Overview

overview

10

Static

static

3

380232c4d7...dc.dll

windows7-x64

10

380232c4d7...dc.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17-04-2024 09:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    380232c4d78e4c015ab8469ff62c8f2d4d44f2ebbc3aca0baf26d785402d87dc.dll

  • Size

    353KB

  • MD5

    c04f67210a558c26d0132036cb2d0c25

  • SHA1

    5896f685f25d4908826960d5dd3e0e82ce2e00c1

  • SHA256

    380232c4d78e4c015ab8469ff62c8f2d4d44f2ebbc3aca0baf26d785402d87dc

  • SHA512

    825857f3e8020003cd6bf2acac6be61e3174be77ed9aeea77f8cfb6e277d601abdb575f84fac5df3683d225df9902e048a05c10254519170bf811e5917d9b2cd

  • SSDEEP

    6144:O1HCQc7/p7NthksJroUcdp1bw/uu+eLDXfbrTrzDIPS0iYrp1Hfmn1T:O1HCQOTthksJroUmp1bw/5DXfbzz0PSn

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\380232c4d78e4c015ab8469ff62c8f2d4d44f2ebbc3aca0baf26d785402d87dc.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2960
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\380232c4d78e4c015ab8469ff62c8f2d4d44f2ebbc3aca0baf26d785402d87dc.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:920
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2340
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1292
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2996
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2996 CREDAT:275457 /prefetch:2
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    cf68a5706f7684ca8945286167db2b2c

    SHA1

    4f63c8aaebc961e21b57c8d34e9a6d6d7501e8bb

    SHA256

    996ba84277ec38e2385f36834396385656fb516257fae39250f04db754e02a9c

    SHA512

    1f7c69bfe4203f826700c13bc50a133b4280808b90ed987589db30f13724e269cfe984d633a4673c9269714d824f739ba84e50f608b809ea3ea122f253d04527

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    9ba5d84d385fdaba2000349b969cd5f1

    SHA1

    2680f8783e164459c3c8f825f1324bccd5d94cec

    SHA256

    5fbffcdc175f5eccdecf72ba0550d3052c033b0f033cf3422708e85db3b471dc

    SHA512

    d25c8af5b51de843da0661f660bc6ce7128dccd5553a67948a2f1983d4e31471e1a3e5e688f71e8c6b50376eb4642c3d56ad5d105237fb801f39c08686d8d38f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    25da4296bcc6be73a6c747007b1151e2

    SHA1

    c331b080dcebb1aff4b83f77a2810b1c64404fae

    SHA256

    4b3d6b96949f6161a8c0c87728a5c430eac8599f94757abf498f13a0a95e241b

    SHA512

    ee817b92a512e17d792e9e01c4312d6b38457b7997c2d6d89e6b098417f0c557d024364eed53c5141d0237305dbe0a8a39d5a2f29910f9a33b747b6a231f0f77

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    620c7f5fd09b2aa518b306a15cf45295

    SHA1

    4200ccfc56856afeff88a8c23a85825e747961e0

    SHA256

    8707b000578a009764ef911c9148eac649f2771590487b9df86094d9633a8307

    SHA512

    40d3ab6ca4014376c74b434b6a56621c5320b223f0e1fd2101735bd6f0e18c5816b38232195f4e5bf4abe4ff19cccd5655abae50598f669cb9d39e2392a17e6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    8673dcf80feabe3cc254aef99316028e

    SHA1

    7ed893b965b1f88f7b7f24e1824aa05eba573ad1

    SHA256

    c6814c31032ef7a77c371a41a3ec7b8df4ec0484fd00df4bcf0e2bdc66e8a454

    SHA512

    9829c46c20ce25dc54e78a2fc372664c8370fd62c5479e912c593a719af64fea18638bc8a69bd898831c2829ebbb8dbcf6b748476ac75a456a2cb8a1cdf91d06

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    03c6c4c2b53661752df9dceadf4afe1e

