Overview

overview

10

Static

static

3

a6ff5738a0...8N.dll

windows7-x64

10

a6ff5738a0...8N.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    71s
  • max time network
    73s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17-11-2024 20:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a6ff5738a0d0baa6c5e0ebd1c6470dad1ba82f6d6b1c17451c13a929ffea3af8N.dll

  • Size

    386KB

  • MD5

    5db182a2b00c85faa85266c7064f6090

  • SHA1

    7617534a31e2a73061b0ded8630225e3fdeef1a3

  • SHA256

    a6ff5738a0d0baa6c5e0ebd1c6470dad1ba82f6d6b1c17451c13a929ffea3af8

  • SHA512

    978dfa5cd521d791b82937a26eb58ad58a2330e4be08e117f60914157ba9f2a294360db25e1650bece2bb638ad6469ce161bff575eabdf0755bd68346f260b43

  • SSDEEP

    6144:IGSwpABH88cUQcGsJCsC8c4N9brdu5AqbdyGaeapaqaew3tacgQIxr:ILnxhcUwiCsnc4N9brIt3gQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a6ff5738a0d0baa6c5e0ebd1c6470dad1ba82f6d6b1c17451c13a929ffea3af8N.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\a6ff5738a0d0baa6c5e0ebd1c6470dad1ba82f6d6b1c17451c13a929ffea3af8N.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2516
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2708
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2476
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2932
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2872
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 224
        3⤵
        • Program crash
        PID:2480

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9baa18f868f64be6ef85ed494c925311

    SHA1

    7eca753c73c50d296ba5325650b23d86c332146d

    SHA256

    af42f5ae8d40ea01931cb64cabe86fef520b8cc08f4c51b89fad3f3239f6735d

    SHA512

    3785536052550caaa03dd7b8ac131e9f760ae810ba4203bcf7af3e7de497c26611d4d62f8dcbdc66009c9ee5ffcfdc276889105d279a57571f6ac6db20d4869b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e7a7e26bce192aa58b240655778b8aca

    SHA1

    71832f48d6a98120de86fd4d876aa41e807c0cde

    SHA256

    db7c596728c75db29d3ad359be1007029c1f95b36e14617a4ff94ccb8a4aa35f

    SHA512

    3501aba87eb6e4d5636b789ea88037f5cd03d9b67f4306ab3092049e0f04de48ed17aac8ebacb4bb35cf99aa6baa805672f2bbd498277206059d52908c97b20b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5b351e2971a498d1e2e5a31b4e9d63a

    SHA1

    c2efaf14f48dd1a64a5888b2a178b7f4b93456ad

    SHA256

    ce527a77a96d65296ebbf5e1f3ae919a6e3b69fc9eaf92299b64db8e51317248

    SHA512

    12a081dcea1d17c952867a2e0347db6c621847ca9b9c8f29b590b9e49824b053643273b1017f3f27f5a9d100ef350638daf3c34d3ff633cbc439bbd3175d6176

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    848e62cdc236f6af7acc963df42ef2ac

    SHA1

    78c87df4e0b66dbd4cd99c17fd9441b8b4a666e0

    SHA256

    47d00e8e25b116324ce22333de3a3c02dae11612e6ca72adbca7fc8144a593d8

    SHA512

    95d7da5b2bdf268562ca8bca27de9d4ac7b8ea8fa6292fe3dc7eed59f0e729699597aa87d413235e9c536326eefad58c7edbbddb4c81380fde027489fcf842d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c909ffc503706d1d814b51fa6583e0e

    SHA1

    eceda34c540e3b5d9eeb88d7aa9a07c6420de1e0

    SHA256

    5bae310e71bc15030239f7383649d1111be122889a1fafd594e9f0a55968233d

    SHA512

    d812fc40fbe6ca4adfdf98a0fde106eef782e2eab260545ca129a41c470cc6cad2c608cf475388dd0f73a31b124617921a0e245f24dc22a4acc9b955b4650aa1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    20562cd6dfcff8291b0496df622d4da2

    SHA1

    d0f7f3b4eee22a7c6c7eb02c0b04e2f22371ca10

    SHA256

    c37e939aef1de66e78d46d73f39ee0afd18c7cc58a936a19b9dfa878ba964167

    SHA512

    cdc6d25b6db2c19839f02cf7090699b91fe89aefd044d85e6a92362769b8e998188b3a4738104db27821caa65eca1ca33abf6605728715271adb471eb427da87

