Analysis
-
max time kernel
69s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
29-09-2024 20:43
General
-
Target
42747b2c267d9c032e47e840a8170c3dab99148625277d57a656f668fb0591fe.dll
-
Size
396KB
-
MD5
fd54c717c2933d04a2a85000f17b4cca
-
SHA1
ade62a67dfa1c092f0cf802047e646c2dbc873b9
-
SHA256
42747b2c267d9c032e47e840a8170c3dab99148625277d57a656f668fb0591fe
-
SHA512
32d4f7b211131384c9d148c7c5441445d5c02ce807711e6cff32c16f8f0fc213eb9e7013020c52d9dfa50e4cd29c355189fae8741527513be21a197ca6dd647d
-
SSDEEP
6144:hcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE8nkK:hoz83OtIEzW+/m/AyF7bCrO/E8n4E
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 4 IoCs
-
Drops file in System32 directory 1 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of UnmapMainImage 2 IoCs
-
Suspicious use of WriteProcessMemory 27 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\42747b2c267d9c032e47e840a8170c3dab99148625277d57a656f668fb0591fe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\42747b2c267d9c032e47e840a8170c3dab99148625277d57a656f668fb0591fe.dll,#12⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32Srv.exeC:\Windows\SysWOW64\rundll32Srv.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:26⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 2283⤵
- Program crash
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD552cc31cc5435f028e67148ada538dc6b
SHA14899c6b40b1df008956f768644451f8a2835c5b2
SHA2564b624a9338c4054d7d579f64ed0bdaf55d665de07f6618f030c97b53f66b3d42
SHA512f3c890f01e502dbc69b166706b07ef3350c227a50364f65cdbc6bbf4ef86b11afdf48a5ca4a5f2b9d2ada38063bafd22ec80fa7421ad5beda1a0e48555ad3d51
-
Filesize
342B
MD5b0d92ebf48de69c3df38ab19965c1acd
SHA168c12429cc8372228e005547bc46f14ff6fa06c8
SHA2563e43938894b7cc6ab19b670ae78b1f42ea5846d9d67e8165104c38bf1b7d6c53
SHA512f64428119b6db20ca1f8d24a84c476d6d8bc4728446d0f2c8f2d5ebd50d3fa70deeb1de05bdfcb459daffb7c4de5bf14a10fba0fbb39e24d3e28b10e9811c974
-
Filesize
342B
MD5db13bd9f9e82c40b07740efa5e994dc4
SHA1552ea37b06ee9e1d23cc28ff5cdaf3e83e8bd404
SHA256efd9909287e18c0095206721e240adf44e05cef3b65eb90ac1c144d70e6a3fb5
SHA512c8c5bcac4925a3ac2cbf15988fb5489239bfe6c86e5935c97cf5607befc45d2834f091588e18614377c1e3f437689795bdab604dd43331b3e14d43f4cf122ede
-
Filesize
342B
MD51151a999c18fc37204799163feb962ce
SHA1a8499613f0227c26259743eadb42670c28ac00bd
SHA256119bdb70b8f880562105f76a036812d3d98f3dde61108f11a001ab3a078f0c0b
SHA51216f85bc4d4f62afa302566914f79cb691581cf222bdf161616a2efc9dc4206b686829fd5b4c4ea5b367680e338d80de8334f034f50a3310f7caff3caa2cac774
-
Filesize
342B
MD58a5e078525ba0acccf1f9498e79f7856
SHA17fa41874e132e72a9a96780273963e7f6d801f28
SHA256d2fb175cc99f7a72fd15fbbf60685fcad7f3bdedf5265569bac28b14a2d0057f
SHA5128191d2d34e37c3e39f30f494c9a08050fcd03af4b6496abbe134cc9a24e98c94b800379b8c1470960fded3dffb05e851b6b1cb918ae0862ef1b49394b4ceb8e3
-
Filesize
342B
MD565ea0dd735c7fb9da2214844a7f18cff
SHA183ce3a5d2441c193ce4990d55a0a3a7329e19cfb
SHA256bc4555d5a5161dde499932247f52491ad10b1faab2b240f5b35081d82836d31f
SHA5125182b1ddb573fda9892367dd73bb8031a011b76821a90fc8d33b8f848b3eee7afe207838da34f950be57df24ea42db587956a05240844e414536520b854311da
-
Filesize
342B
MD5d5fa2b653a1a0406d802ec6472f786f9
SHA1a61f0ca1d910b3b5a8c847d59ec37d3ab165f9a2
SHA256d21fe8ad1d7dd043fe5cb3becff65ff500ea2f6c9650535c5cc6a5db4d9da9e7
SHA51257875326357a5a00b6ec1346faa4f6db57fb4ac12c29ce0695a7e54c9e7797fd7e11fba052b2959eaa09a43805e5e36cc1fe457d7876e19680440be01e41a979
-
Filesize
342B
MD571d5e09eaf116b2c642ac6833353ff1c
SHA1a8df28e8f9905c9eed7d281dcb92190616a2442b
SHA2563eb43c93f101f414fa5a5d42bd30fdb1f10014e6af5c12b67f5a4b5600dd937e
SHA51225e799be0cf34a4f1b8316e9235ba6e4ff00df1ec195ada70c98cc9427b76b6fc1e3157142210ec6fb7e37d0f1de2f6b1dee413edce5a2e535573872406a3013
-
Filesize
342B
MD5730815f0be98bf73da280c7383ac034e
