Overview

overview

10

Static

static

3

567fb69d76...8N.dll

windows7-x64

10

567fb69d76...8N.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    17/11/2024, 22:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    567fb69d76ea237159c02b5a4e4ebe4be9571d506cc8cf38637f055800055608N.dll

  • Size

    140KB

  • MD5

    cd75e2ac31727e8476ea3d45cc4b4f70

  • SHA1

    2a9481617dd6ec0b1b61a047dfc5bc72cb1111e6

  • SHA256

    567fb69d76ea237159c02b5a4e4ebe4be9571d506cc8cf38637f055800055608

  • SHA512

    a2e11f6a5449dc9ce00e048c7fa2f8ce03d65d569404c9c888c03dd011d2e6cca4521348105e497aaed391cb124a247657a08d4c0e8671619974205cf779a591

  • SSDEEP

    1536:rBC8cGhP4h1QlBR5szrAMty3KntgmaGSR1EbsQI1mhiMBUroMhF:rBC81V4Iz0r7ty3KlaPEbsQIxrDf

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\567fb69d76ea237159c02b5a4e4ebe4be9571d506cc8cf38637f055800055608N.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\567fb69d76ea237159c02b5a4e4ebe4be9571d506cc8cf38637f055800055608N.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2152
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2332
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1008
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2768
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2768 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2476

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a9cae7292080cfd0be7301344fd4b79

    SHA1

    0ff9dda330bb4084b35e809efff22cfaf85486a5

    SHA256

    f52b1d9e744ce2be23309ef3a3403ac38250adcb6643c2e0fb8eedc35d13d70a

    SHA512

    9b18cf615efe56f27b06e2f97e49978aad9f16af906a92c90e9f22b10e48b4c6d5a78dd3129c85ca609f1a80beba57599fce0526071a4ab3ea077f70cc54b6f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    478464297fc17d460a8af7feec18c03d

    SHA1

    ca601a1311de5ec4646911dd990c987b97987df2

    SHA256

    f6d754fb4c672681ecb5f975f118fa638d6c1787c0b570566abc16229643767d

    SHA512

    155e5cc5c2dc6c5a8ebfb3cb2fa91d2901bfcb514dd8b5fbd78efbffb979671609cccb018b98715e9db5770b1f9074fd1cb565bf1596be8e1bab8dff21423189

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b68f970f0037516b6d59adb177f5b038

    SHA1

    1999977db614450e199885e87c0fcd2fe2e7d1c5

    SHA256

    4a2a5b28244065aa43f7f25fe2afc5ceb3265c9f9661773d0ba86ed71ab4b61f

    SHA512

    4b25dd36fcbab4c01f6a89f352c36796d4666026238bba8400a03b95248c0335fd402aed85633403471c4edd9cfd23ae65ba1ceba610228529ab5905e4df6620

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9497c90410a0a6e9282ced7c2087fca2

    SHA1

    41bf2df72ebf11bec051808cf15e78412a2c2a59

    SHA256

    9d44ac1309f863578f7d9a53d6fd31f2649232a9465626f0af18607b2cf561da

    SHA512

    7fd49f049dfca9b81d1901f7a6ef0311c0f29ddccf1acaaeb8539f653527f2a99b842874838845f068bf89c286fa5ca2316efaa6628079775be2de924ce71aa0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dfb56a35cc9470b04c66afb0e1713548

    SHA1

    ed3cf403fb6ca0a785385d07840186369cdd5676

    SHA256

    e4028aa131c117e075c3e13703de1342aa63e5ff23385e3bde4eb00600d4a8b6

    SHA512

    c9125469afdc2eb3fbc4fb5ab982f61e97440d3e3fe7ccd5df5df366df432b45d40dbf489e425ce0e293461c488dd7cd4099fe70501d8ae92f5658df132451cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cedead4cb5631b9dd653e88dc25272d4

    SHA1

    7d9df13cc0a2739393cd0f085e1be289e09b2f1c

    SHA256

    4eb46c3b8d18d0ad7069b26900e82b9cd0e7ea70627102a196e667dcd200f41c

    SHA512

    3d741693cf482facb32a37e4a1d914dd1c3dc3d128bc4acd9b38d68e1a48613583c27ff9e08d225aab59ce0324b801a14fd488d1f76511cc3f8486ed95f72f2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    79ac6af1ba63c57aa404ec55b7e3fe04

    SHA1

    3c484f230fba61518eaa34de39ba60f4c8611850

    SHA256

    f6b4577619c00dd947e561d389cdb3ccc5974c0173e6797f6e953f8fc76f434b

    SHA512

    6e1ab8e47df13371b2d1882933144ac044a37a3041d940c66d6b23a04f5e5aee6e0e6259a29ec218905ab58f3c927f0987bffee6ad1f6395332f838d37a564ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b561fadead593cf4d44e4ca3ee88589

    SHA1

    4f1356b45d572bbd3cf9e7e274ff59ed8bf07599

    SHA256

    d62aa71ac9be2f369ad5f09eb8b09fa0c38d3be71457c6bb36add3df8635e1f9

    SHA512

    ad047f23564430b070f5c1a7a8433f0158f80845f013d7cec486e293ae3b9374aa315808e8d5febbcc1ff5bd1e535b5231576f22fa4e07b8927c1ed41bcf34be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c892ac84e53522c2e8cc67b1f06649bf

