Overview

overview

10

Static

static

3

dea756acbe...8N.dll

windows7-x64

10

dea756acbe...8N.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    74s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    17-11-2024 21:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dea756acbe46b538a26b940881d51eb9b47478bb4be1855c60fac165d21354b8N.dll

  • Size

    546KB

  • MD5

    6cf3553d254e7615bb1864baeb694b90

  • SHA1

    95a1cbdf7f1978ba5142927843ae94de5e1af2da

  • SHA256

    dea756acbe46b538a26b940881d51eb9b47478bb4be1855c60fac165d21354b8

  • SHA512

    c89bd1ec41235bc4811499b33eb01ede01a1f283219cf24cfd709a45b84f09fd15e4caf5ce050ffe9923360efa4cfb254c9927eb241531298b946d821fa002a0

  • SSDEEP

    12288:I0L9xEQMKJd/gKVD7u2PqVvqeithARFhO83gQ:XEGzD7uSHeithARnO83gQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\dea756acbe46b538a26b940881d51eb9b47478bb4be1855c60fac165d21354b8N.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\dea756acbe46b538a26b940881d51eb9b47478bb4be1855c60fac165d21354b8N.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1128
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2224
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2212
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2004
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2004 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2940
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 228
        3⤵
        • Program crash
        PID:1456

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    41fea21263d52dee3cfba15647415d2d

    SHA1

    67854d0377e1719bac454f294e7f54c685a9e886

    SHA256

    985843825fd4152da7005eee7cac5926fca0834deae05f0f3fa9a2fd1e0bd98f

    SHA512

    8f7b81327643eff7b8b9fd7bd439efddd0e474692626bd70940774597ba73363fe87ec1648b4d2ca610cc55b5f9c2fbf177f1c474a409246c8f3bf7ddf454965

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe94f5130a5ba09374473bc509237cd4

    SHA1

    25765b76bc4e7e77e85d059908cf8f1725a2657e

    SHA256

    c125958ff9d65cd3bb84913b16c717745d1fc49d0ea4ddb4fb8f63d73dfc97d4

    SHA512

    89193d6c8d295837bdfc202126187c05ee37bc6d0434ec757a73a22c08b2da15de53578386d0b1fc0ccf6df245670e15c50c249cf6cba68d2f1af1790c236487

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a150fcb2fa56af6706febdebe0af4a2b

    SHA1

    3a6a60a4d0fb3aac466594e872dd126001588a97

    SHA256

    6d7973cb928dbff867fa3b85907381b91dbee6c4ae3344291ece659c6d8142a6

    SHA512

    3a3ca28addb8823b28b00f2b663a5ff23e83c5218fd95f3bfc84e9ecf93d3f67221639d34880a60cabc427f79a1e5a6730e06b88d491be3a5978cd2a1151ae9f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    27f284c8b3e59466df8adabc0ae64bb7

    SHA1

    7921b6af55922c244ff1f7a82ecb6805dcf2b59f

    SHA256

    d4e8f81287438ae5d9a7335dc7e1137b11325c34307875403a07c02fe97c8ff7

    SHA512

    26e31c35b1e0cc8cf71ac11c4a1ace6ca71ef4e45e4f0c40a39a1fd1243f3fbfa6381859f836354a5470a282339b551a79f2a7ec82a0a020e72e58e612b9ab79

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a1eec5187c1dd7bef72f365970b25f27

    SHA1

    770ded6b0ea5d09c3f949b577ac65d005650a072

    SHA256

    b37af10e3eb16705c7ee65ce004c3154dcd64813aafb3cfe73e96d4e1d41eb9e

    SHA512

    3c8fd20db9aaf9280718afca45d59388f960434cc9c3081474c342d3db3a7e38830d0832cbc26c36bca16693ac19767842de3239fefaf617509f2eb3044901e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1d5f06c941f101769fc9597cae51c22

    SHA1

    fb09f9f5d12c930db60e81ce10132f6a1e10fca9

    SHA256

    32e921c61e441e5bc2c8207bafa0152d6cb3c895bb7acca63ce0e3305beece98

    SHA512

    20ada3ecf887df5afb598b397d7fe0a1c107f680c9af8705a546befd8946af4f8951e9beeff79981f0438fca384e02756743be8ab190eb442c660d48413cb3ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    51a9bbf30c9b48428f419f31ba1f8b82

    SHA1

    6e32db5b7c745baa01e1b9e54521fda595d01275

    SHA256

    92c2397f7c4116cbd5997856f035ce5944c84c15ab5df4b8e85f63bcdd14afb4

    SHA512

    c4ab2e62592c1733e9e6f9c5132765959e1f3b59cb1ef1aaf2ab2960af080e920d1b47a500bac936803a2f1f83a8f29f31ec8439e8c39a4b520b44d127a65b1d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ceb54e3379163d8bba830bc58def019f

    SHA1

    e47415db2e602984e3a7b38bfd960b48be56c443

    SHA256

    1eabdddccf68ca90f9eb44a6f2581577b5a7b09ca997db6c4c81ce7b7b61ce81

    SHA512

    1872a54a126739d41e6e52e4b55c2b0bd3cad5107e9c7e8e67c5c8c0e88b2ca4336369f37ca3f143d9b635661745b50e02783ff747dc634c23464fc035daa420