SHA136bbef105c191349d099c442fcc3e73b36835b1c
SHA25629f65e5ed52362cf8c0879ed64c5ae62f19c2622f5101944fdeaf6c4e1329bcf
SHA512b61159d9ce7843ce681881490c23b25962aea907bc92528df498733d8da39107f998d0d9d6dabf9d80c2e6ef2a8f5aad6cd026d1cae9a6433758a2019abd1283
-
Filesize
342B
MD5ab4cc3301a0768d3922a16c1dcc0562c
SHA1e82012af153a250309b42aa0d2c0068fdefdafdd
SHA256caeb28efce8b9879d34a4693e059535516aade243f0e50a23006fa7389d708d5
SHA51294080392d46f6b205118d9128a83d54f50a91ffeec832d0082b430d0d087e2682a45062d7aebc4b0a35621ee68c99fe832fb636e473d37329af5c264441dcf86
-
Filesize
342B
MD5050b2daf79007d487fcd23f6808d47dd
SHA1db6d8d4ee268e9f60a42fc066e58108accbbe384
SHA256e7ddf7ae2ee932c382252b5d485c369f07786a62d526e3855780b734eb4f6410
SHA512df3198f9bcec45618820772d60273d39c63c50ada0b0b2255f6bcfa78c8ad7c8effbc7adac7a2a48220664f3c7fb4f57c9df833faed9800b39b22b940c697330
-
Filesize
342B
MD596c74027eb14468a5d0888d1be139adb
SHA1d02fe67565a7656fb0a244bba26f743599504fb1
SHA25652511ff2a1eda9d87ffe61748303557e0035ca47779c39ea283654b347606897
SHA5122f7b48e5c2e9908fe48dd75e609e1f9528906a9dbeebb38b5cecaf5000f81953c54d22af7f6200459c88b5e6e3fe742a3c08f92912e450974b90d4615cc9a262
-
Filesize
342B
MD54d35b5881963a5e165ad9563a978a3d3
SHA14d3e76cffd1010968df890d9aa39637b265f9822
SHA2562975e2dcfd898c637c12ebf3b20dbe231cc3aa41e204bda44c95aced40643f8b
SHA512a391b1012d39d0bf4a3b847c588a177e717763acdf2a00d2901c2f15558d3ead7e2b33114b9fd0d6437564eb4c822cb3f0fea52ecca051286ed49023410d98d7
-
Filesize
342B
MD5633dcd57fcc8bdcb5bae52a101f24cf9
SHA1752646e311c97e051b81c08265fe8c1571a4fb92
SHA256e1bc73c89513c71777df28e5ee55790733b1ddbd8a62a98f0378ebb7db3b5dac
SHA5128910bd764c33c1514cf15222c229e988175d4076e76776ea4dcf4eb6c78bb33ea8c828ca9196939a3d118de81b40eb3ed2807d1d82769f417fe0eb6b3808ae93
-
Filesize
342B
MD573de2c1a2ef9fb60bac20cd7c446699b
SHA104b43258014101a850ca0b9462c1043505a20eed
SHA2569ee7afe5ad025193488896a14a44d00a0b9eb82913dadf966d11a35fccb3bf85
SHA512a8f13cfe48d2d4e69b9c0a8551a208eabcce0fef4e534af5bc5a88dff70beb0bbeed623f8867af3f401174043137c8a708f1c68c435288ea3264a114c3e2031d
-
Filesize
342B
MD55443e98b40b4e7534c19052a46fd3e81
SHA1773127cfdbd90c9b2c6b7c9c17b19e427dcd8342
SHA25627b069a9583c88330361770b0547612e88d73b608efd60e499cf176e8584f372
SHA512c71ad8feda6872996a4ed1a3b0f421a20f51bf773ec7c2eb6830c76a51be8ee8e8ba480c6da017f4a6e48af08ad2393d1239db9a7e1a2a02ead7a67bf4842f01
-
Filesize
342B
MD575cbc976c0e1f5f723effd724d0ebe88
SHA19fd8ad8e295d91557295f051bd332bc5a4c2b3e9
SHA2561188a06e9abcd51835600b8b6c3d033c94adaf8d539692d549d4d783142d5914
SHA51237d92490e19c50653edbbb53ee60086c091fc2c20785d2e664aac49841f072a6df6c3074bae41e3b7decf984630823e58bc337ffaa52efa304a7ca3d929641cc
-
Filesize
342B
MD5a47667c88a6cf2ecfacd2972326fcf0c
SHA1e931d2fe72606ae29e0ab6d8d54722ca571894c3
SHA2566d4917a3fc901dc36b38ea028f83dcdc30ee2f19cd89a1d7f485e3eae14e125a
SHA5124e7e56c670be42fbff7659fff85f906ad51491b4535d5f3e2e61a115a40191245c33e1ffc8cd65fa1c34465f5b9ed75e370bee5710097769f0fb78eaa5b3f3fc
-
Filesize
342B
MD54b3b1513bddfc9211b5668559e13b223
SHA1a55b584d266933136638212634d45621fc547a03
SHA256460ddb5973d9c8279d1e2c65a62fccc9b0458c0ff341170b8c4cc37ec43b0932
SHA512a2ce39922f71cedb8135b2863d46e0805bd47cc93ec84a9931758f48b193827a8b02d97c864e85ca69cccab9130024fac51ad4ab71fbf01fa7a14c216ba2812d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
52KB
MD517efb7e40d4cadaf3a4369435a8772ec
SHA1eb9302063ac2ab599ae93aaa1e45b88bbeacbca2
SHA256f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386
SHA512522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450
-
Filesize
400KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
400KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
8KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
4KB
-
Filesize
76KB
-
Filesize
4KB
-
Filesize
76KB