Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
26-05-2024 04:18
General
-
Target
e92712c5a1f3cdd8cc0755932127ad16adc81af5d84da50c2fbf036205263335.dll
-
Size
38KB
-
MD5
66b10b8fd5cd5bac42790cfd046a0b72
-
SHA1
84c5ee4e4a80739aff2a702386fa057714a3e843
-
SHA256
e92712c5a1f3cdd8cc0755932127ad16adc81af5d84da50c2fbf036205263335
-
SHA512
658ef6def3a1b476079341e96cbba6a5e4a9e4224798b0c1e70d76ba21ccbae4d4284ad0b12ae85e873b61d79c09c7f4922b7b7a885f8d5ce4d19b6cc5bc056e
-
SSDEEP
768:Bs+/gMsLIn/wIj2labk+1IsceGSnkmJ0Yblr583CJrVV7UIXU76m2szqVV:WD8w22laSR0V+3CJrV7XczJz
Score
10/10
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Drops file in System32 directory 1 IoCs
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e92712c5a1f3cdd8cc0755932127ad16adc81af5d84da50c2fbf036205263335.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e92712c5a1f3cdd8cc0755932127ad16adc81af5d84da50c2fbf036205263335.dll,#12⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 6043⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1252 -ip 12521⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1252-1-0x0000000010000000-0x000000001000D000-memory.dmpFilesize
52KB