Overview

overview

10

Static

static

3

2643b7e42f...4N.dll

windows7-x64

10

2643b7e42f...4N.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    67s
  • max time network
    69s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    17-11-2024 20:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2643b7e42ff6517249fb0eafea6dc25f2a1874cfa6dbfb885ae0d8f1a1da7d74N.dll

  • Size

    359KB

  • MD5

    d921248c531f524811910f3d18182d60

  • SHA1

    9d48dbc798062fdedbe0c5410add1e352653cbf5

  • SHA256

    2643b7e42ff6517249fb0eafea6dc25f2a1874cfa6dbfb885ae0d8f1a1da7d74

  • SHA512

    2a2eb4176b0d8045e4765622c09c2b2ba419aa876df7b660d3c0fca2f9475e4146a31138f49d55544bf4ff9b55cda4e256d7e760c3bc6c68855a7b5ccb2562a8

  • SSDEEP

    6144:xQv5i2M/AOvLQTvxaVTZfwPZ6qxqFl8Gsrr1aT05gzacgQIxr:xei2M/AOvMdaVTerrRq3gQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2643b7e42ff6517249fb0eafea6dc25f2a1874cfa6dbfb885ae0d8f1a1da7d74N.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2316
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2643b7e42ff6517249fb0eafea6dc25f2a1874cfa6dbfb885ae0d8f1a1da7d74N.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2380
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2612
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2132
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2272
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2272 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2748
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 224
        3⤵
        • Program crash
        PID:1216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6da516e6cd1c59e9765469a2b8b503f8

    SHA1

    92bb2e197e8f4c982ba307324b098b0c8e365a6d

    SHA256

    2603ff83b1c8396f96b4c1b1bc4011db5e0bfe9da706f48e5b4ab889addbafc0

    SHA512

    8b9b15c820eeb1c5bf2176679eca3efc52b473b05ffc61ba6e58e6ba416948d76cf23ef31f634230c73151c67f78ceafccc15b8191bf193797a51792b3e5168c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1f23a063c65cace28120fa075ed2faa

    SHA1

    aa9908b3214dfa776a442387a83909d1cd68e2a1

    SHA256

    7e6ef4f01c9ddd228a9d6268a577124c9bb7a22f037205fee701e73bc4c54616

    SHA512

    8ccc2d7197d7d311fc37aa53abc6ae74335a4851f240fb3a7111815a7a4f60c12a4989eb9157ecaa4f7d14d26e42d1f49aa09f405793cde8aa5117ea2c989b0c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b717b2ca5502b6afc2147dac4f8f42d8

    SHA1

    43e204c497904c9184d973b6822e612c1f4a8db8

    SHA256

    90c32e9a71c377562a103f98e4993e553f660b426039bb5b19e99c178fc1baaf

    SHA512

    b86003a9b1d8d304cca47d47d093e47da2360e558ca8611b89f1852c4291cd2cead8b2f6c31867884d17633c4711621fd1aaba9f4dbde668aa814e84ac01ee5f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    20b31b275982f9cdd91f33ec9aa88678

    SHA1

    fc6637f85abdcd06783e11e1a85f6e25d0fe960e

    SHA256

    b998373eacbc7f57dddad5a1010f421c2b0fad8a1aa90c39715ec661b8f6f6d1

    SHA512

    9e1cc2cd4ac193438c702fe985b4c3a900fb4e74790ea0c31b76d7b1ffff062afb987d0222aae715f152bb9355e0ed7de1aa1684adcca85e62dc2867ac3542bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    329cd0931cc370fde04871651dae11af

    SHA1

    3f78133b200904e2fcff8b7a575bdbe68025f60f

    SHA256

    ef3e9e844907c99a1ddeaa8c3ce299c3a1a76ae85a50acf77d922a870662c21c

    SHA512

    966bd864adb910628691236ec3b8c63a5ad553d709672480b73c6830a64f65868bed4c61afcfa370adb77a5e04e5f3284bee521b65119ac434e8f501734a405a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    904c49bce29f4cab43d1b4f9e9bbda6e

