Overview

overview

10

Static

static

7

698020a6be...18.exe

windows7-x64

10

698020a6be...18.exe

windows10-2004-x64

10

$PLUGINSDI...nt.dll

windows7-x64

3

$PLUGINSDI...nt.dll

windows10-2004-x64

3

$PLUGINSDI...nd.dll

windows7-x64

10

$PLUGINSDI...nd.dll

windows10-2004-x64

10

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

10

$PLUGINSDI...em.dll

windows10-2004-x64

10

$PLUGINSDI...te.dll

windows7-x64

3

$PLUGINSDI...te.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...om.dll

windows7-x64

10

$PLUGINSDI...om.dll

windows10-2004-x64

10

$PLUGINSDIR/xml.dll

windows7-x64

10

$PLUGINSDIR/xml.dll

windows10-2004-x64

10

$TEMP/$_89...in.dll

windows7-x64

10

$TEMP/$_89...in.dll

windows10-2004-x64

10

IGHT HACK ...09.exe

windows7-x64

1

IGHT HACK ...09.exe

windows10-2004-x64

1

KailleraClient.dll

windows7-x64

7

KailleraClient.dll

windows10-2004-x64

7

MenuRes.dll

windows7-x64

1

MenuRes.dll

windows10-2004-x64

1

Plugins/BILINEAR.dll

windows7-x64

1

Plugins/BILINEAR.dll

windows10-2004-x64

1

Plugins/aviout.dll

windows7-x64

1

Plugins/aviout.dll

windows10-2004-x64

1

Plugins/bi...ht.dll

windows7-x64

1

Plugins/bi...ht.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 02:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/System.dll

  • Size

    67KB

  • MD5

    bd05feb8825b15dcdd9100d478f04e17

  • SHA1

    a67d82be96a439ce1c5400740da5c528f7f550e0

  • SHA256

    4972cca9555b7e5dcb6feef63605305193835ea63f343df78902bbcd432ba496

  • SHA512

    67f1894c79bbcef4c7fedd91e33ec48617d5d34c2d9ebcd700c935b7fe1b08971d4c68a71d5281abac97e62d6b8c8f318cc6ff15ea210ddcf21ff04a9e5a7f95

  • SSDEEP

    1536:2IfbmtOpUtoqoQvfDrghNT+2w8mbJ1/NfSttVx:bfi4GoqVvbaNXubJ1JI

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:1724
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1712
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2224
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2956
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:2
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2676
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 224
        3⤵
        • Program crash
        PID:772

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4937d41e2880714052fa65e578516a02

    SHA1

    eddaa294079f0fbec5cef9f3e864ef53cf5230e5

    SHA256

    8a5df172a9b9d59cb2ba8235c83791a08d4f5b1b85e4dae937b1b18fb0fa4dad

    SHA512

    6a939be1ffa5750933edf3ee4cef79ba986c199ca63921ba2f3ed2ba1ad754e3891de474d5ccb7891b82dc5f4065213aa13ac5865b190ac862a2c7bbcd00e302

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bbf95b604e77194041907277c026d190

    SHA1

    c80bc9aca083efa6d3b55f4d070b6ad589d45fd7

    SHA256

    a9495ab91e604a542f1a3fb6f6f6ab9e6919bc14f7e77307e1029fcb93fc9294

    SHA512

    3fe009c6e340ba67095c96ef31da17ad5a7b06747dea25d9994751c497f0e95f378ad06d40cdf14cb069d41ee792822c0545de39458292b1fec6079c54bf6ecd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    37d3817fc5009a0c396967fcaa019404

    SHA1

    483528ac31e991abe6ba938eadd32cb7a30b658b

    SHA256

    088ed76943cc37301e4540589e69cc1a7735639b09b020f00944dddc43645f01

    SHA512

    4c60f4d482ad591b0069e48fdd117a2ef151e43a93779c0a28acb39162927ea4529b3653a9c35943d31332ffcf3a61fd8be08c3b463044b0a30b6bb30180c4b8

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    099b2538859d766086d9a00887f66acf