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2970c925af609094e88c0536e6725cb5

    SHA1

    28f07bec3415565c4a8e78c80cb410a77441960d

    SHA256

    36c081815c873b35707536c146b31a208552b6599e643d8e30e9487b1f90505d

    SHA512

    b1b6d7ca7e67071d1ee088c6daee8822719ebc3b4f32962f9cf22213605a0cea60e853c55bb1fbe3c54cd13e4f0539acad008f4a825c2ed2a6b10a4ce1e75e81

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    70e9c4c39481401f99c0bcee1f728ac1

    SHA1

    4edb59e10fc8b6c314276994bce7e9a9099d26be

    SHA256

    3450d8f17c88adf8c2ef755d72e71ca46ee2d218127ee40a9f416f98e9c03e44

    SHA512

    02dbf88ecf66f07a3b08215dee5b220fc52b0bf16bb925d31df6e66dd608d7b55a4eee1bf7bb07f53210d09d3fffa259553da14fde51b117ddb251159e831755

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8168d231a1af3e04d7d20de00e3989cb

    SHA1

    54ee13390c647a0544dc8ed57c29d5e9f4180bf1

    SHA256

    54ed80b207e03dc33bacac41dd6d7f04d2c6e3acb2e01e06fa5784bc6b3e8a45

    SHA512

    6322a70f3d5f923c9071e3ce64cbd0f6e0c30dce5cf72997e10e625456cb194c75f4f77ba1da50a4d5f2b717bc1da57350461aae612b98e5a898a5a3388f2296

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1bf7050033a8f24e6f0ca74183db0ef7

    SHA1

    7fad02efa4f5eeeaa0ddbd8d5913f90b633e7d66

    SHA256

    238d4783578e32c142d2cf50bbce1624d9ec986436aada7ec239e059f8bdfb4c

    SHA512

    fcc8b15cb74c732a0b397ce503f236336258a340f96269de8b993170a26d4224ea5fe0692a10cbf6b846609548b92f1f61f17ca890d7e0a2202bb258671e4018

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    20a22898a6a288c3a56efbc8ec6f25ad

    SHA1

    7c4562079465d7d4f2e57211d578abbe9ff9fa42

    SHA256

    2598cab4ddb48b0027a2ab63dd9029db52f9eedb7aa51179636a722ede8a6c05

    SHA512

    767bcb4a0968e96e378962c5c4efe0bbc92657ba9acf55faca3ac97db9ed274dfe689147a6992d94dd4423ab9a9a4e015b507396c602630ba8080d58b8e09c7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a67e617510c5bcb5d976c7846be2c47d

    SHA1

    59c2fb85a0f2b5165df4dc216330e10c2919db7f

    SHA256

    a6cb451d14c5e86aad16db4bb552e4a1897d5c9344c5c112648923287a12f5b3

    SHA512

    b359c4658db1b92e3aef47cff35d4fb7ef671c1abb77d08ceb75e7cbac95a24f3050ddb2f60482d2053c806fe2ef8a3ba5c5d8b67fbade273ef44b95a9a0a462

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46d01115bcd8657970c811ac87a2e7e5

    SHA1

    007e6564bea9478b9465720e61e192f89027d127

    SHA256

    7747520d0fbb611b37ba8b16330573e545525be1e9e56c8193c7b8bf35fd3155

    SHA512

    62e68d20c934298d25633ce94dd6e3c20e1cb000b32182981d5bf09cfced1e212f4f1d66813782d124a42a81ca28ff392c79ebf2f6bafbfa06fbdc53dba67ff3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2516a57be7dfab463676e06a176bbd8b

    SHA1

    b625f570fb7379fb8b635027a7b65ea59f9b1a30

    SHA256

    0bc03bab4c8a3d03d18f99bd4d0a04cf42d0c7c9ce42a659a83982feb008d002

    SHA512

    dce38b8fb34daededc6500369132bf895875ff3b7ccea84234492463194a22d2ad13653a080b177ea5bb383d4de174d15465ebdaf352f8e81ce8bf9ffc41389b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e00d3761433530c1d4d57441b11f209

    SHA1

    7a5ed15e3d6e70659ece395e9d3627e38d672fe5

    SHA256

    8bbf8f29e38c689cd41d8445c0a2e72f29de2ccd22e0b920a7992686b5320ae2

    SHA512

    b59b073933249c031bb10614bce78f7dc4d9d510c605cf7ba913dc1577df911c9dd3e5b66b431702c81b785ee229bf4db8a10064fe065e87ad486c966dec9ca1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB399.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB477.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1128-26-0x0000000000210000-0x00000000002A0000-memory.dmp

    Filesize

    576KB

    Download

  • memory/1128-0-0x0000000000210000-0x00000000002A0000-memory.dmp

    Filesize

    576KB

    Download

  • memory/1128-6-0x00000000000F0000-0x000000000011E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1128-25-0x00000000000F0000-0x000000000011E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2212-17-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2212-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2212-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2212-24-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2212-21-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2224-7-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2224-9-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2224-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download