Overview

overview

10

Static

static

3

Client.dll

windows7-x64

3

Client.dll

windows10-2004-x64

3

Launcher.exe

windows7-x64

1

Launcher.exe

windows10-2004-x64

1

MHPClient.dll

windows7-x64

8

MHPClient.dll

windows10-2004-x64

3

MHPVerify.dll

windows7-x64

1

MHPVerify.dll

windows10-2004-x64

1

Main.dll

windows7-x64

3

Main.dll

windows10-2004-x64

3

game.exe

windows7-x64

1

game.exe

windows10-2004-x64

1

main.exe

windows7-x64

10

main.exe

windows10-2004-x64

10

msvcp100.dll

windows7-x64

3

msvcp100.dll

windows10-2004-x64

3

msvcr100.dll

windows7-x64

3

msvcr100.dll

windows10-2004-x64

3

msvcr110.dll

windows7-x64

3

msvcr110.dll

windows10-2004-x64

3

msvcr120.dll

windows7-x64

1

msvcr120.dll

windows10-2004-x64

1

ogg.dll

windows7-x64

10

ogg.dll

windows10-2004-x64

10

trz5772.dll

windows7-x64

3

trz5772.dll

windows10-2004-x64

3

trzD978.exe

windows7-x64

10

trzD978.exe

windows10-2004-x64

10

vorbisfile.dll

windows7-x64

10

vorbisfile.dll

windows10-2004-x64

10

wzAudio.dll

windows7-x64

10

wzAudio.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2024 16:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vorbisfile.dll

  • Size

    976KB

  • MD5

    e7250bf54e288824e61160c65a6b31df

  • SHA1

    d160c83b363c5c910036ba6575991408b3e1582e

  • SHA256

    525d5849837c0451edc855172917b94a1b48010c781ba48f620efb9f5e597055

  • SHA512

    571c92306a04c0d29dd9440ff302816fb1444a236f1257eb3c816664aaa1fcaaa889b3524dbc6ddbe3c8dc4c40a500eee0f912cea2ccf173a34813b06384f7a1

  • SSDEEP

    3072:TqGX5jydWUVF5LFTBgbsi/K4zxkZ0lm6U58BX3ZnMR0ILJ:h2dWU75LFTBusWK4CVoX3yR0

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\vorbisfile.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2308
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\vorbisfile.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:3008
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2588
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2640
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2940
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2560
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 224
        3⤵
        • Program crash
        PID:2656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    11769fc5f065cbce386af5dffb71b98a

    SHA1

    713bfe8eb24ffa4e7208c1cc3dcba2098597ee3a

    SHA256

    63d1b97502da83a93789960ce8b8ac4b8f7eb2eeab11cfa05ae242c814df07ca

    SHA512

    c4cc032f4adefa4f39d6bd47411bd47828ecb19f26094bff0fc6958d3cd685c04befabe5d80a4c0787d4cb81b8dfe4b41d5f71e1bf7c173920ac26dbe9907721

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c816d189d7179df1e594fa6fd9ccc0fc

    SHA1

    41f0f116a473ad8ee504a12bfec03bf4bf3b14da

    SHA256

    514aa81bc8dde0ac3ea66b24ccc37d442798be409f09b01d822718d21f3c9830

    SHA512

    0e0afb18ccfafb96222ca05e16121113fa8e2e878c51339d5d878a56c9262a3e55c4094da9a4a857064c6099cc683fe804d0b8274296179950d4370598897cfe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    17f4e0d11e8f70a3109ad202d1905e29

    SHA1

    7087a59a70d07a4808c6e0b60174ce80ccfae91c

    SHA256

    dfbee8f47833f5e01e3fdd45fd5ef6275aeecf5410ba3e6df7250b8d7150eceb

    SHA512

    058b38ab3cfacb2d1d04cbe894dfcafc5c96979346c2baafb71e49aa2ea3687669fe5bc711c71b6dde46a48891f85030b517df40c01b6941c3e8370813c8085a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    41a0012b076eb3edd5044db9e01422ee

    SHA1

    3d26c729af1247b9090b4f904cbe224016790bcd

    SHA256

    9326791f56bf236053e2f6010fc177a20a7937b0d8e6cd3c59b30f9bb0cccd73

    SHA512

    a9085fb5d601ca9cbf4394792035d207d11c28c4a4633ac7d9ce1b3e87d00fc5582fb48848a0462a2b58c49431da90f28b66b0369135087b81cd31fa7aa017c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4d99d8cca7fb789fecbf9a39404a0f2b