    SHA1

    e18ec7b9e8bc047f1df4e9fa2a29603fc4473344

    SHA256

    089032ec3beb73cc1097553bff6ad49311c0d01fc6d866e42a02201a6c09cefa

    SHA512

    52e7e8470154b12711bbf1a9e209951c0599837843730e27a73e6d9537e0373b08a117e918ddfaeb6070eaf137ebac1a5ea61c6431560c877e261149538105be

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    79454dd075bf23e94595770e7a33f181

    SHA1

    e49db6bd2506f3fdacfc542b550702730e09565a

    SHA256

    37c8a5563e825775d7bd19f00fd6cc8ec2843f189b08540e519d2d29673dc843

    SHA512

    b727f6aebd7f539015b477496325dd2d98b38e48a1607bbcf838ce9713d654364b2429bad073f83cc956161970a8594e9ab781427b903206148d4b961968f2b8

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d6a9617063997d95d4f31054917170bc

    SHA1

    75458cf2589a3ed071e4c523263a0f1c770882c5

    SHA256

    1965ae16dc9a2fe0ce55130377db26b2f45f187f5795e8272b76e96bee0e6658

    SHA512

    75143cce1298398c1832a647365e4e20e46c5c1474767bf0f1024ff84bf7371ab6a7d2bcfc1295103fe5cd71e4f042404887c578031c3c7d950021395b9b9163

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7ad6e57d84aa537dc8619372d2a4a7b4

    SHA1

    834613255c51623f86cc508fa8273f975edc054a

    SHA256

    b5aad232a1315b3d975940b9a27e1a300dfa379c09d1fb26277af1ea026fae3c

    SHA512

    178be8d116cf16d1c175ce6f148b8b9c4767b4de81f8d942ea6e40e923ead840e88b32cdb33b3a3f7816b589a6d8777101522261a6894323df6c52ca5d84e348

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e67b131f0c1f8f3c784bfa40eba063fa

    SHA1

    3f039c68881dd16a67c9f0ef1967b1229a5deb48

    SHA256

    14dc6dc0bec48462168983bf25ab9cb26203ba3df29b6a68fb32f4af1eedfb9b

    SHA512

    c7e42e6da8c7bd89b33d017d577f53c5462646b08d14a3f21fbd8ac5e4930a7fca53ea48d0ebd28501b72665e9baa90782c089854761b516420e15a9392d50e2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dd623012f91a6dfbc4c9c900e90fd367

    SHA1

    9ce25c6657eb44a83aa976f9bb1172c560362f3a

    SHA256

    3660eb4617380c840e249b2f225cc6ed7c742ae0c6f320d8eee6ede09b5b1ebb

    SHA512

    8df53d0f0a74e2a7b9fdd256b17ce7415e05073a17507287566d4c450ff627a709244d821f2b856bf5228ff288e6ab694c1e0aa7e7827f1f354bc53c652dde1f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4cd169f6807645a326f2e2685aad9d1c

    SHA1

    9efb0c5989e717400ead5da3dddb0f38826aa044

    SHA256

    ba881a4aac844ca9fb46dfa78d8869e5b4aa8d9f39ba44a020b475a261ef150e

    SHA512

    774963b481ac0cd55041c982801b52ec918eabd01c29a4ff89b8e6ed285adb364a66d8cac7dbbd6e1cd104b873ca7cf90df5cb695e9efc2fded5af590eb564ce

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    51f7bc356a677c48a14f4fafa0754f09

    SHA1

    c3fe65746b9e7fd8aec0285b42fd5eb3517e50af

    SHA256

    a067f4acc3ca22dc138b7562ab114d1ccc1f60040d27864fcbe1d96da8665219

    SHA512

    dfa66f7ded8aa475812fc5c47f244f4434d5edc19acf676bd121411138f8ad41296b4f4d035ec2be0199a704c8616cd7ffc477fc35fb6a8ef4295bd7a4fc2ef2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d42ff4afb22fb178069e52cc69eae039