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    435658f9f2b757cd100ae6e115001d6c

    SHA1

    26000f8d5f9008923878aa791124199b61c2fdf1

    SHA256

    f18290577984c083fb019e1e321a4fa9ab55988822b415a9a57c8d633a0d530f

    SHA512

    ba3a788d12b2fd7b9bba8918bbf50dfa63fa675fd69f994982a2c48280f00af6e80367315bc19ac692cbfbdb3bedb347ef7f74b596f957b84fa21204c7e3c4ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ac6e6a9b791b725c5347f453bee1c22

    SHA1

    b0508ab946a839f76ba07e9938a3fe14c352be2b

    SHA256

    6cb3d440d80fd6e7c9765fefd6a4da46ca7791bbe8d797321c97ea7c658ac76a

    SHA512

    780780d28115a4e47af84e42a1ae1ea1589741f50dbd9cb443d2835b0c345e918dc211b1386f4d91e51381546c4e61e88a1d3e87d0d2da43956867daf3332ce0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb7f0e7216c64783ffed6db7769ddbd1

    SHA1

    ed00b73a682847d4da6c5cbf6adf507ed8cc5799

    SHA256

    3fd580e8e0ad85c6803a867683c2693502750feae94fc6e27e1c8c24e2a410c6

    SHA512

    b20f5d4002e5f1b380866906f99a59cdad079c254e4adc671de52624f5d183f044bb06b9e1c76d50e99286fbb0dd9edc89a7eecc791ad6c4b626b7d6a947cb14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    69059faf7c42c98a31264a90ea95643b

    SHA1

    15b0e94ba2a9c9206eca631331bdbcd31fdd5261

    SHA256

    32a2dcfd1f33a4505bfb636498f6b28584c28b5351b52a011cf3edac7d187e5e

    SHA512

    660aa8001c51a750827d84b51ab9018cfba5f46cf768ca283ead0ce602611a53f00a5afc6e84cc7b6384be5c818e6ab94186de1b209457aff7c9e3dca8a89cfe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    51b13705236ada074117d97d00dcf151

    SHA1

    3d725da55ab34789aa87d0f310748846f8fc7593

    SHA256

    ca10515765071bc430259a8dc15e38ec804524355c53cf87869a34e8920c5294

    SHA512

    78d6ba647ec342d314efbd1281fa194ce55023b62298533ef62c2c0c253191c5ed5aa61fdaeee5dd4aa71a28cdd27064a03c6a91a91baae56b76c7443a322456

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    585e1da0131d32e85dc120520e3d85da

    SHA1

    7b3b995880fcbf139fea74718878254e2a323c4b

    SHA256

    827391af0d6ba7cb79761cbeb4f06b7ad416e9f1a5445197fc0ad5a51ae7376e

    SHA512

    1c9479a5d87da0d00c233b8287f366360355d0a5ed6c5cad65b080585e63c4ef6046e3157b8e6474e0ff6b747a611898989dec66a0c81dd2d874b72aad1a5d2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1095ba7cf652ed79c9c7a887309de068

    SHA1

    ad2a83e9aaa50f115a746ef866314a6b6cff1b80

    SHA256

    ed1a20d0f35f9a66637e2624989f9d4dc0518b33ae0cb7c0463c49db978126c3

    SHA512

    122dae9e6ca2602a68fae1141b700268c75112bfce9c2c2d7d65bf1ebdd0128dae993f470c92e5d7928da9ac924a60dbc8fdb35458e71dc9ef3bd62a29183397

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    649d9f0d8705cc82326496e51c143397

    SHA1

    5ef142dffe2b7af46439f76131126ae4ddece977

    SHA256

    691df34e8a1b2d34515bb2055ca9f86b9c80c521fbcbb1b9dffe3e884e011e0b

    SHA512

    2fe7d2f486ec7330503a2bc0548cae0e8ed11c5478e821f7dd8889fd34391542a8a56dd5bd66e3b874fc27e58128f87ffa0e7888cbe804b0a75548da7368a1e5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB7BE.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB84F.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2476-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2476-19-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2476-16-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2476-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2516-8-0x0000000000130000-0x000000000015E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2516-0-0x0000000000280000-0x00000000002E9000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2516-22-0x0000000000280000-0x00000000002E9000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2708-10-0x00000000001C0000-0x00000000001CF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2708-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download