Overview

overview

10

Static

static

3

8d00bed40b...3N.dll

windows7-x64

10

8d00bed40b...3N.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07-11-2024 11:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d00bed40b10a680562c04cde88ad58f17b4b89bbbcc0ac9c8da40a5f759c843N.dll

  • Size

    742KB

  • MD5

    ebb4f4c26ea1992c3ed9b6c3fbfb2560

  • SHA1

    3ceae30d41cbcdb11069a68df674ca696cd4dc5e

  • SHA256

    8d00bed40b10a680562c04cde88ad58f17b4b89bbbcc0ac9c8da40a5f759c843

  • SHA512

    11d3f18c6986c09728936bd27c266324b5ccb812ae0711460126cf4ec12b0f3f8e035e105e0e81133f0c13906a8fc00b8440016d2e668d4dbe2ebb5a014a183d

  • SSDEEP

    12288:Azb9rMfc+CKUQyUmjtc4euuzPrs9pGp8hunWoopooK9kwPmwf0rbyZ:Azb1MlCKUQyUmjtczu6Prs9pgWoopooE

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d00bed40b10a680562c04cde88ad58f17b4b89bbbcc0ac9c8da40a5f759c843N.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2556
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d00bed40b10a680562c04cde88ad58f17b4b89bbbcc0ac9c8da40a5f759c843N.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2552
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:2148
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2944
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2944 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    494afec55db596e133206cc3f34ae046

    SHA1

    ca537180bd1c946900cade4e6d6c2fa9e487ae44

    SHA256

    d3f43e91db814edebc10d548eccd2085b5e6f09b5b6a0cff1b8fd75c21f98132

    SHA512

    0cd0460ef1b56b0c3a9da4d7749c6fd94034b8e049ab2c39f78f526c051d616b6a714800de52cc636e4e2bb0b2d153d711820a90f777e15dbcfcb254796e3987

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a39639a952c01e523dfc4e771ad1ac22

    SHA1

    b5ad0b36c1d133f0600276f7dab874fb06b3b68c

    SHA256

    aef6fa2e304db02a400a452b7d5e416999336b2b591318006dca8c1521ddf10d

    SHA512

    de549e2ad25f202e4a49cf3b79910beca6442bbcce97c8d3b3c083c395d851adc439983215f0aa503a5543dac0574857a3fe0004b85de1a9c5fb0db1f257b79d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f0420179fc568d2a431bf31d3be4349

    SHA1

    43d06616bcf8952bf6ed97829707491e19c7bf90

    SHA256

    79b5c7ba93f3a707247f88f23ab14f525f3cae10fed413d06bc3f4aabbf97114

    SHA512

    c082bb8936f6fc0307fa90a7c7ae7268913c9d976d9ac28244690699ff8969781457c1a3c309e91480583151986bfb1aa29e4cc8c727fce07046e646cb3203bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0790b31a1ac061b1db26e9de4232035f

    SHA1

    9157a57276600ca73a0d383e00744aa5e7259faa

    SHA256

    e9fe659ce906991ab62ef69639da38cd99653d3751a1bb3179393f449dff2825

    SHA512

    21047e24e6a837772c0fb7d54d5899c60d65e2169073a00df2a717c0625673fdcd1506b92f4d2280b21b90d7db7cc9fc81289755e38101c170f60a7f2e822f6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf0244d6e9fd284fdf81d7c6d85e5fdf

    SHA1

    145d41a284d3fee68236e4102eb575b8caa20dd6

    SHA256

    e9d2e7cd906f497c73c6663eef8fc78a805a07cf9646d9d3d6ccbd61287cd361

    SHA512

    48b9e9e85091d8b2188cfef93eb56846b0f4ec1d55b821c4128f7acecd6645295710c740dbae2fb9e552bd83e0e7a9bc4d245ed1c11423ae2ec422de64e34a2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6df848bd10700a1ff458fd023ed512c2

