Overview

overview

10

Static

static

3

8d00bed40b...3N.dll

windows7-x64

10

8d00bed40b...3N.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    132s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07-11-2024 11:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d00bed40b10a680562c04cde88ad58f17b4b89bbbcc0ac9c8da40a5f759c843N.dll

  • Size

    742KB

  • MD5

    ebb4f4c26ea1992c3ed9b6c3fbfb2560

  • SHA1

    3ceae30d41cbcdb11069a68df674ca696cd4dc5e

  • SHA256

    8d00bed40b10a680562c04cde88ad58f17b4b89bbbcc0ac9c8da40a5f759c843

  • SHA512

    11d3f18c6986c09728936bd27c266324b5ccb812ae0711460126cf4ec12b0f3f8e035e105e0e81133f0c13906a8fc00b8440016d2e668d4dbe2ebb5a014a183d

  • SSDEEP

    12288:Azb9rMfc+CKUQyUmjtc4euuzPrs9pGp8hunWoopooK9kwPmwf0rbyZ:Azb1MlCKUQyUmjtczu6Prs9pgWoopooE

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d00bed40b10a680562c04cde88ad58f17b4b89bbbcc0ac9c8da40a5f759c843N.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d00bed40b10a680562c04cde88ad58f17b4b89bbbcc0ac9c8da40a5f759c843N.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3020
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:2812
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2904
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2904 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2676

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    64836e697b88ab02c5acfe467097f16b

    SHA1

    7e631f899bf49a0ce3ff708e781c294eac8443f9

    SHA256

    3b293cfb0eb511e4302b79a5321cd0f0041db36aadb9e6140164aa1e8bf683de

    SHA512

    9c41d511f02c37d57d771ce79a1e4fc2a4854b8fa3b45b1c1b45704e5adb503c77b4b8cfb90b7275ecc4dde4e69d2b23ee3e99216d246abe2805bf9316277ad3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a2870ab2b4128ec910f5f002f89fd84

    SHA1

    bf341b7255b19874eadd6a60e64a834c30e763dd

    SHA256

    989a19b1c21331c7b28a36964ed3f63970df6397b280280162869ddd156b59ff

    SHA512

    b9c416fa637a944bcb420384a760580c40177216b44c06c53752275aeeff58b91c9690ac27f37b2918267bc0e4db077a545c07166a548b7c760a55ced0a3acfa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a57416fa3fdc326a024315e917d190c

    SHA1

    749d598c1c55d26e781e3e75ba840cde52801cfe

    SHA256

    af395d4df8f2c26bcdf1e46265ea2e97c41ae41b6b792252fea81b6f0d0c74e5

    SHA512

    8921ce70184028eaf30e44db71ce64e049594911f56f715f5774b6375001a3c3e098846d71677b43dc3028102828559dc3d2de0958ca8d5bc8934156541c1bd5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6dd96bbb2ecb3a8f84e92e8ecb5b1189

    SHA1

    dcecd2b7076ba7cf0f60b1760b678a3148e2cea1

    SHA256

    0b341a6cc7594bcd8fee869d8711d27220787d457018f92f0d73a8e4285efb9d

    SHA512

    7ca906cdcb38cff15bc05c0f9fbc5d0f705061b8456dcd8d65b86c1e3037fbd8f9a597f6e95c0bb786ec5d5ca8b892658ecaa3a89a703374181c1ca3280cb615

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    770949775ce1107779585a5667f4951f

    SHA1

    99654352896b563a78939e378816f0a4c69409b8

    SHA256

    4f98f7d473acfb2bd85c9aa98b074951c141210b6296d5a3d5bc418e60569d42

    SHA512

    43907aceaab31c8ae849f144022cdab6aecd66a184846dbb2952021455570cc05582fbeea1f4004a8ba06c4c7ce0da2d16bcbb4adbc4ddf18689d74905eab8d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    53840360d48674f957f61cf636b5b370

