Overview

overview

10

Static

static

92dbc60ec9...10.dll

windows7-x64

10

92dbc60ec9...10.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    190s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 12:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    92dbc60ec97369b8f53fcf9d68f9d52de62f58657660ecf5cab8175b50fc3410.dll

  • Size

    556KB

  • MD5

    bacfa1c655a9ebf327c9194eb30a0db0

  • SHA1

    f1a64a940a8ae2cae04e0e5aa6ba279e681f3cf8

  • SHA256

    92dbc60ec97369b8f53fcf9d68f9d52de62f58657660ecf5cab8175b50fc3410

  • SHA512

    5ee217db9299771327e94c467dfda713524385de98d2dedc881d2a9b5e6325401bd7fa4fb1e1989c901fe78df019abdf7da93e1ab79c070a29c168af910f953c

  • SSDEEP

    12288:5ehnaNPpSVZmNxRCwnwm3W3OHIIf5433xnk7tfJ9:5eh0PpS6NxNnwYeOHX23BuJJ9

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 55 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\92dbc60ec97369b8f53fcf9d68f9d52de62f58657660ecf5cab8175b50fc3410.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:944
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\92dbc60ec97369b8f53fcf9d68f9d52de62f58657660ecf5cab8175b50fc3410.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:904
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:764
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2024
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2024 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:596
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2028
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1056

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a6b9dd36a48bdfdfe9a86305a56aaa4a

          SHA1

          e8f96776e76824b812c4be0c2f56acc8130c169e

          SHA256

          bde4f9f508192b8c71eaf96376608d971281205b50e38a740b2a05981ef5f5a6

          SHA512

          29035ad815369bd9097e241e7f752c54ad5521a6f0b28c970528ea2f43498596b5c46af93b3a9d2ce509dfa5754f582c57912d833e5779e1f7ed4d6a22e642e9

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EBE89F81-756F-11ED-AE55-6A950B37D0A0}.dat
          Filesize

          4KB

          MD5

          fbd84c615db604aab90904fa6aac80cc

          SHA1

          cbb1ba5964d6f69c4f9d2e646baf2c6968fa91a0

          SHA256

          9b8c24f6d5b22caad6899bf58e21da5e957afb7a38c2765807886611b384bc05

          SHA512

          d96ba34b221fd10ca077e000ebc5acdfd42e5acf1e2a47f8a21e4908694ca99ee490fd25c0aed216b9e9d776a1e14f6bef79d37f53f1d557b55b6e8c6d60edfa

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EBEB00E1-756F-11ED-AE55-6A950B37D0A0}.dat
          Filesize

          3KB

          MD5

          4170c1c70867afe364e271dbf87ac58c

          SHA1

          d1f61f23e425f6469e00d572937718fc6b9cb86d

          SHA256

          f3619b59c700c989874f8aa1b46fd6f23fad846f71cce451a2caa08a6836b246

          SHA512

          b49c40357efc982c70cba0ced9a76d42fcf720cba5af8254d4d91f3eeeffbfb593c82bdf1e102179e89f79d6481c3a2dbc4b1d61dd8dd71dade2be47042734c5

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\E0XK0187.txt
          Filesize

          601B

          MD5

          f13d60ed22aeef91df475c419ee9bdd5

          SHA1

          eb58d5e6452b05b0a280a26b204e64bfbd91282c

          SHA256

          c21c91701fbdbd79e48368ec28719429998f137c808ec9240be8c1bb0b0d9515

          SHA512

          d6bdd40cbf440d434cfaf69ae9069badaa9f843cb242f0427f4601f5bed4669737e86d575a8f30e101906eda008b3e138fb0400c6e3079ccf1f0fe21b132beec

          Download Submit

        • C:\Windows\SysWOW64\rundll32mgr.exe
          Filesize

          171KB

          MD5

          9d974a4a25bb580835ecf77e9bb75e77

          SHA1

          2743ede3c4832b7ca5ea5d1a320c269dc9eaa13e

          SHA256

          75b792ef1e1aed47ad12db96a2748187eb154c826d0046bc4cbc37c245d34ed5

          SHA512

          1a07160b1e8e9cf136c0445b534611f42b8d1f1313ebd77ebb493a4cf9506db855831007bc5f994e63e6218ef64bb897c6badb626f2fe2ba49ce7c5f98abcd86

          Download Submit

        • \Windows\SysWOW64\rundll32mgr.exe
          Filesize

          171KB

          MD5

          9d974a4a25bb580835ecf77e9bb75e77

          SHA1

          2743ede3c4832b7ca5ea5d1a320c269dc9eaa13e

          SHA256

          75b792ef1e1aed47ad12db96a2748187eb154c826d0046bc4cbc37c245d34ed5

          SHA512

          1a07160b1e8e9cf136c0445b534611f42b8d1f1313ebd77ebb493a4cf9506db855831007bc5f994e63e6218ef64bb897c6badb626f2fe2ba49ce7c5f98abcd86

          Download Submit

        • \Windows\SysWOW64\rundll32mgr.exe
          Filesize

          171KB

          MD5

          9d974a4a25bb580835ecf77e9bb75e77

          SHA1

          2743ede3c4832b7ca5ea5d1a320c269dc9eaa13e

          SHA256

          75b792ef1e1aed47ad12db96a2748187eb154c826d0046bc4cbc37c245d34ed5

          SHA512

          1a07160b1e8e9cf136c0445b534611f42b8d1f1313ebd77ebb493a4cf9506db855831007bc5f994e63e6218ef64bb897c6badb626f2fe2ba49ce7c5f98abcd86

          Download Submit

        • memory/764-60-0x0000000000400000-0x000000000046E000-memory.dmp

          Filesize

          440KB

          Download

        • memory/764-63-0x0000000000400000-0x000000000046E000-memory.dmp

          Filesize

          440KB

          Download

        • memory/904-55-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

          Filesize

          8KB

          Download