    SHA1

    f53422a779127f2413bbd846ba24dff8a34a9bfb

    SHA256

    47baf0b8ead895c504e8c8e1520a69f2bfbe4fe19334323818e812e9ffd2e159

    SHA512

    8a2f5cbe8c58fc0ffeee80d72efa92d5a3b2c0bc107f60e77c8a408d578e6986ff2a4889b83e69bef8737a2d3a99809fc2ee96d4e082a9a02860c38061ef723c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f3b3438727e6fde7a41880ff5dffc1a1

    SHA1

    0ca45c314ff99f98985c180d333f5e7f34d22cf6

    SHA256

    bf7f62a2767c93156e2f0378302334bd0a569a8194cec712fd344cf6ab273b05

    SHA512

    054394e22936cab93291b056c1a419765c522cecfc7ac2a7c7615ab604b6292ab6372590d2cb28d70225e6c16d2219c3b2eadf659e103b03d2c5a41ed91089a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fe30fa905abd31c2a854b4c0dcecbd8a

    SHA1

    813393e8559d0d124acdf3dd3b459c5d5779d5df

    SHA256

    4b93ea386fc735b12d73edb0d7f9bb367a8191c952571cd99193443f19c10730

    SHA512

    caedaaa6212b169d6a237b6c3bc92c6b7ae1255e322fc05b832475c4b5fa6c7899a2dbe9f56c661a8ad333427fa25e80d0b57acce5c58db9a341c2dd63c67786

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    34f7bb05afabfe95de771279183fac1c

    SHA1

    24e4430cc3c35e3d6baa88f8787501ccf8066288

    SHA256

    19046e24bd4e7b59bc826c21412e3d71df555ddd1243e2b86b26d2cba6400769

    SHA512

    c61f1c2eda1ce507937091295e7183c53c33ac98e2847eb332dfcd5c78916742c9bfccd17d3b9c3eaffa3b89aa5a9d3d04563262f21d43fa645a299382bfe64c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d203e84ab1183766a3f41f15f8f549dc

    SHA1

    5a89fcd49bd83e978e046bbda8f0d47f20bd46d7

    SHA256

    80a94cb336ecfca8622c369f094468d577fa421ea461d283b2b547e6e0e64cc6

    SHA512

    ea1a05a0a569874f26bd056735eb4c7dad1328ce2a8af50f11dedcf7df927c2e7f4efb7004daf7d4ed08b9148ad6f8f398a558943f675bd2e1975d9435713184

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3f16620fb4c388f03c11a0378d4ce86d

    SHA1

    ab28aeb1a7eab7b0b9fe7203a6cff4fc882af0c2

    SHA256

    de3fba4ebd5b14241911295c64753c887b48f83a6f89ee7d1c71031d7d00a182

    SHA512

    650a829fc83f3f13468545be0277ff63af976f22a967937b6f6edf7fa2b376142d5b0acc4611025998f9a17df16e986830faa50a7c1bf8ae7bf730c669204f20

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fa3b648aca5fbbebba91f666cb7ff080

    SHA1

    e6482aa75205813a705e997a191978157cca6a50

    SHA256

    6bca8a119b9f59a8ca1c05c08d33aeac7af482fa22560f4530b99eb61bd7259f

    SHA512

    c537c7a5d5ecad341735738f72235253a6d5679593fca44481b3a7fcec2edbca8ccf3805e7255ecaf69902a0798ad9eca09c85ba89973bb3c0cf436fe26af865

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b0134652b9770907db9193d0e9b2cc52

    SHA1

    c4773bfbaa786cc5969c3910bfe69675ae15e8ee

    SHA256

    e2900b4800fa1bd78f3b3fde20a097f8e8a9c55c35ad648856c8747dd9ab7f69

    SHA512

    7bbfa7f2b56dd255bc72cd539f922ca759a29d149b432c97dfbeb5d568a292ce40b444c021b75e00de052a63ce6d52f6c2836faaf63a01ada5aaabe790df8a7e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a4b607661ea944954d93ed10305978b1

