ramnit | 6aa85870d103c277bff8d458cc38a5be566b6dfc26f83bb69c5850572374a8d9

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 05:02

Target

6c0efd9f6707c658629ccdb877c64bb0_NeikiAnalytics.dll
Size

38KB
MD5

6c0efd9f6707c658629ccdb877c64bb0
SHA1

e3720a0fa2416bcb3a86a2b04e121a5c18809e2a
SHA256

6aa85870d103c277bff8d458cc38a5be566b6dfc26f83bb69c5850572374a8d9
SHA512

8de845bc790b0be6d6f1b6e9bb23e07d4fe5ecf22dc390eb65c78be2f23919ed83b5fc122487f578e0726468dc6b2ca38ac9dccbda6ea1b52045db28eaa15fba
SSDEEP

768:Bs+/gMsLIn/wIj2labk+1IsceGSnkmJ0Yblr583CJrVV7qsXU76m2smIVV:WD8w22laSR0V+3CJrVNXczJm

Score

10^/10

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Drops file in System32 directory 1 IoCs

Processes:

rundll32.exe

description ioc process

File created C:\Windows\SysWOW64\dmlconf.dat rundll32.exe

description	ioc	process
File created	C:\Windows\SysWOW64\dmlconf.dat	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2776 wrote to memory of 2344	2776	rundll32.exe	rundll32.exe
PID 2776 wrote to memory of 2344	2776	rundll32.exe	rundll32.exe
PID 2776 wrote to memory of 2344	2776	rundll32.exe	rundll32.exe
PID 2776 wrote to memory of 2344	2776	rundll32.exe	rundll32.exe
PID 2776 wrote to memory of 2344	2776	rundll32.exe	rundll32.exe
PID 2776 wrote to memory of 2344	2776	rundll32.exe	rundll32.exe
PID 2776 wrote to memory of 2344	2776	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6c0efd9f6707c658629ccdb877c64bb0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2776

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6c0efd9f6707c658629ccdb877c64bb0_NeikiAnalytics.dll,#1
2⤵
- Drops file in System32 directory
PID:2344

memory/2344-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/2344-1-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download