Overview

overview

10

Static

static

06ff45e938...64.dll

windows7-x64

10

06ff45e938...64.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    106s
  • max time network
    179s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    04/12/2022, 02:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    06ff45e9386877ad91105bfcd72494bc891553463088b23b85398784ffa2ea64.dll

  • Size

    616KB

  • MD5

    11cdec6f45f3b052ff085ff9600515e0

  • SHA1

    6d50cf01a8acb3c927049919e31eada6499a88ec

  • SHA256

    06ff45e9386877ad91105bfcd72494bc891553463088b23b85398784ffa2ea64

  • SHA512

    09df7246f18fa9f444cc536da39a17fe0763511082fccb57870052cb41a0a93012ea1ddb2065341c3cbb5b7dc85d98e89309b46d4db3a70ec0082a1b75fd9630

  • SSDEEP

    12288:QV7LMzw56Wx1Dk/qon6xyYhgPFaUVltN1rOeqvC:a1oC3yWgPF3qq

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 54 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\06ff45e9386877ad91105bfcd72494bc891553463088b23b85398784ffa2ea64.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\06ff45e9386877ad91105bfcd72494bc891553463088b23b85398784ffa2ea64.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:1992
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1272
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:676
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:676 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1536
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1916
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1916 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1956

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f276e9d2fdc46cb8e0db70f7d648c21b

          SHA1

          8c2f39e7518ca213ce5e78622e1cb3bf10368a33

          SHA256

          5262e233c62a9c593a4897621a29783bcf587488fefd3b4d1a10731c0f28b591

          SHA512

          60faf0217d2244f9929cf8264ff3b0f7dfdb6690174f69d0b911f4f62d31416ce9c332a1355f9a00796e31f392c2489a7c45829d284b9b7d9236d793fb82ef16

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8ce2feaf33cbf52bf5ec4dfcea52b41c

          SHA1

          7cda09571bc4232a07c2152819644c78e503a69d

          SHA256

          55aeb47e2587526ac4e4ca3b6512837e5626471d445e617570042b319b3eb6ae

          SHA512

          c98a62c034c9fde0b1377d45440aa2a0d02dd51307eb50f209c8c8d2b1fa34b9ab9305dd785bbe4216f44a9c10e54615d1ac5aa049374704c884768ddea64af1

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0D891761-7632-11ED-8CB6-56A236AC5043}.dat
          Filesize

          3KB

          MD5

          fdac5a76308f8fd5a4a9d9120ba9b496

          SHA1

          907661904cead5deb09fa31e0a07927d344f1765

          SHA256

          3e2167028ff34f99bd5e1bc0c92cccd4e9a986eebf2fc32aad8a4c90a45ba4ba

          SHA512

          618cb1befbd76a8ed1b4f56de4291206f91b4ff1027bdfdfa8a608315947002e8cb74705998ef342c0f72c021f7abb4074947c6f92a4e35809e3225ec3af009c

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5C4YZLKK.txt
          Filesize

          601B

          MD5

          a5770cbb78b8053caa9fa301185fb802

          SHA1

          46314a40289c3b0baea13eb7490bf1db1759a3f4

          SHA256

          a664fd2cb4019f34cbcd46bba98bf6dcade7dadc218b0448d73402de699c352b

          SHA512

          d6df2d9eb809b246f12e1ebe06d03ea850cccb6ef94edfa3b317726cba4721ea1b1e6f97d74fb22e37ff504b95447115144b9914208bad7153d045c073d34a19

          Download Submit

        • C:\Windows\SysWOW64\rundll32mgr.exe
          Filesize

          220KB

          MD5

          1b7fc3fa0a84470506c3028b48a5f04d

          SHA1

          3fa9f258fd20c92c0dd366f1520d44f61e236d3b

          SHA256

          9f62f582fc02ae7b3b5df9a8a90718a80773eed10828014cee2a938976ab056b

          SHA512

          1259215288d11be9493abc5d9babec8ff2563be3ed1aaf47fbda3f5832d7604f4f5956d09a06854ff133fb9e0971ac398966c46c743dee3f0aead6a2d0901c19

          Download Submit

        • \Windows\SysWOW64\rundll32mgr.exe
          Filesize

          220KB

          MD5

          1b7fc3fa0a84470506c3028b48a5f04d

          SHA1

          3fa9f258fd20c92c0dd366f1520d44f61e236d3b

          SHA256

          9f62f582fc02ae7b3b5df9a8a90718a80773eed10828014cee2a938976ab056b

          SHA512

          1259215288d11be9493abc5d9babec8ff2563be3ed1aaf47fbda3f5832d7604f4f5956d09a06854ff133fb9e0971ac398966c46c743dee3f0aead6a2d0901c19

          Download Submit

        • \Windows\SysWOW64\rundll32mgr.exe
          Filesize

          220KB

          MD5

          1b7fc3fa0a84470506c3028b48a5f04d

          SHA1

          3fa9f258fd20c92c0dd366f1520d44f61e236d3b

          SHA256

          9f62f582fc02ae7b3b5df9a8a90718a80773eed10828014cee2a938976ab056b

          SHA512

          1259215288d11be9493abc5d9babec8ff2563be3ed1aaf47fbda3f5832d7604f4f5956d09a06854ff133fb9e0971ac398966c46c743dee3f0aead6a2d0901c19

          Download Submit

        • memory/1272-62-0x0000000000400000-0x0000000000470000-memory.dmp

          Filesize

          448KB

          Download

        • memory/1272-60-0x0000000000400000-0x0000000000470000-memory.dmp

          Filesize

          448KB

          Download

        • memory/1992-55-0x0000000076651000-0x0000000076653000-memory.dmp

          Filesize

          8KB

          Download