    SHA1

    3e7ac85a610f13085893a17f4bf4e2a2be2dc895

    SHA256

    fb54b42412c2fe4326cf5aad240c5eeb685f088c269695e78c2b26c57cc94782

    SHA512

    47e8668fe7e4b528726f73659c5645c9c694032d8b29777798203ddfc734685673abb9f23db62fa0da8864bb2e512800077fa803ec8fe63efa25f2b32e745fc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f66da28cb2679f332c0038bb1234c3de

    SHA1

    797a0313e94e291bd502ce45fec061b0e35e2f88

    SHA256

    a240875b619a446137e82acfe02d60c67edea9aa64d0f1c7466bd6baa4645dbb

    SHA512

    002f237c7fef82345a4a058c46b936a31dd767bf014f0c88f09cd32b580971dc576076638ddd07bfedfcee538246c7ba35d3bd7242de8b5fa40a484ed8d22111

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    631ce6835ccb79d5f11d364308c7dcda

    SHA1

    d13898e4def32968668874417839f22b4b454b4b

    SHA256

    3e4bdce896fec2f9dedea7dd41d514c0468195dd154164783cb648ac1c5395ed

    SHA512

    c27aaf790c3991bdcf3b588e7e29c5d4e3fbd62f49a6209d97853bd037e89095032055df938fe5e2c0e5b1ba19aee13f8f4860f6025c6fa4143e86b91c393151

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    66804bc4e9e1ec470e005e1b8e66c142

    SHA1

    fb3d8c63b3550e3b0ff9f2f294be96ea11ed97af

    SHA256

    be1a841a14b43a41f97f83d056f5a06af201b8aee3b1d58c0a443cd469cafcd1

    SHA512

    27460795bd6af1f4cec043eea87ab73d8c806a1cb5c219ac81b379e9f06bdd63c8c266ff149960d7390e068354974f4adbe94b7a225e4dff3d0de192ae68f90f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c4d229baad9a375d28a6a61154e3d209

    SHA1

    fce228d60403dbe4daa78fc90f5ebcf0cee608c2

    SHA256

    0c30655cf26a3908cb4ab57551769d197b0c173bb1934d5af27ab0b27f304aa6

    SHA512

    e0c0c3511a79e2ea4699357dc9fc1577081188786e5cb54dda8834927d69aa11a474292fdc034cfecde2775054e9935d5382bc5e1c325f921447b60f94fe8acc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ea4d2a2b3cd0516f3ffa079f51fa1765

    SHA1

    d1434826f35f967b3192a5a923fa38ac6fd46a03

    SHA256

    a86c6f97258af3709f83efd7f0cac7e1403d3cc04bfddbbefb923496765881f4

    SHA512

    53008d7242bb30e343778e9e6f0197019ed89851e7e36ab6990493081abc1ba2f6349fe50f88d86224fb3df46c4d4d2504c73b449c975a0b9c9dace4bf10d5f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2153fc41988df0edc91bce0cad213020

    SHA1

    462ff2e7d7496cb837f81ae22b8496e82bae1597

    SHA256

    e59530cb30730c2753e5535d7552ca1a0ee4d032fa157e7e4787d206a4269d2a

    SHA512

    558d2d53891a34c24567f0610c05f5ff9540685e28c22cedb585a68ccbdc26d618cc7b673d960622bdd0e863a30da9aa868473eb10019411d71fcfd21813d8a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21af5fe2b222fdaf34d4cdf20b543de2

    SHA1

    187f7b0f06583f4534700d1ed984455e54ef2dd5

    SHA256

    c6583cbb854c6be8a07dc3d4ca3b5cacd66de7b58974647dbdf03ad646abe5af

    SHA512

    ecf8dcce1acff53233ee3978b53f9e1fc626d0e4ffd8d76cd3d5aab9b650ce4f5ad8c4c935fd7751a43e0b55f5f3bf70ccc9218f483cf19b7b7400a5ec6f591f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d70906a3f85eb416fa998d412c89014

    SHA1

    a234810e858237461bbf5702ad1b7aeb0cfbf9d5

    SHA256

    bd0700e65851a200518d54c37651d79d99811951f32942795691975e0477dbae

    SHA512

    496eef5c30cc6de76d21bea621b30789ce8a4b768707a7cc06e28549e067a0f97412b52452918d0de188be3a74e0fbc48e2b25cd25d4317771e2ae0c4bd55c22