    SHA1

    6861efecc90930d5875907b50f858cb64cb845c2

    SHA256

    02927d0c9e082c097a9a78a244256a7720498c713b8c6c3acb181b73f894a5e0

    SHA512

    472753e93419730942987d39455a21a27af97aaf97591ec6011e0eccd50dfd2c230d5a2eb570e0d72484a0c3bdbbdfd6eb94d7aa3a168d0e19b245eeef16acb6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a9bca684fa295de437bb0e091a4bac4

    SHA1

    3756b98728ef246da9bcd71dba2837f680a7217d

    SHA256

    c591872d202c9c4b1239286015d05396a3e0c12e14373c4d081221bb9cf54b6b

    SHA512

    1eb48fc0d06b3a05e22126c4c9ffde38b325dff4582c2d7a8ba401aa64b1a1074683d1e5cd4d83f0ad6782e315374f043cda5a914ad1c9b2766977c7583c67c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0136e976f57e8332cdf7a3c928b2a87

    SHA1

    60437f2fbbaa25ac7dfcaf3b192735ff0a40a3d9

    SHA256

    a5e404d78f7663cb30feaa2f0a7714750f6e82c29ce86e2cfd8ef5e1f6058340

    SHA512

    45f226016e93abb9d14b79de259939175c304636970c9ca08ce3ed1f454deaffc70ece8c3056accc3a015b0609442225697e8ba7c144bb262b1ef5dc048f8ca0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7cff92cc5adef483e37310c703ee64d4

    SHA1

    045af5389c59cde3f7bc80621fe520e0dd29e287

    SHA256

    abfd99951905e7ae84a60f56bc51493c616f9bd28f33c02673f13a359562d3c3

    SHA512

    8a16e06f5e91c1780f6f3be3f0a47c550578d3b4218af4f7b39696db0d1383d8afad44f716b957ae89d73ea7fbf73cbcc540ef726bc41b01de2eb3ce7b942b19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fedc74f35a77c99253b3f58925422ba3

    SHA1

    642f849c8c2c6e48617feb75c1a6cb815b7473b2

    SHA256

    fd87169e90c570de2df96f631c0c4feff16bb6c0a296007724b774521e78f4cb

    SHA512

    7461c8c173be93f3222ac75bafb7503c03427d481fbed3a8a82b72d800489028a698b61ded6c621034c1d6c74421fe47d452e274b422877a3876469e323fe8d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f6915e17954c22231bdde7701eec4bfa

    SHA1

    12248edc629d513f9bd14d8ae8a24f218c2c742f

    SHA256

    f95d20495c6b4d9414b1e85fbdfed81f47df88d30921f6012a61d9dbdbbe845e

    SHA512

    e69116fa9b3fd0fea20554427784d4ebf45d4a8b09375dc6f525fb244e0f3d7ab9415c8364a70cc04fdaceaf772b3bb557eab36a020db947816198bf00eb6a6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d4398ac676b176e6e312ab15c2ec986e

    SHA1

    aa64fbfb9ea4584875dbaa8f5cc95ed90a0e4754

    SHA256

    5167b1ca83ce9d93e1888bd0a320a5b41abdd6bc7dd3c12cc6fa69d1624513e9

    SHA512

    47e251bebc2d7b553433f58be671356c16b5b361c6e239226c59499b4ade2a2eeae1965af6feea2a0371d8df9831d039eceec3cd6281d7ccb2be86c380109f1a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0c3bb7081bd064aed31aada97536c67

    SHA1

    dce5c758ee36192b647e623231b4e6fc64ab6c4d

    SHA256

    ad376132a85487ddc386436d5d145a31996e49174d8071f1918ec9b59d178b4b

    SHA512

    571967ac3130bc642ec790f0a4b6afabfb4a81fadcbb3bac5ac727a83bc272ff10e64d269c152b839f54c2bc66a3b40102f3693475e525326526daa2eaf3148d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f9b87240dfc8e83595c5f7883fc989c

