Analysis

  • max time kernel
    120s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13/03/2024, 23:03

General

  • Target

    c711a7b74c62cbdcd059ec9421ecdc3e.dll

  • Size

    80KB

  • MD5

    c711a7b74c62cbdcd059ec9421ecdc3e

  • SHA1

    2c5d751748523f47897c4490f014e5e01b37d1bf

  • SHA256

    27ea524cc2f12cc4b9e70878667bcb8901e7d1548d0b1341b36b7722c056213b

  • SHA512

    8daaaf0b8496ce05fd66dfd1812b1b7fb63fc4c25d7954760bc708f018becad765b274dbfd52557d2ddbdb627199fc8844ed6a2b2496c80cd59dae059406c730

  • SSDEEP

    1536:T2lFYHQuwVlTS8uT4Dpd7kJNNV+ZA0J7Pt0s+96Ve5Uhm:TUA2lTS8ukDzAJNL+22F0s+9Ye50

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c711a7b74c62cbdcd059ec9421ecdc3e.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2320
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\c711a7b74c62cbdcd059ec9421ecdc3e.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:1772
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:2484
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of UnmapMainImage
          • Suspicious use of WriteProcessMemory
          PID:2544
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2556
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2556 CREDAT:275457 /prefetch:2
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2612

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          67KB

          MD5

          753df6889fd7410a2e9fe333da83a429

          SHA1

          3c425f16e8267186061dd48ac1c77c122962456e

          SHA256

          b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

          SHA512

          9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          b2ade7cdcb69aafada988322b1da6674

          SHA1

          81e1311624711edafd5f08573fd00b66557c35a0

          SHA256

          eeb906e45300960887f9e84364b91752530887be1b3763c90041c802a97b1546

          SHA512

          8afe365e02b47aff387918e43c97e5efffcaf7b147ed700b2d4c87a266ee56b23bbf498e2904bacbbf87630724eafc83e44d72c2236113a12cbc7dc1131f4409

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          8ea77a4320a15ebd0eb2bcb86b166a2c

          SHA1

          d13effbb7abf651d318f219ce673d75de1aee4a2

          SHA256

          d4c1ec658779ade99a1ed121596d39b58428e9a2cee0b797d4bef649513c08ec

          SHA512

          a5cd00dcaa81d1a986f968f6e8318fef04554cc9e9304674e01a1ccb9beec2ba60b8291d9bbef05ef253f6dbf7dd8df44e9a8cfbdb6fbce0dd413d1127b354f3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          337aa3b4f8eeefa43c13db0d3d92345e

          SHA1

          4415c687bf0a59f48f0b9e9ba2f052e4393649a5

          SHA256

          2eaab6936b830c3c4d37dee472e305233947521dd7f4e0f0e57279d097ffb48b

          SHA512

          3d7bb7459627853c12baab515617c4f4912a74a1fb6af87495e010b802338fa882c5c4679424525c252648e5fc4232b6d5f3ae15867601ca38820565cf5f07a0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          62979155aa01bd9f83295158f6277e26

          SHA1

          26209d6d672c5224e33d31f705e7308c6c2d6421

          SHA256

          19eb3fb2eb256aaba82ac51f9d65c7fff47dd0bce110e0b6b51c5bb51f1a6832

          SHA512

          78834ba30d37420b16ea9adb2435f2c412b3569085c23d6cb686722a37112fc8412b748c1a15ef641277078ad2ec5b9e5e99286306af6762557248a29fd79b5a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          2fa85f2f19d6bbf09370fc1e02628aa0

          SHA1

          153e63545338d029b4fb253c8d4dc8fc88680e38

          SHA256

          a6734e0f16905fcd72db8d96b30efe29b5a17094735e9144e98f10137010358b

          SHA512

          820e370eb2791e9b54b636f9f8489a22ab8e3cfece4d9f3cab0fb8e4ebd6d275122efb2a31ed84f4988704e621ee01f7b2221f3935cbca4460c69be9e957440a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          76685556e605a181998bbbfbab9174d4

