Overview

overview

10

Static

static

3

0e6c2a7e64...45.dll

windows7-x64

10

0e6c2a7e64...45.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    158s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2023 07:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e6c2a7e647043a1a469e69223873845.dll

  • Size

    261KB

  • MD5

    0e6c2a7e647043a1a469e69223873845

  • SHA1

    8acb67cd8ec82e1fcbfc8eae53dbc249964258d2

  • SHA256

    8747ce94f1ad3ae394252a3c2a4c2d22ccc0fc19d4bcce287b8ac9542b38f9b4

  • SHA512

    260a0ea09617b10842e568fa87730f3bfa3123c334ffb26212f401c612c8d659b00cb54796332cd1613b94c32789b05afe50fd73cacc0495a9ff62d706249609

  • SSDEEP

    6144:UCIGPj038tAgFMldWNX+pQt0WWgX2ypKx1:Zj038t/FMldW4+t0VP

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e6c2a7e647043a1a469e69223873845.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4976
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e6c2a7e647043a1a469e69223873845.dll,#1
      2⤵
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:1072
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2984
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 10176
          4⤵
          • Program crash
          PID:3288
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 616
        3⤵
        • Program crash
        PID:4852
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 1072 -ip 1072
    1⤵
      PID:4640
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2984 -ip 2984
      1⤵
        PID:872

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\~TMD263.tmp
        Filesize

        1KB

        MD5

        88f2793fbcf001184dd88e077113e103

        SHA1

        d88a1ea707bee7587f3ec0c5aa401355b8b73c2f

        SHA256

        a178d16f89490ae988ca22d61e99517982e1a3d507835a7c6e396111915937a0

        SHA512

        6ec1151a88de4d27d22d1d08bbc6fc47e07e4a97beb0770f9cd2817e8ba26c521c4aca9f4c38892b8020fdac2183cca2cc2d5ce6ffbecff150a53c315a2fbd0b

        Download Submit

      • C:\Windows\SysWOW64\rundll32mgr.exe
        Filesize

        84KB

        MD5

        5b960c7fe5c551edf142c1198502e6c6

        SHA1

        c2ad689f9cc184752b81992bc1945b0dcbefcc0e

        SHA256

        ebf1b18f7a9a5e757c253788631be8e3ae291983405684f2ed5a4ba28b10a637

        SHA512

        2f17e7581941fdd451b87aabe1d8574d01039be17e1db9b97fc601fdd94056e1e6e23eb698f6f544c1dbf8b8614b8ba7f49fce2a3f2422877f4ba70669be0025

        Download Submit

      • C:\Windows\SysWOW64\rundll32mgr.exe
        Filesize

        1KB

        MD5

        43677a6820934e861497759cd29ae269

        SHA1

        9c931e1bf2895d818abfd1efc1c54549382a1878

        SHA256

        a095a95e1613e9aee0226b7a934a48e061e9c665691d169c4245209c995fbee6

        SHA512

        a32fefd13683486dbd67b25ea80b1d348e8ee01626ef162a6245c4de1d34b84738be46cd12518737946e2f5939087c16e0ef64c0cd77fc28b349b2950759aee1

        Download Submit

      • memory/1072-1-0x0000000010000000-0x0000000010046000-memory.dmp

        Filesize

        280KB

        Download

      • memory/1072-14-0x0000000010000000-0x0000000010046000-memory.dmp

        Filesize

        280KB

        Download

      • memory/2984-5-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2984-6-0x00000000021B0000-0x00000000021F2000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2984-7-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2984-11-0x0000000076F42000-0x0000000076F44000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2984-12-0x0000000076F42000-0x0000000076F43000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2984-13-0x0000000076F42000-0x0000000076F44000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2984-16-0x00000000021B0000-0x00000000021F2000-memory.dmp

        Filesize

        264KB

        Download