    SHA1

    f87b14cd17295c57fa63ece2da64aa375009982a

    SHA256

    e8e5f88adeac7d682058a770e44a57abb46e3bc58ec377b9f633b1bcaaa1d2fb

    SHA512

    d9702c9067120843815220bf81c2828a3422f5c8aad167d69d4f5dc2202570bcf98351a417f2399f4bbc1c9f44ce46a980e774548ecf29bc13d86469837549b7

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a73bc0d90572f7fe3f824f21779acd8e

    SHA1

    4d4b7321e0ea1f7eb3b63502d02cbf122664a8d7

    SHA256

    4bca0ffcc30206e0b68535602eb3d3a710a64929ddda4f5571c82a80d7c48084

    SHA512

    f7f7508b5ce57b1551378c12dc6ad204a215cddac5854dee14547bf483e6b9ade8046dff6f9038c2351f82de65b480b668a7a9d2e0ae298f88b36bdb086d10bc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2de5da7bce585890bd42e317197e4e9b

    SHA1

    5be65ffaadd7de728f1dc4fc7263b41066609f06

    SHA256

    6ed0c0fcdfc232bf11a083242e50cd522a28c1c3785074652ff56c89973ce73d

    SHA512

    2643e3a4c3decbde9b33338dfdc922c884dd94f5dd174e2969065fa0741b305ea36a1d5e21f992d61837a53dd7fc6d60f10a31e3816c5b7bbf61d1fb3d4a7661

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1dd7cac4a3ae50c3c61efc8805eaa7dc

    SHA1

    e7a48cdab00a19ed589c740dddd8a22015761469

    SHA256

    8572037cafda8907fc645bbcf6a4d1090724ef61dd51af86353e01938cd584a1

    SHA512

    ac95d4cbf453cbb993a30eee971c9751f38c399c98614eaacacd83e1b4cf3f6a1c060ddc37eaf9cad2a5483940a919506fa05b9c2b03172e72d9a86a0e5324e2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9ce853a8f18e13cf9cd2dfce384c1c9c

    SHA1

    75425e04c1bbf9c9457f12c68bdb8a515d78fed2

    SHA256

    67525370c81c5833fb04f29ad91c4459b3190a92d0a54719842bfe36da561abb

    SHA512

    509e52182f50a7b80aed203142c5834a9b464b68495bc9547027818dbf3adcd899b8f8778f55140acb49b312612ff49205e19a2aeff975161fcd74bcbda38839

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    219c8e9b8c91f034b1aad52fc62dd13c

    SHA1

    bb5b8780122054269bb73a347c817b17e0d12613

    SHA256

    d1a227e40b9c4706a7761d0619492cf448b23b6e2217e415aeea2480f377d568

    SHA512

    f995613da5a756703b77c8fe200cad6ecc572582b17cdad0b45426ae374ed11f226f96036a260d54130f1c0fae0ada9b19f26fb99eec7efa9bcb70260e4ce197

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bceb0c94566d7de445149c80e8eb928e

    SHA1

    db0ed5c137acf4e88d97403dba70a1a0b8e26800

    SHA256

    08816d1b03f7b8dd66e36e1c191aa50b9f597e1678bbe684c6b57abc13e3d476

    SHA512

    cf73d43aa32bf2ecad473b8706fd86a5e56d3b21118401a376d216694cc7540993c88eae423700d3f85a1b0f51ade853190c89cda1dea5b7c7b2901833e2d83e

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab2703.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab27F0.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar2814.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit
  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit
  • memory/1712-10-0x0000000000230000-0x000000000023F000-memory.dmp
    Filesize

    60KB

    Download
  • memory/1712-9-0x0000000000400000-0x000000000042E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/1724-3-0x0000000000130000-0x000000000015E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/1724-1-0x0000000010000000-0x0000000010015000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1724-495-0x0000000010000000-0x0000000010015000-memory.dmp
    Filesize

    84KB

    Download
  • memory/2224-16-0x0000000000400000-0x000000000042E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/2224-19-0x0000000000240000-0x0000000000241000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2224-18-0x0000000000400000-0x000000000042E000-memory.dmp
    Filesize

    184KB

    Download