Overview

overview

10

Static

static

3

be4f04a6cb...2b.dll

windows7-x64

10

be4f04a6cb...2b.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    26-07-2024 05:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    be4f04a6cb1df55610f461e3e05d81daebe75cbab021746e0cbf6b05389ff02b.dll

  • Size

    92KB

  • MD5

    6ab9c7292fe2829ca577e54bef18619b

  • SHA1

    2a6c3403c3fac73da0c848a06818daae3c722182

  • SHA256

    be4f04a6cb1df55610f461e3e05d81daebe75cbab021746e0cbf6b05389ff02b

  • SHA512

    6f830c9b8984f4dfc4f46c2a3ea06da1d0205f1f3a9467d5091153807f6b0874d5bf03d2039fc5778d3819465e02771ba6e3b9cd31ced9e777eaaf0d82e5259c

  • SSDEEP

    1536:ymg4T4vONoRohd42hcGliEbPgQpZiX+XBFTmtXHVR0xDhjt:yjL8oRQNrPK+PTmV1R8h

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\be4f04a6cb1df55610f461e3e05d81daebe75cbab021746e0cbf6b05389ff02b.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2888
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\be4f04a6cb1df55610f461e3e05d81daebe75cbab021746e0cbf6b05389ff02b.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2756
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2552
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2660
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2912
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2496
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 224
        3⤵
        • Program crash
        PID:2564

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f2ec7ae9983012efe2c7d9ab27dbc742

    SHA1

    a9b200a6e98985bea225dd3e0a3a6ba6616c757f

    SHA256

    06b399799c195b5f76e9ff88d2991a2a48d135db4b542b0cca2d1d6624210893

    SHA512

    4756861a9f99ca5a45db53ac681806c7ac9b97bd7d738a7b93a5f0769ff55ed9a6fcbf0701439e4ca6c6866b8f6d1bb2ebb8e8b9c940af7a23b25674b9458064

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0f6de216dae332e773fb21cd8d05406b

    SHA1

    0f4c018a0355094c10180e87b6dccb7d20db55f6

    SHA256

    f65ff702d1cf42785ec6e299c11f319c3628ab5073f691eaa1dc2fc3769c879f

    SHA512

    0030feba9de705a700aa0d3a343ec10eaca863c3e5a6f886dcbe6cff88014580c9b89e54318120e89fd4abcd0b9c86a2aba1c2ff6bc3206eef1dabc8925e0e10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9192f5fdfbb43969cf7e56b9f3d7db4

    SHA1

    d97684b465e535ef55992bd9f53cefa54aa576a7

    SHA256

    dd5656dcf4bb768e2c70291975d821683bef4f969da3db6b7095e70930a0642b

    SHA512

    5abc613a1699e445799015886630a4711fc957feb6f11dd0fda43e640673b7d22152038a14b9c7630aa948cf96e3264f2aea13df73bfe9f2a8d441d2b5d69a4b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e9e54bea46bcf0c8894f19d1bd05342

    SHA1

    a8948d2c5fbcc58940b21fbb43e483b030455f30

    SHA256

    ff6520ae35854757fb0c2165132ee95dd6070ecb9c7f88f32f7b5b423937b252

    SHA512

    ff5a08a9f72defccd5d0545ef480c69e00d5d733fb1cf944822bc5750f039ffe8e65c3cd37b6703c05505e192978cdf9bcfb70ece12206bd453280063ce5281a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fccac145efcdefd20a3b77e0c3242494

    SHA1

    016c60cb900307d3633c7438460f36b8a907b89c

    SHA256

    671a13fa72c82d23074779fb86c682a9803c81e4b70736d454f7c7720d2fb9bc

    SHA512

    1232084f9782b6a5f9227810d7d455fcfa0d1288e6c4e46ed6598319c1a357aca7235a449b5c2105f38e141b9e2eb23690a5ce098507a51b1933c5948e78713a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65218554723ca93cf0f889b772153d4e

    SHA1

    643a539ad5f1bddb0a2648809dea0a5d9ba8acad

    SHA256

    3e5d0b51717a67665a6608520b172cfd516933271424b359240e30431653b9cd

    SHA512

    4d413d05b816ddb182fda91579fc26da346e990da4a25993a38c3baf18d2ee73d7f8dc6c06c150278d4c9e8a06309299c2f6e6609619103a8e52e13f715580e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef11771e1faa5eb2e8124cc4cd4548b4

    SHA1

    1e79288bb4dc1d832d45571ec1fc8e64934410ce

    SHA256

    3f4a99c8252723a412d64c3f353d00d5553fe997172ab6f6babade87ecacafc2

    SHA512

    03ec0b83e5bae99d5f54f5706a70ef05a2baf8c5ed998d471a9e57ef68659d1cf88fa490df601e195a7f962c8737e0a783283544fdde8666decd7f4cbe998098

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e4a70e8cc5c5263f4710b0bd610f75fb

    SHA1

    c7899dd0015794da20bd6cc4a79b0c31fe2a09e5

    SHA256

    a510957db2459314103be5362c6a0aa57286cce419f7d0c499e2d6fd616c5f29

    SHA512

    d47824bd400dcfe14187b06d75bba83a5e0f32e1ea61fde63ae7b418bc3afaa1503382b759f7dfc74a7d70bdfc42c83e7803b1ae59298d14c17e79254ec9a32a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab392D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3DB2.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2552-8-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2552-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2660-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2660-17-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2756-448-0x0000000010000000-0x0000000010017000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2756-449-0x0000000000200000-0x000000000022E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2756-3-0x0000000010000000-0x0000000010017000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2756-5-0x0000000000200000-0x000000000022E000-memory.dmp

    Filesize

    184KB

    Download