    SHA1

    ba79b0b68201ae39c26e68ae5bedd2158d602cc4

    SHA256

    69bab2854a7037b947776c3d369d591fd45816811567273ff33ef6434e1cc888

    SHA512

    66b654975df13aadf6e2ddb8fd0decc058f14cda7e811e255fc80c4184feb8f157e37bce86d34d19bfce3da0877b4960209aa76305adcae139783638a20ad1a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8ba96315563db094b8c193c8184032ec

    SHA1

    54d4316119b4159930f2eb80755af5111653f5cf

    SHA256

    3da12fb9118e51afc4e618797e7e73d49c12f13946396d48ca736426e7913b62

    SHA512

    3af1d90c5cc4f01a07bbaa0f2a92a16e69f707a84f5c55ff356a966e5cbb8d7d80c2f303c415d9bec350d5e4b64893437f302bc366631db3f0d107b7fcbd0c37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    085456dfffdc6c4446c60d0c199e5f07

    SHA1

    444dc8fa081d263ad1266b970649f9623d2aea3d

    SHA256

    9acdbb477d2e2dfa5ab9782af758c36c68c8d3c001a0b6c854cc1615b21aa80f

    SHA512

    8394793103c896f69bef04ed836c88ed9884ed94797536c518da6be2253fb585b5f4173f6a682d6db19026a10a7843e29fcf7bb327bc8a465a0c084ec3b33d2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    58756ac85f133de948211ceafaf35d08

    SHA1

    3bf8db3512be71cb319376c6457ed70e92072998

    SHA256

    0240bc62fc5427bd54362629273e640430d085315acba99df0b783ffd2e2cb05

    SHA512

    390f8b8007778f57399220fee2020da270dcbe8da1daa3f7eec3db04c2b65887b681738352b688973b0fc63834dd170afbf8f09aa3b4a13c72091dbdfe0130f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a188eb5bdb2598e418c5fd30324c9c28

    SHA1

    bfefd3a8736f8d93a55434c286eb317db9f163b8

    SHA256

    ac912246d16d869ce8599197e798de4d199cfd67fc11fc20911fb7f4f1668be6

    SHA512

    f5e2f471a54b0301a4de8c14135214734c0553fd9313527c7ba35a101d4baa34df6c343a30deeaff4a5f5beff5f42d04b6cd8ea31d980124b4a29f8f986f2593

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    67743311288919474210d403b3713dcc

    SHA1

    33fc2de516d92d404a82eccfad5e0b1b657629ba

    SHA256

    fa4860ede7c38d6f96cbf3135fdb8090d6e02ead5acb514380603b2d5c86f307

    SHA512

    87d3895537c3af12d4096cbc31a6f0e094e60dcee2aa6801223c1395f2c56083d8c91aa2123ff9c7f8dc399d612d7948a1d21bf2c0b11ed3ecf962de562a3c84

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dbbfeb8d6151d71f884673803c5ecbf9

    SHA1

    1d62515b401de35c30ab13aaf0dfb6576e96a7c7

    SHA256

    7ef5cf2ff5dc147f5da781336376f5f061a9220869c32daded1e422be4bf43e6

    SHA512

    37eaa3adc22bdcc170d1c6373bb4365fefee24e2ef5f112b9c44770c8d4fd8121abe3913fda459135045aede7dd7c6d65081b081c3652fdda5fed7ab3ba45c14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a22b386878a2c9066f03d0aa1f3ccd7a

    SHA1

    9fcb35f154e58fee9d2279d9af77653a15f5afc7

    SHA256

    e4a6b67fb8ebf6af75f97bb93aceccaf8111eb82aec1716496ddde1a72ee505a

    SHA512

    dbb729df0e91cd2690aa84728d5da1a639a872e028ec4e0cef1fd68875add28d9ccc733aa886adafdd229d0ea7a41450499eaa0922ef9ecd7124e33c8530a56a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2398.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar246C.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2588-8-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2588-11-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2588-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2640-19-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2640-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2640-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3008-2-0x00000000001E0000-0x00000000001FD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/3008-497-0x00000000001E0000-0x00000000001FD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/3008-0-0x00000000001E0000-0x00000000001FD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/3008-4-0x0000000000200000-0x000000000022E000-memory.dmp

    Filesize

    184KB

    Download