    SHA1

    6fb35ee4bda195c6691f6966ad91e10e2ae45cd3

    SHA256

    ce2b1b5708e752afd844b84c02f5c133df4d01bcd2ebd1559a4e65dbc7ab741b

    SHA512

    8df6887e6f076d5b4b486facb481eb81db4f586234673f1624401e6f9104171c817ae9a21c5a8cbf9308f93b35959fae38ee5389ca5aecbbbd0f586562f6f221

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    155fb3d51cba644a1265cc302610aa72

    SHA1

    bbe2e45d0893d1bd84a8218027da7827e2da754f

    SHA256

    24da56d910dcda08b803ebfdbb5f232ef2a072166e8b97b55c7264a49f41fc8e

    SHA512

    e939db68c9099a255871714a067dc614f424314168af18321b0e5e12f77cdab864759e9ecf2ce2ed7f9d67bf43812143079a956db69836f475aa1a1a0ec45abf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b86811d5ddd8c587f97cb11f709efdd7

    SHA1

    b1c4aabc3fde3c30917e3f0d9c23a89df072889c

    SHA256

    169488e5561e73d879987e5b7ba538a32fca40dc6ee2df217d251d486c35a389

    SHA512

    7b4a46861654dea53dbefd6042e2620fcf64b78ada62070efda981d7b7e931a082a363865489d0c016a58a2a1498c6e4ac7f0d19d4a44bd9283db569822406ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    396080109fc7d9dcfd074af1bc8dd528

    SHA1

    d5f3ef16cb9ea2f1b0b681c3ee5a0e11042608ee

    SHA256

    c700236df75f9129c1ec0606c1e08eb8ef361f318b3bd7aad3c6ef61e2c287f0

    SHA512

    d540a963819b53d7a0cae5947e61e403e180fd4cd4bf3929b679e0f258da7739fed7525c3ff59d303d05222a318859393817d3aec13d1b42d7fa893029cd7788

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dbc33fd83c98b382f09c85aecef3329f

    SHA1

    36ebe2e960bd80db85922159f2b2ebbc1c9b6132

    SHA256

    c5df5677230ea10571720489435193bdf532b4a2bf5d36ace9b808cd3418d3be

    SHA512

    620205bb1bb2327f5ecd994c30c0dd973539f827277787e12c295d9395b880d7b724b1f54f7bfb9ad0c8446aa4e38452a2f6bedf18d1cee005e91ae6c619ed9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9adc725dd2bbc051eaff331fb6fe3e38

    SHA1

    d6fbffe55e6abb50fa20aba5e3d0764c6896915b

    SHA256

    3ddab6c2e25b415cd235355facb6cf8c488b5e00f696b9d347f48970c0250f6a

    SHA512

    467932d6779ba6d91398542c6163c735aed20c9c8a9dc7b301c94ee50c38e4b07383c419fc6c9f0525c9e54502f0157dc1024b560f68c83a5042ba78a1443700

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b86916e9ec9a8b405a4a050fb48d3346

    SHA1

    848664ecdbcb06d0a914dd1cb03ac085612c291a

    SHA256

    eda97e9e89f62e3ffad105881e0c892c5c879bec7c20d3fe68362ad01d8f0eff

    SHA512

    cb4133a9a20ba37422d98b03cfbad7ecd3c54c6e7f3ff98a9a778f31fe60f99cfed75906dc9afa71efc6eef399f91c8f42ec9877a168eb1a1292e787473abd1d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ac1591dc868b069921e741afcaa98c83

    SHA1

    2a647c7a9a6df11059b63a636db8ae1b39adece1

    SHA256

    2fbf5da6801795cdc0dbfc0064d82d76566822944a54ffc0b45bde24f7104cc2

    SHA512

    179c101f6b183ffa33b1701287652d5adf62eeb6ddfd844721537bf7bb13aa601d50f4ecbb70e864a237d82612e89f9cacc240188a869d11e65b40b2c611c5e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f9d43d81e79e89abeac28fc716805a2

    SHA1

    7c87919024663dbd2f3b46b89773f505d385d739

    SHA256

    ec46a461fb542dfcc62491d2cb5c3ea32d2b4212c1bf3eeb114896abfa446db8

    SHA512

    5109d48c4e7f337ef706ce47f45941a39d7f0460c8582363a98deb78711732fbb7644a95d854871d1def79297b491d79bacfdd1be2b7c88be4f498b4693f19e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    942f3ab3008505cd7208effb9a43f777

    SHA1

    80fab4c2435e7b018d2af698b66f5fb515e37f54

    SHA256

    de4f157d4391441101b3fb0de20d2a35371ca3b67a715ee09e0c25cf4aa816db

    SHA512

    05f5773ea45322a1cff8952947401b8a0a7ed5de0b4c71af332fa3507b8015df5e315beca043436ee71b0e7b972f5c8583fa9d9fe1d07f571529e7f94130053d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3BBA.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3C7A.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1008-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1008-20-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1008-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1008-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2152-4-0x0000000000190000-0x00000000001BE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2152-0-0x0000000010000000-0x0000000010023000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2332-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2332-8-0x0000000000240000-0x000000000024F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2332-14-0x0000000000250000-0x000000000027E000-memory.dmp

    Filesize

    184KB

    Download