    SHA1

    7f60479b69f37707d51ff121921a474622fe6323

    SHA256

    557da37f6fa6621b82c317088f830115f95e9adb7bf12a47ccbd7677b8e467bf

    SHA512

    5a08c0a2811e480bd4e89e1582da78ab2a452d7030cd8359940d57fdd95340aaf14071870b8f6d06f4959b2238499ee705aae63820c98e6ecd001cdb9ed18855

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6dc6a74e4cb1c6c9a71e92fe12d76c46

    SHA1

    3f9937b0729431eb253da64c09e40cda1c572808

    SHA256

    ddb4f14cc0a28ebd22fc2d018354ef9437d39022bf22b5da4ec1e9115f154ffb

    SHA512

    d737dae7d22e997ad04cd8b8882c71476ed7d68c865d7b3d097c704b1f5710f93fb2fcdbc6160b60fb1b568bada35b0621d970c461a0be4e32d6913e2cba6a29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4fdd62930d0cd1c7bf091665fc045b55

    SHA1

    ac802fa77ba61bcee52e70d873d9f37a2da62f6b

    SHA256

    af2ed6a3221540c81ac3561b1097514f5f28eddb1d52c78fe92d0d7162789fbd

    SHA512

    2af112e34392bc89199750a6f7c66013c660d59f4ee0eb2291d73d8bdd1bcbd6bab06e711823f69fc65af4e14ea84153b72d983fc8ae63ff13044d1ebd824473

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6c33b43af300bce44c53c6e48863f766

    SHA1

    77304807735d837b2b160b84a105d08dbefe6b6b

    SHA256

    90fa7a63561d00d5c7ec72fb9df33ca05018beab6fb008697df111074fab4aef

    SHA512

    6e69061babb8a81f34c5398a16a5ca83efb69f5b8f31449c60c9937d22d8f088a29309290df70efc6f6e73f872bb426d16777a6137ff0e695a86b4d189adc8db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5d0c8f51a513b82d23bcb751b1186140

    SHA1

    255fc0054a838268f8e10d1efbb99224e32db80b

    SHA256

    75c27f6a0d442efd98327105a887c3b1b158ff2d15ca2fb5eb0cd08906ee39db

    SHA512

    094cd9a6ba39144cd6396022083e909aa546725cd7721a78f8800d968c33cd9916ca82eeab5b3c2f217effac8ad4b4535e91ecf68c6342cd4d6c89022d0a0a32

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ca8284e182b6aed9d364b3ba6b069a4

    SHA1

    f8569689a12a37cb9317231f46449d2da4295f6d

    SHA256

    f2ba48bc9b6a68bc04bbd8ff4fce37c8894a4a5a5359a55f648fd628c96e1dde

    SHA512

    84110c9c571945056945242a51e2a013bdddcff6b8d776083f48db6c36f0a356f4ee8f4305f30c9814dfbff557ca8b5a02b7db78b995e867d77f5d6ba76b027d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    655232ebbf4714ebbead18b5ac898420

    SHA1

    6bfd413d90fd9740af9ae7b9357550741fd5a28e

    SHA256

    a0d2c7279b68e333424debb6f9b821b5eb10345372edd2c46ea532da144e833f

    SHA512

    c5f638a7efbea19eeef14efc94ccd53d3fd30be655904cb4113726a118b9d9201e7a34191ca393e8dea5f105d5ef3401957d934d13b850001c12ef52baa0e9ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f1389043194222dc1c41896a9a0396b

    SHA1

    6a58901f91d3cf3169e86f01df8361e141447494

    SHA256

    17c35fca3ed3d72a2b626e9f115aed20a597f4a5f3b6696420fcd2d906b032dc

    SHA512

    f1e869dde0df6a669ff0a56427fefc0203e6e627416485559491656de9dd75337c10d9f5accb8b74f32c7c977cf2efae62fe769b5f9ea0d22def0f7f51a9958a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ea9513cba0b1f2e1a013b64ba9d23a4

