ramnit | ae3f2a38a2af4c0e601c423a5bb4d82612cdf5cdf17e0a429f516dff9e20cbbd

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 06:17

Target

7ab6655bf36121af49a0618e6325e8f0_NeikiAnalytics.dll
Size

38KB
MD5

7ab6655bf36121af49a0618e6325e8f0
SHA1

fbbcdb73fb347dde29409c4e1f9e4c090dcea637
SHA256

ae3f2a38a2af4c0e601c423a5bb4d82612cdf5cdf17e0a429f516dff9e20cbbd
SHA512

5a8b71dbd99820e28e6b684e0cdf9f8e0825f9f5730bb1edc7149bb868ab1fec62dc374a151c99c86a3eaec91c79dc9893e9cbb59a0e53e2e4cd3621d6c42ba3
SSDEEP

768:Bs+/gMsLIn/wIj2labk+1IsceGSnkmJ0Yblr583CJrVV72IXU76m2syhVV:WD8w22laSR0V+3CJrVpXczJy

Score

10^/10

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Drops file in System32 directory 1 IoCs

Processes:

rundll32.exe

description ioc process

File created C:\Windows\SysWOW64\dmlconf.dat rundll32.exe

description	ioc	process
File created	C:\Windows\SysWOW64\dmlconf.dat	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1992 wrote to memory of 3020	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 3020	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 3020	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 3020	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 3020	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 3020	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 3020	1992	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7ab6655bf36121af49a0618e6325e8f0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1992

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7ab6655bf36121af49a0618e6325e8f0_NeikiAnalytics.dll,#1
2⤵
- Drops file in System32 directory
PID:3020

memory/3020-2-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/3020-1-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download