    SHA1

    6d683a2f0cc6f9d08e8572038d9d57cc3efe4357

    SHA256

    818f8ff0b2b1666f6f0709da56d19e7ba51e7ba75b3c77e07efd4c0d2ec04e3c

    SHA512

    34c20cf5b87540c42528d286b231314dfc6c5f07168391cd7567d1bb9f786aa4b47c085044402fae6c2f462d148bdaecedac9e643165d10b2d399f024ffd6eac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    fe135e1077e97c2bd1bc6e91bbfd57e7

    SHA1

    90aa8f5bffc979c93d191db0af76059d9d0bc41d

    SHA256

    3597c5ca43cc0e54f8e6c012399a1338c5381afb75789c0487a9827197a38381

    SHA512

    f6b758b9c6780d96b70073ae3cb50d04066f715b1eaf326f7bfe299139c52e983023334cfe03c9f2e813f743c18b44e306a0c442aa5eda584057562997d261d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    0ef387116fc5c7d870cce8a590f73f31

    SHA1

    b878ec360768899517383642115092d48db8fa25

    SHA256

    ecf400316fb7713af11b5fa717b93c2355d282c6c2a61df85dfb28b3fd6a941e

    SHA512

    1bb03c59e6f42c3047595ea1308c877bf8efdc94321e0e82eebb4dd5cd16070b4a20f03e29882c2d035e75e577a7ca52d1937ab0e36a76d8c2a1987eef9a215e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    462332975fc7e7f0dadb1d8aa17a4fa5

    SHA1

    0676818eb9c20ab18456c78211cfb12e2d8f5a8a

    SHA256

    f98f6941ec666bd83214858994f45354b2ce0e43063fd2085fd43f0a0580db15

    SHA512

    cf0a7b262d148af4f73a217d3b6999fdf1b8c8798300d10563ff63015addd4ac083d7240dc815a26ecf1174dedbc3aedcf9622c6248a5485d6ed94917603053c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    6a6032dffa1b3c7c06cb6db953aadd60

    SHA1

    1c1925b921321b2ef0717d2fcc3c416b99fdb162

    SHA256

    aa1717ad71436edb8ea57449276a700c2ceea8f9b9d435bb7dd83554928b279c

    SHA512

    b78b392c2e2c7270ad3d5e6921c80f58afa26648983cc7ba6e7583f233ff0206aac841eb2707a2c8d269b5b47caa4b6a8aa1c91dda4e383699c1ac4b718018c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    0578990549a4d4ad804728327a7e6592

    SHA1

    cd787d746a0bd636a527a0d23767078a6a130607

    SHA256

    cd723aa0972c8b10aab0c8d4b0082afb85b68acaae267e974da3de95f16b4fd8

    SHA512

    653a9d09994a6db8a49e24ced414064b42101b914f9df86e9465bd032266e3fd33c7d2b0e978a109e040deed48ba9d7dcbab6859c640be22c47741cada4707e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    2e789208e77d734a4eff5dd6e6b46d0b

    SHA1

    a44eb44aed148fd1673f595484f4ae4747b30a8b

    SHA256

    3fe93154786625f8c91715a410e0c6a0e5e70c75cf1b309681b68663cb01ecda

    SHA512

    10b64db2ce4527103c9ec833f7301e8a0c99bf8a51e4e6784d909c16d38365a874325980fdb05ef6a913bd3e8f0e9e5a87d7a60b7f67ce17f2476e28e43b13e6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6154.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6459.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    42bacbdf56184c2fa5fe6770857e2c2d

    SHA1

    521a63ee9ce2f615eda692c382b16fc1b1d57cac

    SHA256

    d1a57e19ddb9892e423248cc8ff0c4b1211d22e1ccad6111fcac218290f246f0

    SHA512

    0ab916dd15278e51bccfd2ccedd80d942b0bddb9544cec3f73120780d4f7234ff7456530e1465caf3846616821d1b385b6ae58a5dff9ffe4d622902c24fd4b71

    Download Submit

  • memory/920-5-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/920-4-0x0000000010000000-0x000000001005E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/920-0-0x0000000010000000-0x000000001005E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/920-2-0x0000000010000000-0x000000001005E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/1292-19-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1292-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1292-22-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2340-10-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2340-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2340-20-0x0000000000240000-0x000000000026E000-memory.dmp

    Filesize

    184KB

    Download