ramnit | 1a0eceafd5e51297e3954f1950dd59f97b9ab2855e49defa61a0d0a2318e24b4

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 19:08

Target

1a0eceafd5e51297e3954f1950dd59f97b9ab2855e49defa61a0d0a2318e24b4.dll
Size

38KB
MD5

686b99d21dab87aec47c877010713ccb
SHA1

e0253107f4311c92913e2741657eef19618426bc
SHA256

1a0eceafd5e51297e3954f1950dd59f97b9ab2855e49defa61a0d0a2318e24b4
SHA512

048f49343fe891165b3b5e9bd33c6408fd1f2b94881abd9a3599837659fa53a6f94053513100c10140561ac2ae2f2210ef35032a6741d438b2285d7c4e90a0d6
SSDEEP

768:Bs+/gMsLIn/wIj2labk+1IsceGSnkmJ0Yblr583CJrVV74sXU76m2syoVV:WD8w22laSR0V+3CJrV/XczJy

Score

10^/10

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\dmlconf.dat	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 2936	2748	rundll32.exe	28
PID 2748 wrote to memory of 2936	2748	rundll32.exe	28
PID 2748 wrote to memory of 2936	2748	rundll32.exe	28
PID 2748 wrote to memory of 2936	2748	rundll32.exe	28
PID 2748 wrote to memory of 2936	2748	rundll32.exe	28
PID 2748 wrote to memory of 2936	2748	rundll32.exe	28
PID 2748 wrote to memory of 2936	2748	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a0eceafd5e51297e3954f1950dd59f97b9ab2855e49defa61a0d0a2318e24b4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a0eceafd5e51297e3954f1950dd59f97b9ab2855e49defa61a0d0a2318e24b4.dll,#1
  2⤵
  - Drops file in System32 directory
  PID:2936

memory/2936-2-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/2936-1-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download