    SHA1

    994f54d1e523ca778b3c146ecfff66cf4596f779

    SHA256

    078bc6486d15577041be4c59365e156f947666062c1e5186242505c5abaa765b

    SHA512

    d80d46a23faf1e7a05de0a067e3e2d9451067094fff9e78f30acfbb94c9344b99b8e09ec966542ced4b48bd18c69779ae601dccbb50d652e993c772432b008b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e6a0036426dec0f9a0f5e647b3e46d1

    SHA1

    eac353a7f0afcd73dbcfed0a077a992e8d7d37d3

    SHA256

    95d2fdb2fdc49989e7f11eb63f5d843e89193ab3a4c65503ac925f3e41a5c61e

    SHA512

    a2d12daddcea9d3c1e15533fa353cd6c414a319bf9b40c32ddff0ef82d0d793f279961d26ab051f66c312d49721dc3b3e090263e59b2431893a1fe420fc162f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7e9092557bbbff4ec31fcb139e426bba

    SHA1

    43abf0302a783bb72ee0188f980d09e06960c732

    SHA256

    3f5452112a0ad244fdc2597ad547721d083fc0680edafbe3bb838bfcc9a03810

    SHA512

    71288316437dfc0febbdcbeaca3980470d596ac121530543d75e0b39e51b838eb64a90b8688a3d34c0f2cf17d76a509307a07295b315da40884b9f5fabd5c225

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cae808616c196247c7fb64489fa41e68

    SHA1

    b1237bacdcbb273a45ce21b0beea05bc23650c27

    SHA256

    f0f2513fc0c54b67d8c98c625cc0c13442958df591ae1a2645f13d59c976a17f

    SHA512

    ccdf356f840defc87caddeabf824eeabc2da99cbb0e8d8fcdb4eb1cf167ee216dc72ca89f4d1ea4a14e223011e431f0d31a6f7db94d8bb401396221b1eb1ed3f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce062743792ee8f36283e092b509cf06

    SHA1

    64adbccc494bc41941a4440025576afe6040e80a

    SHA256

    9d86740ee0833d7701281cc585223113f7bc36c6c22625c445cace99e6106eb6

    SHA512

    09b6e6fdb1df8a045770a321bc72095bfebebf04a0f04e836477a8760aa85f58dd63dccce3b0bf22892875725b7828c0ec63cfce2228dd86f3db26ac364657b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf4cc9c1f42b2dd5b193167b738bc13b

    SHA1

    395cf301eeb5c53834cc432be0ca5503899c1d5c

    SHA256

    6ef2aed969cc5967c7049db5e68525f13a8d1d88008431a1ad919d94f1f9d992

    SHA512

    c6842d98e68b25eb7be452dd929ce7b2f87e80577247109eed2a785d23760435b3309e1ae5e608a7aaec0e9c7c3c9b0932552c44eb66177f97f5e6d857fc502e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabEF9F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF012.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    84KB

    MD5

    2b8bb9f077a564234e057b9c715f9a5b

    SHA1

    55abc544d7c7cfe45649f1967ade8d1c10fba2cb

    SHA256

    f34b80a1632165c7bc83b8301255c5b4000d54863df05de92388481fa5e03224

    SHA512

    7049cf1cb8f19053ec61724d9b72d18ee1898887e92c9a19d54a686c4908cc9b67595294e1adabf18f760516656dcd6a278a1c5950584a778c7ee5c984d2ebf9

    Download Submit

  • memory/2148-20-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2148-21-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2148-16-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2148-17-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2148-18-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2148-19-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2148-14-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2148-24-0x0000000000410000-0x0000000000419000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2148-25-0x0000000000401000-0x0000000000410000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2148-15-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2148-22-0x0000000000050000-0x0000000000051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-13-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2552-0-0x0000000005000000-0x00000000050BF000-memory.dmp

    Filesize

    764KB

    Download

  • memory/2552-7-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2552-5-0x0000000005000000-0x00000000050BF000-memory.dmp

    Filesize

    764KB

    Download

  • memory/2552-1-0x0000000005000000-0x00000000050BF000-memory.dmp

    Filesize

    764KB

    Download

  • memory/2552-3-0x0000000005000000-0x00000000050BF000-memory.dmp

    Filesize

    764KB

    Download