Overview

overview

10

Static

static

5088dc9f62...61.dll

windows7-x64

10

5088dc9f62...61.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    228s
  • max time network
    338s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    29/11/2022, 07:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5088dc9f623d925486e5ebe51f6097cf7b8f8141169fd654c75f8c964fdef861.dll

  • Size

    766KB

  • MD5

    d3921b826b581b39e4e4438a5c338620

  • SHA1

    797dfc8292c8f66f4fa41d5269bcc84624e6304c

  • SHA256

    5088dc9f623d925486e5ebe51f6097cf7b8f8141169fd654c75f8c964fdef861

  • SHA512

    add5fbb7cfeff43ef54e10213fbc528095bf470517eaa3153cb996b50d9ae3a1722bc605455ec08e3b416cd7475bc3cfa3ef9f81beb5663d45efa5f7e4f54166

  • SSDEEP

    12288:Umj2TTg5gz1BkMQ+Ka6fWh9euOzPDsdpGp8vhBahdBoopooaWo9pFy/3y:Umj23gSDbQ+Ka6fWhcuaPDsdpPahfooq

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 55 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\5088dc9f623d925486e5ebe51f6097cf7b8f8141169fd654c75f8c964fdef861.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1504
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\5088dc9f623d925486e5ebe51f6097cf7b8f8141169fd654c75f8c964fdef861.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:1496
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1200
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1788
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1788 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1852
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1148
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1148 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1732

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          ac40759877dec0ec53a8dc5ad64005a0

          SHA1

          eaa330c0e3f49bd5007bbb3b7398d77bd15f18cc

          SHA256

          78ae4493dec3cea8d09da3096f0c1d260e5db720731a7942773cad3ea6b51ccb

          SHA512

          834346e0b142bb555aab96a893cf8ccbbb88831f80331e6b4a8b90c60579e749aaaf58a66a0c9a0045d27f6ba6cbf2e74a5aacda0ae8d39e89583f32accd06b9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4550e0dc5a111f9541445dba0ba29d40

          SHA1

          7f5f3ba4b5e4934f54a067c5e83faae520735e8e

          SHA256

          12846b8876a06b67d173895b43bc8061b0c986778ae68ff0d80886e63d2eb569

          SHA512

          61dff95511029b169a82925f97fd7d4cbadf1556eb6ff84e8e4010b36b8c67979368cedd96883b0acb741a523f7445fd5d4fc04d77e4dee115edaf40cde884aa

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          af6e1fee6289e60c7de9e2790edcecac

          SHA1

          56d43d2b77d70b53b6493500d37553180b5fa9c1

          SHA256

          d7fd491cd35571122ece6c31257a90673aff9337cd080b74752b0f99f048dde2

          SHA512

          249229701c9f4521c57fc8e9860df519817e7782c6bdb5a3ea2127aa5f29610b8c4c5ce6f94996631e61c3f08d70a0b670b82b33e6e4ec0ae2cc894dbb1fedbc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3bbf23808d2fd22f71c77e8f5b1d1439

          SHA1

          735beacdb504e03a823ec3b3eaed18f4737e6260

          SHA256

          5e49ee5fcb19ac66ccefe1d32058fb43b8c94374cb3798510546cbe7b3e63879

          SHA512

          311c547abb68ea1fe122151f2573cea12fff0af5f7cef6e7d766fa6caadb6177b7d6b67eec788494818ba96f7f23f638b2f3e93a5645e4dfe054c2d29aa38316

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a88a6f943faff83ce61a03e2bf91da6c

          SHA1

          07ae0cf1f7ec9f0e82879aff77cd784d31601adc

          SHA256

          5ec17eb6055e36e5241d7f1d01c0ea89bd0ab756a2f5c168d81038cbdcb2a5b5

          SHA512

          88bdd88beca234d7d28ec555b240c0bf6f4d7fb82b1c80c02616aafd1181b983ff6c2f17e21d6ff73b39eeb6bf39af580675fc7dead2417fd082552cbc62c869

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7514d01a042dc2ff0ae799893ba8724d

          SHA1

          118ecc79a3e196f09e64fba124cc73507584d67c

          SHA256

          5ebbf9f617260e94d58729e7342d5c5780c60fcd0a014907fc78ad9905c4eb98

          SHA512

          6fd16ba8d91f3bc3d1aca16ac3d9990e2f6cc62f016d4645d1d72d32d96def5d6266d79dac6128bcbb360c57c92f4e0b079a33879cb3668728b06eaf8b0f2c6f

