Overview

overview

10

Static

static

3

c62f5fbb30...e0.dll

windows7-x64

10

c62f5fbb30...e0.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10-11-2024 22:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c62f5fbb30bd0d1d153e4c64a89af4229216aecf7f4ffd11e205c75b3f2782e0.dll

  • Size

    1.5MB

  • MD5

    ec420bcff3c5dce20541e314a1851ab6

  • SHA1

    e8c97b74fd09a30cc989836992d7e74594ea1c53

  • SHA256

    c62f5fbb30bd0d1d153e4c64a89af4229216aecf7f4ffd11e205c75b3f2782e0

  • SHA512

    e26e6c84bc695cd4955acc94936fc6e7b3de3919fcd8367ebec0383fbb79e563e1ec33509b184d15ccc074aa67222398559d416bff6139d576e399856b0344d0

  • SSDEEP

    24576:30/sGHQVzFdvtF7+r5IAKE1LExIx4O7na+CJczw8tSgv/sTskrpJ7gRO2+Xmi9:300D9+r5bGoa+CJ2bz8TsYpJ7gT+Xmi

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c62f5fbb30bd0d1d153e4c64a89af4229216aecf7f4ffd11e205c75b3f2782e0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\c62f5fbb30bd0d1d153e4c64a89af4229216aecf7f4ffd11e205c75b3f2782e0.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2384
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2416
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2284
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2828
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2828 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2772
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 248
        3⤵
        • Program crash
        PID:2312

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    13f2594d3c6e5ab586381dbfd4040264

    SHA1

    ac27267f09f6010796b08a1e555c01e061d62947

    SHA256

    6bdef4424a0815a3e375084144bde2dd388be68ba0e9a7786526beaa8bde45f0

    SHA512

    419774a86cbd80afe58d0dc3aaba7e1bde5c0b57ef4b8d632f6643c80da798f0b83d1644002c0e473a8e672ee9a05a50de1226a07d817845f6440c92c6a3eb7f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    059d8430a35e5c1b3547cf8dacd53246

    SHA1

    6314f554e6ab6c1fb2368bf510b91c95e97a4e21

    SHA256

    fbd618f4fb8d88d547ad5f8241e822a0a9c7e007242efac25b024e82bffbaf9c

    SHA512

    34eca47a75cbcfb261c024034cb583e6a3e56b3f826ccf3189374ab17d53ed8568e647fb48b96c4b8aeec5602490f912e9594601f12fe3f88c93910a16d66e06

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c69680a24a68a5f7f824f57b12547b8

    SHA1

    8e4319da800e7b0497936c7b61750cd6c83de4b2

    SHA256

    cba9668daa417770fda6053e30652ac480af18b9257d9f93c048c742cba1bec5

    SHA512

    87cf2d7bd1ff73d855eda51a54559c2b42fcdd2f97d9493a6f0d67b8835065fd41bb266a0defb919a504eb8d8d5398f0dc81184e603118c546af7957b80b9d29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c5c8a094bdb245eea5ee2e2b62f6b08

    SHA1

    5efc332ca1a89565f5f21caae48ea17d7814edd2

    SHA256

    2185e7a71dc56c51695bf619d8354af8edebe557e30126c5aed1f14b7525f1c8

    SHA512

    efb8d8827b3cdd3f8e9f86040469227868e85bfb7bb0ed284fa3faa241635c6db3e8f2483654faeb0535bb711269dcaca932203bb9acd222387591d52158e0ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e8491e653c3a18ddb7cc3851b2ed17fa

    SHA1

    6b01111745522b7c1a3feb87d033e0574b946e71

    SHA256

    50272917dd965a1e927af81bb2d4b584e8c07ff3fcc09b5ffff652af053bb338

    SHA512

    884316b1e95f3a1ff2ea3c082a30a7d1ef5e298d0785a654e8d537bc773912928c5c397978149c092fadf37d3a043015abc53a0a0b72c12301542e42c6108a88

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9dc3edbe98d0cdbf6bc1fed972f47607

    SHA1

    a74b1865c41bfa67b5eda507dbeeb558be1802f2

    SHA256

    10a19f34b0765f39c5dfe5e709acb78193e80b9b5a28485ae4d2b2a74ea0e4af

    SHA512

    a7bfd43433e251f48b349f82aae1ab759f83631ab863f734824e2aa8d0db397ca85ac1676724b46f257a64b7df7654b250d4101d2f46aba646402ff32cee61aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    10775599a519d323539eff817e323cb2

    SHA1

    91f03f61fceb3c7fcba6278d530a37ab5cadd2bf

    SHA256

    f813064b8ac190937756a9edc44a21e326f9c629d99b2d9ce6f363fada5406fc

    SHA512

    28d8ab72d914600da02c1783e75973bb78391e6585db5464897786a19fb8f158d23d61e877b1394d16e449a93b87ba3ba63b3128c40096e73adda8dd431aa2be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cd8a4f2ae6ab46d9d157ed0a8953ae50

    SHA1

    8cd65f5c7c7dfda72885dadb3b7a17e87d4cf80c

    SHA256

    9d4e16dc2a54d6d9b7746901337081242d30c09e64684d4a01c9160e9ec6cd3d

    SHA512

    65fe8ce861ce631289f2e438d8633789f46a82a238c12d1b689df1fe5616d375386da5ba65f87354c21ac443fd6c206fb3944177cc1c7afdde18450ae8e2fe11

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    02ba763b20bf60b253b8201699d3c36a