          SHA1

          43a407a348dad38bd3c0afc0b4db11e9a041caaa

          SHA256

          37091cc2b1ad0260d7b5540b4d8cf935f91dc63226e832adaaa0e0ce0fb60af8

          SHA512

          32b9af9b9dce76f4f6f91f6da694102cc7359248e3efe3b9196f860755df2873f1345655050d8d5c1ff1aba2d245addb5e4ca2738e597b0e2765da6caa11fb1e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          6d03165201c5f9168194c772e8eaafd5

          SHA1

          784b7f784305e9e91ff4e2a02375d3c49c9cca93

          SHA256

          c613679f5827c7d4d0713dce25c08c5abe36f52115429c1b6e84f13b073f409e

          SHA512

          c25554db4b70448db1a98b0f9b54f394083d71ede9135d60ce3e69a53726da5c48ee86685b2793a412318bf3f6a0d1c006f704197e00d9277d6f535e46e531f1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          0d2d55506653dc34d74171fba0bdc330

          SHA1

          f5a319f4864fef9614ca8df3305c537761527fd4

          SHA256

          a8ca520e5a5505a7ee490cdc565eebc919c43cff2b0d0f1672edccb1f912e5e6

          SHA512

          5c8d4fab4b19ab0e3654aeebfa6f3597f32a162c11459b5fc37c173bc68b766c70723b147c724dd06736f49308c1fb8e384ead31b25107a4e04f941b9ba7853c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          a4858b0ccc928ae0502e90ca04761acc

          SHA1

          7980e59ed79d8c6905921d24a182c2d97eeb7520

          SHA256

          c77dadb379fd8c53c4f0ecc420fbda8ae24e144fd907393d7256574d4e16fd92

          SHA512

          fc78d0feeeb0856a1289e9329ff5c610b21b754ec797e6f93b5ba41074e3f6b5680aa24205714272fb966e9b7beb5e3d717f22d0cb4e3e7726e4d3446b2b5061

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          57b9580b5eb6df201c65e49feb02d6f1

          SHA1

          973fdd5b0661a73525538da318d2fa12b1ecf024

          SHA256

          1d7fbebd60272019c110c8bc114cb3b67f566f63b7d19254f83d505870945311

          SHA512

          ab6aef16bdfea5649e2a90c289bd5e01e5ec4fa99e60c5586f15d58b3b954d6510193917e6fecfe073741bcad14e7ae784f262088b2649eff7b34b927cb6519e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          f4997f25027384527a24c880c6009067

          SHA1

          24bd550c6b4f6e9689928eab277a6af980dabaa7

          SHA256

          4ac048658be69d3d0a21d67108168cf512b26a62d91bf221ae159cde36bd961e

          SHA512

          ea3c0a56e7285e45147a01a5743ac81f02c77d575b22811bfea8424e90246a362d7351df070f7ec0ef041ca04d0f0510bcaad5a28be90b57c7c17272a76f58d3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          fb561401f5411d83f5be7f688ed4f06b

          SHA1

          19e2dd17483e5e2ab51b4b922ea1d46d8f884e62

          SHA256

          b5dc57d023887950b8fafeac9978b62ee3be3f5fa9fe8a3b5abe69e27b496b90

          SHA512

          22baf1bb9f05e23b99c104e1dac8d4d227b10ec116524f0966dcebb36c70e9a2fe361b5a1b0f7f3450b050161ba1f9ae2caa9924a4c8ec71558a4d797fc462cb

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          0ff03c6b10d97265f39627b53c532ecf

          SHA1

          42f30a0df83d0f786905b5faa399501627f38678

          SHA256

          0c4bfbe68590a84c13190130af51c2553cd37437226a366ecd7a49addc15e057

          SHA512

          c40ace7ef832dcbc6e63b6133530da43929a0da34b2b23dbd6a7d9401f5b321926b4d4edfb6294b26cd21877195c198898d709d4d947524b7aa7d9ce7f02cb89

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          9591d4e3ddaf848fe8af4118ea6a4e3b