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b19d67db5ee3c01b111201affd6b02d7

    SHA1

    a5016c28451a7da6f08113b92d424ce57dfb7577

    SHA256

    f374867573c6c139582c693c1480868d401712e98b8bfd0a6907b72e2adc9dad

    SHA512

    272762503d930aae4d60df62009829422f449d9cfec063097d58c09a6c2171f16e6afda808ce7d80fd63a920a8ca6070797c66ac70ffe6e14603ff397424643f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    10cc3d39243d19dba7e581184a7728d2

    SHA1

    da4425b6811303d9a38923afa13c25d308bcd349

    SHA256

    32bd81552eb079d3de03fa484c3e755d8166560a78c905b9b1c331bf967f0548

    SHA512

    d72fc5d02bbe2b173a0d54d75c264bcc5df7255af90bbc2636ed74e59ec9a5e433cc457cb480b171f7911b49f954a3b89bd2c8db0770d61d733378dc52869fa2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bddce57561570a83e549f4fd9efba48f

    SHA1

    f2caea42d0058df48ac00f8303e472a72310fa09

    SHA256

    dcbe48b74b9193209ac9a190f100c6f165c9b0e52ecef6c45db2b13e436893f9

    SHA512

    5d3e48880a06a50d42f6cfeb3e8a8a35c5cf0d6163be778a0f629939b81b670d4f55e44abae822ff6e742f99616da195cb381088289745ee49d5fe8c46806a28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    32066ee12fb1f80a8958d95afeb4104d

    SHA1

    fa11c9d69ad385e0c89ab9fe25502c5e9e61b6a8

    SHA256

    de5781a3a5d5c58977f3275ee9ad540902f42f327e0d2d748039372b0ca99ae5

    SHA512

    9e8a66831759feeeeb8a87b43caf5d54cc71c165430412101f52bd5d3ca1425861567c57dd38a963ccc2b81488df93dff68bcf9f1af4e1ee6d6c5c15716f0f2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    09e178fa390424cea5bf6211627ce6c1

    SHA1

    133f29b1f07d7912d9b7b111167530a4281eb2d5

    SHA256

    520a962a070692cd89c1b8b07b3202dca0e62c1f1c6d62169376a22b1632c136

    SHA512

    ed561ce9c486dd590fd46dfe74cd33129a14f7467e1090fc93097d02aec6cb244044d3c4ac9d1c527bd8f82b51a60f6854954f78d34a99c40859361a11580f99

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9540.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar95A1.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    84KB

    MD5

    2b8bb9f077a564234e057b9c715f9a5b

    SHA1

    55abc544d7c7cfe45649f1967ade8d1c10fba2cb

    SHA256

    f34b80a1632165c7bc83b8301255c5b4000d54863df05de92388481fa5e03224

    SHA512

    7049cf1cb8f19053ec61724d9b72d18ee1898887e92c9a19d54a686c4908cc9b67595294e1adabf18f760516656dcd6a278a1c5950584a778c7ee5c984d2ebf9

    Download Submit

  • memory/2812-24-0x0000000077A3F000-0x0000000077A40000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2812-16-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2812-20-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2812-21-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2812-22-0x0000000000190000-0x0000000000191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2812-23-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2812-18-0x0000000000340000-0x0000000000341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2812-14-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2812-15-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2812-19-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2812-17-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3020-0-0x0000000005000000-0x00000000050BF000-memory.dmp

    Filesize

    764KB

    Download

  • memory/3020-1-0x0000000005000000-0x00000000050BF000-memory.dmp

    Filesize

    764KB

    Download

  • memory/3020-5-0x0000000005000000-0x00000000050BF000-memory.dmp

    Filesize

    764KB

    Download

  • memory/3020-13-0x00000000002E0000-0x0000000000310000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3020-2-0x0000000005000000-0x00000000050BF000-memory.dmp

    Filesize

    764KB

    Download

  • memory/3020-7-0x00000000002E0000-0x0000000000310000-memory.dmp

    Filesize

    192KB

    Download