    SHA1

    fd01f715ef108407e427cf4a1fefa38906c9b07c

    SHA256

    b1ef8f9800b2fb453a96e4919680bb7d67e727180f30595989815e7fc87a9928

    SHA512

    2f4a36ae2f046cf11ef24f2a587da71d04a558cfb7b3b30c089e819eac88ab4f6409878c663c5c80af3a178564f2adf79f25d396f6d495b5c1aa555e1ed51ae9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e4c9fb020260fe08096fda7ef8f61bd

    SHA1

    294b65ef74415b7168de54da902f3cdaae76232a

    SHA256

    34284dd40c7447482d9510ccc8b0d15bb6d4bb1cd3e16f3ae099596ee3e01f41

    SHA512

    afe2ce0d7ebaeab1cce953504743431716381555c3e9e2efa5efaee8a579bd81d5d5fda1a1691af852e82081bfa739964d785eb160fe267b43688b0b9eda9676

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    548d987e6b9e63c184ffc685b91fc624

    SHA1

    a2341c35181b5a839aed92c5080557fdd807ea62

    SHA256

    7cf89df8066458fde41fcf22123ab16f3b77a988012d622e1d39a0fa87ad3623

    SHA512

    4e64866136d8af3574b35b004a934999cb37c17bdbabf747c6839588e07a3954e66c7b57fcb092b14694a7d169e6df41e3ff12e4cc22a3d65b43dd1a2b5b44d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f4a18466c22234949e62dc770fcf4be7

    SHA1

    c07733a55021fc9604379bca48d155bed3a06aaf

    SHA256

    f386cb84dcce5c2ea6d3f3dc9ab076a08299955b67b4b2eff47cbc81763275b1

    SHA512

    1db93793c24ea86754e1b6158ff569322479d88c72d881b0ccaff9583b61f552de863d6172354b8be19d754f1ab579099d164430d10cb15b149e08191b44dc48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    079cdd959245b3e38acdb379a9f8b584

    SHA1

    05563fc7c714ad20e8b8d1db579780567ad7440a

    SHA256

    c82ade27e844e440f9a1de2b9da47401df987b37e41657829e30c9d373b6200d

    SHA512

    cfc9e2a9ea92ab262ef0846eed1e82e1f27d627a2c72e2b10ee8397e68414f4541d4ad687fdcdaa904c27edfc9061719f1f94ca2ed2e98252ff57e93953e07e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c496d5b18f208e5a11eafdaad76882ed

    SHA1

    71a3e71b08bf77f76e7d92b8741296c7d9fb3411

    SHA256

    6604ab7b072f72f9068d155184e32d6653c05d65f15044176be2a20584292757

    SHA512

    09acab15e6f751eec9fb02e2ac90257a523e894000b9591a0f197672b977fc1577cb8b9a8058aeb17a5390fb4f429c257f5c0973fc0269345669669dc86f42f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b4859863b996a79849b83b75ccac9aed

    SHA1

    57a42a77eb6fb9186e958e8cbda930b9cdd5bd75

    SHA256

    ca26335e1c4b7985ea7fedfdf7d375c9571d1a140a4167d23b73ce9ba3959e90

    SHA512

    60502896f51cdbb5ecc9f60ef613306ab80d733c5eed8c04bc86a597b7c468c13f2b629862a04f32306f4d8187aec1cb765bfc66708282c408bcb29d980936d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5cfa353ab225745837a8b2b10c3d5981

    SHA1

    85b1223853523e31c145d84c38ece1ece2d8047f

    SHA256

    baa8c724ce265081add63c6162e391a7be76690bad33e05b0cd57115a58e50b4

    SHA512

    dfb943fcd34d85108c8abe56033f8bc0aff57dbcff26c1dc54e26d6bbc5d5dc34793b29d1848ac6d9b99d3c2167c8e4cc2d9d65cd1bc8025ed92fb16b2860d6a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a6a3300e553b6c7241a2ddce411a7d7

    SHA1

    3fd3aaad485f35f60cf6dc05ec270a7ca72c11ac

    SHA256

    85ecb2ec354878c96ec1efd80b226d62301a7b74ec4d0b05eb4c5fef6e019d5d

    SHA512

    fdd54b2c89ddfe4b5477aa67dec1afc89d36eb94c48730fc26418da54af023051a2fa1b729a5ac45c10d3eb5d4839d4d77bea9d99d2d91b575f6e0da946a9bc7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4fca16eabe8b6ff9812b71a0f929e081

    SHA1

    0b0e940a874de0420fc5b6c15d70948b173bfc9e

    SHA256

    911ec6e1e01529d4d3ccd1fabc79dce553d7a535bc4ae0ad040de92215c28fb2

    SHA512

    8d235f1a4947795db591a473463813727309b5542ee6a3ecf2b78139917ffbe60993da4f57d0dbdeeb09a67d674865d4964ef08efd1e6f193aa6c48ff5095fe5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48578356afe11952249ed109d601574b

    SHA1

    5afab7fb948aa227b265439fad3fde0f1c710626

    SHA256

    9ee0d3c50d97e53cd32509ccb9a39dcd818d0da76e558fa78156b2ca00b25566

    SHA512

    dc6f43fa00c75ec29ae8061e8596fd97be94db702a0e246c14e9b877b1d27bf46d31ef58c1ceea28bc1ae66c83b2969ff7026e958ea48ab8866c0010b0942f16

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD05A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD243.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2284-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2284-197-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2284-18-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2384-11-0x0000000074940000-0x0000000074AD2000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2384-3-0x0000000074AE0000-0x0000000074C72000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2384-5-0x0000000074930000-0x0000000074AC2000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2416-14-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2416-15-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download