Analysis
-
max time kernel
92s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
26-05-2024 01:44
General
-
Target
ad0ee3befcccaee100604ec06bc00234090e6d909bf42e5da535e1adb067abba.dll
-
Size
38KB
-
MD5
3c1e3f70d047493c75718f83b6cc38ed
-
SHA1
5d482de43b196641b28f487a959ac13a9a55ddc1
-
SHA256
ad0ee3befcccaee100604ec06bc00234090e6d909bf42e5da535e1adb067abba
-
SHA512
509339039d364ce7b7cfe4dcd2f5673becb00ee85bd1bb1c9e336b626826a00d85eab5a227b063eef0f5ba471777fac89b7c5f81236346bcce1df92fd584dba7
-
SSDEEP
768:Bs+/gMsLIn/wIj2labk+1IsceGSnkmJ0Yblr583CJrVV7HsXU76m2sRGVV:WD8w22laSR0V+3CJrVmXczJR
Score
10/10
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Drops file in System32 directory 1 IoCs
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ad0ee3befcccaee100604ec06bc00234090e6d909bf42e5da535e1adb067abba.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ad0ee3befcccaee100604ec06bc00234090e6d909bf42e5da535e1adb067abba.dll,#12⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 5443⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4484 -ip 44841⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4484-0-0x0000000010000000-0x000000001000D000-memory.dmpFilesize
52KB