ramnit | 3f11b1baea4d963b84619414c42c0bb1b78453bd18660bfe59e77893434c6223

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 11:28

Target

dd487124d0350a64d4437e4c5cd67630_NeikiAnalytics.dll
Size

68KB
MD5

dd487124d0350a64d4437e4c5cd67630
SHA1

9748f92ad1ee609de8cc554b0a49bb9e1c928ffc
SHA256

3f11b1baea4d963b84619414c42c0bb1b78453bd18660bfe59e77893434c6223
SHA512

65760988f027bb0515bae118469413bec99d2b21b7850b45944ef9af50d2f3164a513a0c35b973b8b5967dcfa824c89a50e10a7df23a23e397afa8e3ae2cad28
SSDEEP

1536:MLNd/Pk7btaoX7DypKr0wN9YIUSS9erBml0iZs3m:GNhY5aora80m9YI74lXs3

Score

10^/10

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit

Drops startup file 1 IoCs

Processes:

rundll32.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fvoyqths.exe	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3060 wrote to memory of 2212	3060	rundll32.exe	rundll32.exe
PID 3060 wrote to memory of 2212	3060	rundll32.exe	rundll32.exe
PID 3060 wrote to memory of 2212	3060	rundll32.exe	rundll32.exe
PID 3060 wrote to memory of 2212	3060	rundll32.exe	rundll32.exe
PID 3060 wrote to memory of 2212	3060	rundll32.exe	rundll32.exe
PID 3060 wrote to memory of 2212	3060	rundll32.exe	rundll32.exe
PID 3060 wrote to memory of 2212	3060	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd487124d0350a64d4437e4c5cd67630_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3060

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd487124d0350a64d4437e4c5cd67630_NeikiAnalytics.dll,#1
2⤵
- Drops startup file
PID:2212

memory/2212-0-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download
memory/2212-1-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download