    SHA1

    11964dad13bf1d2900dd79fda13bb29a7f1eacd9

    SHA256

    8131cce6af44d50a006c0ce1db22f801aad6721767637dd66e5e66816419ab58

    SHA512

    3e6e6e2518a330064dcec0507d240cc94b78c712d60b65143e64d76e9eab5bd841a6daa52d3b9a49ced9bc9ba7a8ac68cc9fd485741be2251d3355e201f2ff47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2be9fbcb68d0f4e105a0c1fdf2ff4d1c

    SHA1

    294e48514ddacfa8167bd50ac18b79f1d98cec19

    SHA256

    463be3d128983e7e7b93f69b0c1aea0672d3f047768c28e7f560e2132aa424cc

    SHA512

    7f57f2f556059964a57451d99642644ba67506adad236efd6b0a5146e09e7443786018c2729746ca034bfa6728b8fc1a63e599aab37131bc9053f05743a00687

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    59108c118ac0e423bcba8e761848efa8

    SHA1

    63797dc7255c4c12c0f6449f0c713c9a727ecf98

    SHA256

    0f1825cad7cec7d9138740afa97793f1c358cc6bd41c868ba4d0f0ffe7785e0a

    SHA512

    f628f85baaf1b5a4d86cf9b26e8c2cb0bd868b7f6b83dd2896f82c1d3333eb66618aee628711f2692383ad7360eb9b146c6e1de212b0cdf7a0b5579bc0f83124

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    55597747d506e68c6a746b1a5f21c3d8

    SHA1

    2ff3d3380b899c3eecb48f32742ef6e8661544cc

    SHA256

    99ee070dc23b9ffcf867df54d17cbe429f7e92bfac582caf684d439c1cad8a83

    SHA512

    7456f74c06b5624da534f6893de65a0e50ef5bd11b9f125107668d967701fd6ce3b498da515c0506507f5013f684658610d6bcd4a4ae4f97116d541b39e86da6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6bf4cf13aad38818c570e1c24ea3f99e

    SHA1

    73c69300bdcbbfba5f9ecb7a04ae45352659dbab

    SHA256

    c622fda599a8c32276a978e9a6220854fcd7cecc99bdb980444b0c7db4e8711d

    SHA512

    0d1de5e23f35d8a29839ae7a8279536426c2fe9fe897a0515270c973b7e25d28dfd337418998c558549c0ebdcea85eb1b2f35e54a23c7c76471cc17cde4bb2e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95d67936dc1f14eee30b4d852156b4b8

    SHA1

    3af33cca8738b0ea28476e7db165e74819f51d3e

    SHA256

    6dc87d04919807dd090c9fc47eb1fa54ef5588ab28527991e221ebc6a2fde662

    SHA512

    5be2697148aedf755fa11cc6d4a7f9852295538f7d64bafa943a8e080de6b3144d0194d2f2429358b9858a58fe6efd91d90c8776e2c98bc48d377b596485abe6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4acde9e2ab039f1e3eff7d1a407c1d6a

    SHA1

    4f5e9e4c97d89525b42c38c5659f4fd8b9f4bc6a

    SHA256

    fa6d6f90bf4c99fdd334c8f313f85e4fd672bed9dc2c1ba070e2c32f3a43f1e5

    SHA512

    a5dd5fe912d78140cc6680b3259dd49112ab7db73b6dc4f79b52d4852f7c028bb2454dbb358f4ccd57d33ca767a88942dfb179646791a3bebcb79f46eff1335b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab255.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2C5.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2132-17-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2132-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2380-0-0x00000000006D0000-0x0000000000733000-memory.dmp

    Filesize

    396KB

    Download

  • memory/2380-450-0x00000000006D0000-0x0000000000733000-memory.dmp

    Filesize

    396KB

    Download

  • memory/2380-449-0x00000000006D0000-0x0000000000733000-memory.dmp

    Filesize

    396KB

    Download

  • memory/2380-7-0x00000000001D0000-0x00000000001FE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2380-106-0x00000000001D0000-0x00000000001FE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2612-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2612-8-0x00000000003B0000-0x00000000003BF000-memory.dmp

    Filesize

    60KB

    Download