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{82119281-70B3-11ED-B921-F263091D6DCE}.dat
          Filesize

          3KB

          MD5

          5e701010dbae2ece19122f30c2e393f5

          SHA1

          e59e1eb672023f73465d18e6f7e0939a46a4f788

          SHA256

          6a2100073864b954afedb2c023420ef5d55f513d1664071069524f572e36cadd

          SHA512

          8dbde5a2a3d5ab2ee413d62cf29d52d14742ed6eec1f73038580009aede2a88edfaf2fb056efa01ad469028af81895cfa24e8260bd4555e79b26ef163848d96f

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{82165541-70B3-11ED-B921-F263091D6DCE}.dat
          Filesize

          3KB

          MD5

          dad337c2183349d4ff243321983fd5a3

          SHA1

          b733a81e7e576fcc1339fab0b6bd8aa8d6d41049

          SHA256

          8af06efc1c4ab7877213874f7faf2867c70e45d13590dbc93da218956629da3f

          SHA512

          74e4ad4545e553fce5ed8018a2cdd71fae891d061d8c81106ef902def26d64a77456c1649d035b302b1bcbce35fef8d86f15d0789efbf8cb33e7f0b4e74fdf6a

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZITJHAWT.txt
          Filesize

          539B

          MD5

          64926e1c2bd45faa7da9e42c126b08d4

          SHA1

          523fd8b2dc100b24cb8f5b12c86609f40d62e3a5

          SHA256

          e75a8fa2532d6c85d70a04f3221ad6ed318fab3e050fb185768bd0691f9619ad

          SHA512

          d235875bbf969455da819d617cb699fc3f2058a2f349e3613ffcb68ef571a1ec3b3493d7ce7040a9a8dccea6f6310ec6bea8d77273671698a976a85faaf2532d

          Download Submit

        • C:\Windows\SysWOW64\rundll32mgr.exe
          Filesize

          104KB

          MD5

          84b7783804fa7506672a409e9899c6be

          SHA1

          2da8a6e9c04662564e18cdf98f73e224a5662533

          SHA256

          b26a93c17ac6a412c6c191aa6a1543537f3185fe813c24153c6dec736fbad4ef

          SHA512

          8a867296b05f45dd79ab64b11b6cc0cc8fad835b2f5ba9b8469981cc9b3e15c91f98b688cbe7addfab7ea2bd55a1d475fc853c004afb24be1b5691f8183c897c

          Download Submit

        • \Windows\SysWOW64\rundll32mgr.exe
          Filesize

          104KB

          MD5

          84b7783804fa7506672a409e9899c6be

          SHA1

          2da8a6e9c04662564e18cdf98f73e224a5662533

          SHA256

          b26a93c17ac6a412c6c191aa6a1543537f3185fe813c24153c6dec736fbad4ef

          SHA512

          8a867296b05f45dd79ab64b11b6cc0cc8fad835b2f5ba9b8469981cc9b3e15c91f98b688cbe7addfab7ea2bd55a1d475fc853c004afb24be1b5691f8183c897c

          Download Submit

        • \Windows\SysWOW64\rundll32mgr.exe
          Filesize

          104KB

          MD5

          84b7783804fa7506672a409e9899c6be

          SHA1

          2da8a6e9c04662564e18cdf98f73e224a5662533

          SHA256

          b26a93c17ac6a412c6c191aa6a1543537f3185fe813c24153c6dec736fbad4ef

          SHA512

          8a867296b05f45dd79ab64b11b6cc0cc8fad835b2f5ba9b8469981cc9b3e15c91f98b688cbe7addfab7ea2bd55a1d475fc853c004afb24be1b5691f8183c897c

          Download Submit

        • memory/1200-66-0x0000000000400000-0x0000000000456000-memory.dmp

          Filesize

          344KB

          Download

        • memory/1200-65-0x0000000000400000-0x0000000000456000-memory.dmp

          Filesize

          344KB

          Download

        • memory/1496-64-0x00000000002A0000-0x00000000002F6000-memory.dmp

          Filesize

          344KB

          Download

        • memory/1496-58-0x00000000002A0000-0x00000000002F6000-memory.dmp

          Filesize

          344KB

          Download

        • memory/1496-56-0x0000000005000000-0x00000000050C5000-memory.dmp

          Filesize

          788KB

          Download

        • memory/1496-55-0x00000000763A1000-0x00000000763A3000-memory.dmp

          Filesize

          8KB

          Download