Overview

overview

10

Static

static

3

74581da49e...e3.dll

windows7-x64

10

74581da49e...e3.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13-11-2024 17:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    74581da49ee19544c111dde25aa5c4ea0b62155392bab621b71970d68abfb2e3.dll

  • Size

    164KB

  • MD5

    b3556110cf3176b58794b05cdee3dd79

  • SHA1

    7a362c6860b98da092b116b225189ee7eaf44728

  • SHA256

    74581da49ee19544c111dde25aa5c4ea0b62155392bab621b71970d68abfb2e3

  • SHA512

    26f38fe5f824e1bf3ca74b76b20f3baaf6d59e79e7dc06753f206821ca98673ce5d2a1029f084238a49bb66434d2dc412c94aa971c60daca50b36ca0a450c057

  • SSDEEP

    3072:1auh9DAcJkkMTPSGrY4Ki3jHp4eLDMjpLFymJXSDLsSbqXZjlIR6OEk:179UVkMTPTrYDi3jHpPDMvJY3bUZKwg

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\74581da49ee19544c111dde25aa5c4ea0b62155392bab621b71970d68abfb2e3.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\74581da49ee19544c111dde25aa5c4ea0b62155392bab621b71970d68abfb2e3.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2496
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2060
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2068
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2856
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2696
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 228
        3⤵
        • Program crash
        PID:2316

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    38720285392cf3a2ce3d084f63400585

    SHA1

    a8c00c051c39049f5f54ba080ec31c12cb17751e

    SHA256

    281bd0ec5b2ae1169a469e0c2d486deae02c0b695acebe18b721c42e77b2bedb

    SHA512

    8fa1ee69233a39c525bfc6e8705998b86ba8fbc69610f8340958adbe9cfa7b0347cbb31cf485c1532f17f4b9dab9e80c9b2285ae7cacf8c804db36f9e4fd9727

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d8c8ea6ac091362e326e594b82994b52

    SHA1

    cde16a801602a15f9b8c8c6f3030062756bf199b

    SHA256

    cf65a4e36d10248e66dc622a30233ffa843bf49de3bc6bee0bee445f4a05e65b

    SHA512

    e4d494d43253a80a5bd70875401f24de21225b0a362ef93272b70ce19d97444f50433b47b6d907801e5c62c04e792cd158d4b8e959e75aa82c85598bf1f182ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6522c88ea0215a036370afaaa29f09ad

    SHA1

    4bd4fb9ef84d6dc4d6d83334331858577f09fd09

    SHA256

    e06c1ad668432110f443034fa926703b1a8a362bc9f5f1caea838f9ac8f109c4

    SHA512

    4f7b20d30d36e85efe8dfe17b60501caad4f63a1d77a48ae144e9b6f6db8d6a1b065926022dd7f1c4d5290aa669cdc103c5406d59eaa3021cb1cf7ae9efd2bec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d40930f7da8fd177ecbe7f990a6ebeb

    SHA1

    6f5c1f926451362debf152a14757165624b30c9e

    SHA256

    deaf8f3214e6e82c77b1acdcf190a030418e4ef24fe55f594c29cf98f18d26a1

    SHA512

    210032024455462b4139dbbc329d2acf463052f81984e3929cd30237223e1d45b10ede2d699c45f74904701d7a36bf8c7397d91b822de7d52fbc0d11b6da06b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    25dcdaaba78de3e7a4a9d514c01294ea

    SHA1

    4d4c92ad7c1f89f52d24b3dfde4e7263a7ba6d70

    SHA256

    ab3cab0abfa4bd5413f330d60cdcc2277c3d9eafaa48e31804677d08e0c2e50b

    SHA512

    f0eec6c36f0c603850fd339168c1ff37412ca9fdb0cd22fcbd156bf672a692c040edad111fe8d980b3ebe64d672e62ca99800d8866b5ccb96fabac6df8c890d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a8f68e59adc79b8493edda29f997e31

    SHA1

    37bc91cc094452e7b440a752a182bfb29df2e91b

    SHA256

    c3d9a658208cb387acfa4140fd4d83fff841082e74833b2c4119e0ef59acddd5

    SHA512

    0cdd492684a139dae4d753dc786fcaad63451f8b923a7ba41dffe08d78009df4e63f790d3671d2acf5bed1ca7c43e680f1ff03eebb1e944680e0ef7a20f6c5b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    832c24922d55d15045b4f2d137d71e08

    SHA1

    12533d4e5350d1ac5a00bee85b4ce628ce9e5137

    SHA256

    455ce5a54a475c8a6405b73b114584fb24a3a8aa7406f54185ad481fd523f394

    SHA512

    9dc922b979160ebba82480bec4648289acbe1384fce23c2339c7a6c7d764552e99c64dca631b1a8714d464aca4f551c7ec9791334edfbc8361e0fc6189839ed8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f1f3ec3eede42e30c806e21a8b483554

    SHA1

    5407312f8bd89d0801aa6c0abe045eaeaca1ecca

    SHA256

    ca6b79ee5a597de5b92ef95b3549685c661b54745aced3e26d435839601603e6

    SHA512

    33a6107c82879c0e9c10185b59cb6b6a7393b2afb871c493b9e78ac15ef30a544c2e95212aa75b7ed1686ce62f9e51780097c86e3040a3bfbb6fc08f4c2c13e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2262c8842de2d323a8e514aa475cd428

    SHA1

    ed7473a60e4d1a625d9cec200ad090158fd6004e

    SHA256

    59cea2f8859945987fd5678e81821085693464803ef3ea9569ec5a93562f9e7a

    SHA512

    bd4648fcc36287bc72d0d54a4c862378a5fbb7db223d45057e868ccd2f628234020c7d75a4bb64f312184419abad686d03362245ef5196808b0f7d2325898666