          SHA1

          ce67e87d0d504097c851719eae832d13e59dbb60

          SHA256

          e1973dd304d75e424ce393be5fbb78a482cd1d64473c044d71f64964cf8e74fa

          SHA512

          d32292df786776c176bbfe359a6d07997044e408399fd78838bf72985ef9c35531d1d07bc2a8f2b008e477427381a5ee0f2f66a3b547c6b164a93e0e101a5a9c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          3295c14f638d4f522e7c8d6501a06155

          SHA1

          f6e0fa037096343cb36e8c9b6bfddfa21a7a710b

          SHA256

          09426974aa100b48cb7f2d0306009b799ec5411688c689de996c1dedd3036d62

          SHA512

          4f54387c2c6e27bbda0b72f9be7cd5646fd0256fa28e0938d5f55d341f56733eb0ccfc1d8bb9319c0d1f9df7bff3e72f89525dc51542d3d1a333bb8025b506e8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          b078fbfaa4423089b8e48001cd41b449

          SHA1

          7238ee01ab2377e8e79263c2864fe2301d823d15

          SHA256

          c173b559323eeacb152eff82a2806f70408478e9e61907d7b5fcab4d7bd17ac0

          SHA512

          a58cda33c78595ab850a4335423e6a7becc25e6be486a2847614c9b032b489b7a101ecb0b7c5da56dd4059940c721363c29150e6b43deb67ef3f94bf7fdd2e29

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          6a469ee1c10bea36df5d786a102430fc

          SHA1

          d2df1330fe553e9c9b4ea9b5e5d3e0ec7d657273

          SHA256

          fd2a71f5452ce0fc8a1cbb65a6c3f12b75432bb0d9c144b789c0ca6bb79253b5

          SHA512

          21c1dc95d0a63cda303822d94665fd79bc135dffb453541ebd7aefee44bc6445b52972b55429d5fc2b037c88c543cc524c7c00b2330672a57de710b30dfdf17c

        • C:\Users\Admin\AppData\Local\Temp\Cab6BC1.tmp

          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        • C:\Users\Admin\AppData\Local\Temp\Tar6D1F.tmp

          Filesize

          175KB

          MD5

          dd73cead4b93366cf3465c8cd32e2796

          SHA1

          74546226dfe9ceb8184651e920d1dbfb432b314e

          SHA256

          a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

          SHA512

          ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

        • \Windows\SysWOW64\rundll32Srv.exe

          Filesize

          52KB

          MD5

          17efb7e40d4cadaf3a4369435a8772ec

          SHA1

          eb9302063ac2ab599ae93aaa1e45b88bbeacbca2

          SHA256

          f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386

          SHA512

          522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450

        • memory/1772-473-0x0000000010000000-0x0000000010018000-memory.dmp

          Filesize

          96KB

        • memory/1772-505-0x0000000000190000-0x00000000001A3000-memory.dmp

          Filesize

          76KB

        • memory/1772-506-0x0000000000190000-0x0000000000192000-memory.dmp

          Filesize

          8KB

        • memory/1772-1-0x0000000010000000-0x0000000010018000-memory.dmp

          Filesize

          96KB

        • memory/1772-3-0x0000000000190000-0x00000000001A3000-memory.dmp

          Filesize

          76KB

        • memory/1772-10-0x0000000000190000-0x00000000001A3000-memory.dmp

          Filesize

          76KB

        • memory/2484-14-0x0000000000400000-0x0000000000413000-memory.dmp

          Filesize

          76KB

        • memory/2484-12-0x0000000000400000-0x0000000000413000-memory.dmp

          Filesize

          76KB

        • memory/2484-15-0x0000000000230000-0x0000000000232000-memory.dmp

          Filesize

          8KB

        • memory/2544-29-0x0000000000400000-0x0000000000413000-memory.dmp

          Filesize

          76KB

        • memory/2544-27-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

        • memory/2544-28-0x000000007705F000-0x0000000077060000-memory.dmp

          Filesize

          4KB