    f18da83e138d9cd9b2eb6cbfbb516720

    SHA1

    1bca6d0f0b70bbaf536c4d4d9090cc47f200b54b

    SHA256

    3d15a457cc3f7d38f1a8092be7cff6a435feef279cb9ac4c1ab89a7e7e0527f4

    SHA512

    63fb76b5e529efb7f4c831d48654409b93e85796f83ec43a7649aa4f16b01585bc7215e301074a22a665c73216bfffebddb2e0d244f3be3f0887a2eb41ed003e

    Download Submit

  • \Windows\SysWOW64\rundll32mgrmgr.exe
    Filesize

    191KB

    MD5

    f18da83e138d9cd9b2eb6cbfbb516720

    SHA1

    1bca6d0f0b70bbaf536c4d4d9090cc47f200b54b

    SHA256

    3d15a457cc3f7d38f1a8092be7cff6a435feef279cb9ac4c1ab89a7e7e0527f4

    SHA512

    63fb76b5e529efb7f4c831d48654409b93e85796f83ec43a7649aa4f16b01585bc7215e301074a22a665c73216bfffebddb2e0d244f3be3f0887a2eb41ed003e

    Download Submit

  • \Windows\SysWOW64\rundll32mgrmgrmgr.exe
    Filesize

    94KB

    MD5

    8abf6898662a995642dd979ff1fe5eef

    SHA1

    08aeda19120993801a6f3a8aa2b73b559ed361ad

    SHA256

    8aa6d0613c1ad6326d92678bc90dd10be1fba7a5b5f9d7a4a6fac6a42baf94cb

    SHA512

    a1e88bde3478d8a0c74824998b13e1fdf4484eec444540352076acc43675ecd2daed86e719b3889e7e8ce2104b2b7259a237b42d474acbca8f7e7fb3f37a3313

    Download Submit

  • \Windows\SysWOW64\rundll32mgrmgrmgr.exe
    Filesize

    94KB

    MD5

    8abf6898662a995642dd979ff1fe5eef

    SHA1

    08aeda19120993801a6f3a8aa2b73b559ed361ad

    SHA256

    8aa6d0613c1ad6326d92678bc90dd10be1fba7a5b5f9d7a4a6fac6a42baf94cb

    SHA512

    a1e88bde3478d8a0c74824998b13e1fdf4484eec444540352076acc43675ecd2daed86e719b3889e7e8ce2104b2b7259a237b42d474acbca8f7e7fb3f37a3313

    Download Submit

  • memory/868-88-0x0000000077DC0000-0x0000000077F40000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/868-68-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/868-87-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/868-80-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/868-78-0x0000000000220000-0x0000000000263000-memory.dmp

    Filesize

    268KB

    Download

  • memory/904-82-0x00000000002D0000-0x000000000032C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/904-94-0x0000000077DC0000-0x0000000077F40000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/904-69-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/904-77-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/904-67-0x00000000002D0000-0x000000000032C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/904-71-0x00000000002D0000-0x000000000032C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/904-93-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1708-57-0x0000000010000000-0x0000000010084000-memory.dmp

    Filesize

    528KB

    Download

  • memory/1708-58-0x0000000000200000-0x0000000000274000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1708-55-0x0000000076D71000-0x0000000076D73000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1788-91-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/1788-79-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/1788-81-0x0000000000220000-0x0000000000263000-memory.dmp

    Filesize

    268KB

    Download

  • memory/1788-92-0x0000000077DC0000-0x0000000077F40000-memory.dmp

    Filesize

    1.5MB

    Download