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    96e7f33d0785ae45aed063d94d808d99

    SHA1

    339c2e42621862364a2437ceb7a0fc33a5365acd

    SHA256

    327d37d9839d80cebd760ce9fceb0259c4dc77167376be5f53b1c1810afecaed

    SHA512

    7dcf41c3a6196aae5d735dad6f154899a8f17df547c1b57f852b42eba549f44f396c6c5cd9878622a7e1e66700826829ad52f2e2f2336a6e62db6a4b4b95386c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b85e1ddf0c7e7a0302689fdcffb52744

    SHA1

    4dc9b23f094d104d5130c967bf740776e8da85fb

    SHA256

    e7af80cabc23ae829602f63ae944dfba0845897c16d9d005d78a2c0bdd0fa71a

    SHA512

    4b4cee7b31d60170a6441c079da7ad2c3f399e5199dd96f6c4cf85e9fc0a0d096bcbaf80fe53e03098954d343e299c826e972de04d4dd787ff5ce47d4c0bf272

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fa84b83d1b6fbbb52689fe7d21c03f28

    SHA1

    9e00dcb085a280a6f5f3a3523c5cb53d40d70604

    SHA256

    bbbb510c9f13e0a7e8d633e021b37ac75790d9c4170a7657e98e35712f2b31e0

    SHA512

    3875733e014aefd0cfdd5732d98831ecf758dd1b32777a2a42415d971cd2e7266f062056893c7e0c350e3823f6f67f9f16d1ef16d59ebd828f88dea467d34e7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bfb7f8474863478749f939df35a04854

    SHA1

    bf567c8cc94d9485f35fae40bf34c56c10e5c1db

    SHA256

    36c064d0d058dd9de5b79df3c2f3423255a4bf3ff4625ab59d1ba619a6f01822

    SHA512

    235a65054c09764e2831e1b0c68fd48d8b7481b980dc7f92ffd08297aa20451e13a77f3c11a2464fdcbd6406edc40b86d63c6e3257b628a2ec344a72004f28e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    129d254e1d3fd3ef4692bbe3eba095c9

    SHA1

    fe6c16310c1ad790cd4ec55ad3a564b14cc07e1d

    SHA256

    b1be1a4c38ef988196f8e6f7f13d6849fbd8a5f2bb17850494780030ccdf45f6

    SHA512

    c5fbf77edbf536fa3cdf80ab9f2a4183b2bd9a457659e4ccac559575b3ac13171f705140eacc3a76f30fd2c87b577b5d5d288b0d8b977174eac8179adbbc7cae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b06d0ee5a736cfed7b7a6a95ddc3d928

    SHA1

    89eba45a96cc30225f45346637d213a4bec5fb13

    SHA256

    64dbe7911483a9fe53d3faa516f457c6234a284121cc332aefc96eee4eabc0f5

    SHA512

    d8ab4dc397ab15625b1b953c4cb267e2bed3c058283220cc634ef80ba32cb3a21f50fc3dbb8d97dda0b89fa12df85e7f0928f09d7a6d655a1a71ee635759aa6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    13d18b7d6b6258564eb4ceb341470a1f

    SHA1

    bfdc4045c1b11a03e0abc7c38eb3cfd7967a13ed

    SHA256

    309d78627f6254ec2826c8a279afc1188d8b956dda1e7cfe4791999a9bac12d7

    SHA512

    faaee060cef8765fb816ae97ea30e81ec93770f8e6744eb58ef34c6ce567b8da792773b82191a05a898b38dc8d9ceeab05a3db9e361f88aacdf84eb88cdfd524

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12d6ec75de31d2f226f61bdb4b2271bd

    SHA1

    c6be6c71eaed6efb993251e594335ff9577b2429

    SHA256

    c19149b86e9dac78ff591eaad254530b59f95d123d86dacaf8c7dee42b6af4c7

    SHA512

    ce254f4643d077cf937407c4f3d1663be3dc8e4a0398c02fed9a434fdc406b21c529f8ea2183c0d7e3fb879ec1db005db0db81fd2f2d452d6de228f05a3528e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7d1986a9a50c0d7de00516aaed7454b9

    SHA1

    677102772fc0b8ad38a64209c7152c34f6a11bcf

    SHA256

    d10a4b138cb80d864caad77663aaa8179162e1f79b68ba5c473662407bf4e2e6

    SHA512

    13aac6f19d5212dd9d01d2ada59d7f2164f85a17d8d11aeb328a4593f7deb1bd75d04aab5be96f6d2cfc1cd93313ba8bc6e8c3dd266a7bf1d40776476e259678

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eaad3c85b1233c97e0b97a63329a6878

    SHA1

    ac74e9cb7f6c4abb33786de3943cb77244bd00ff

    SHA256

    a49cdcbd59860a2075aa32200fad8800a8ec268b2da1ef10d4f6465b728cdbf2

    SHA512

    6fd41b106f0ed02ae31531697201142ac3d20ac76f70260767262cfbdc2e6dba17d07d028d43581cd9ff30faece9928c0b85e2523734ae54ac4f6a771d107197

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC776.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC835.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2060-11-0x00000000001C0000-0x00000000001CF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2060-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2060-8-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2068-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2068-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2068-21-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2068-23-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2496-0-0x0000000010000000-0x0000000010029000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2496-1-0x0000000010000000-0x0000000010029000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2496-22-0x0000000010000000-0x0000000010029000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2496-6-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download