Overview

overview

10

Static

static

3

a98f71032d...a6.dll

windows7-x64

10

a98f71032d...a6.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-11-2024 22:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a98f71032d1ac1e5a21e21b111f4532aa57cc887d9df42c0fc8842d6837cb0a6.dll

  • Size

    170KB

  • MD5

    38462b7b4f6bbeee22be0fe068ca0a47

  • SHA1

    0f02bd6702e69abf775d191dd99593aac935af64

  • SHA256

    a98f71032d1ac1e5a21e21b111f4532aa57cc887d9df42c0fc8842d6837cb0a6

  • SHA512

    a46223247d843fea3f9170e5f4e6f67bd36c40db5b68b2efe138bd43821265001bf33c1281cdba6213d8e67e85a9c8775d1a85dc99f925087dd1065811fb5936

  • SSDEEP

    3072:bcwO/iTOdgWtJ6LTHn/rkiENpYrvQaSISixCC/xwp2rrUDL:bDTOdgWtYDjkR/YrvQaSrcwptDL

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a98f71032d1ac1e5a21e21b111f4532aa57cc887d9df42c0fc8842d6837cb0a6.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2756
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\a98f71032d1ac1e5a21e21b111f4532aa57cc887d9df42c0fc8842d6837cb0a6.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2816
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3004
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2944
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2944 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    831cf420bed03d5b2b4d429c9f42ae6d

    SHA1

    768c58518acf872d6874420105cf9b0d7622d978

    SHA256

    0afe3a9c407988bac93fa68c54bad6b9d431b05ccae2492254bcf0c9e2a94f55

    SHA512

    06541a63f5f6efda4b20eafa5b9a5e908c40988a5190617169a2d65077517aeff85ac493615f08ae00ba1f37b014625d86a1f8014406a0cd06fef2a9daa6f5dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5c53da808c6116adb0ccabc10f8c415

    SHA1

    08bfc0574f3d077be2cfcffc84174c8ab3fbe09d

    SHA256

    4be75b67b85a6ee11b69720d88826ef3f2ee50a5a451962e934f3de8aa5e9095

    SHA512

    4587fe3f947e33800309d0060f3a140f59f562fcc2e09e3cb9d6c0dd4edd46a0261a4ee54ebf5e7dde2f388ef8ad1fcefe55eec6a3c4f54427ade4cbff3e0910

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0323c8a9ba573b2dea8d0aecddc8f34d

    SHA1

    cdbc97df2a9c6139d4439c20e1ea8acffe256641

    SHA256

    a4f5a0e56431c3861029e4884d3355dd56681952cc5c212d20542a844f07e3d3

    SHA512

    120a11cd21c02b0a1b322c0f8bc867e914fd163fb9c0f459e0d076c87eb3df9b991896e2894ec104f6a30ce6300305ba461824d49579446273c765b77d5536e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f70a13ac2c3523fe559e982a6ad5267

    SHA1

    e1ab62d45dbeff2957f8054ceb32306240f20807

    SHA256

    5954421b01e80bb28569f0fd80ed2a3f15196f36c2195ef32b669d8aeb39d546

    SHA512

    66f813d016dd52e6e0f4a74c0d1eab34f4f7a0a0634d0887cea0def260480a1021c85f3075745a218cb93b8f9b1c8ab2857905468546a0a92ea427dde782c002

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f38fc17d7af7e66b37955b7774e60bb

    SHA1

    718290579853c26a0922d79877b781809b17c769

    SHA256

    827658d4cf20c815ea0b5e7a28bde69894c54f7fdad5aadbb6530594710ede38

    SHA512

    004d5cca4ab88789dcac2f65943f7b21476581d0de92251bcadbefc397d851c393a880824eba79f0698a93c1212ed995b69a69adfa14fed78ded8d6c34e959a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48dd5cba3b1a6614ed7e2a2cef9bae33

    SHA1

    119edcd54b8cfdebe2524742655ec3a761a5dd38

    SHA256

    61ceab256e7c51f9037b5dc3d839ae0d1c484dbfe99b5bf535d7312440ab32c0

    SHA512

    0935a755284261334f44e9ef1dd8cac02d5e8d23e7924e6de077d1a2f70ae047262eca9b0a39a9e40a1fb6fd8f7ac7d96ee81d9af9d1cc3f24cd5486fac9186c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bd47ef1c6a2cc338411d9ff2398dc69d

    SHA1

    6d9cb7a1124b3ac2d4972db67c59c68be656760f

    SHA256

    387bf0d1c13df3a87bdb67a06a0c2de86463e4448a4381dbcd3c51bdc0b13d75

    SHA512

    014cf2b74ed2106d02bff1ea8db578b8b94f8667ab363f61bc13d193a593f126b9354158d5f5c25e9a219c2feaf4e077a05d7953ce27350ce0f8b06d6bf4fc5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3bcaa4409bec91f50e96edf3d1068bba

    SHA1

    bf800084cdaa165509646a826e54e504c50db8ed

    SHA256

    cbcf4d44b6e47cf676adec2ae811dd83e61eb74ff7ace49ef0d4b2aca01ccf20

    SHA512

    f831b9b011d121243fea2b8150847d55f0f4659643f89f2afa16225da3b9158890488b82c1029258370921368d0bdfff27dd0ace524f664fd912f96780b3da4e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee889571655fbf4d63e2d55e398f04b6

    SHA1

    86f19649b0583ae8b13cebb970db1194f2b69675

    SHA256

    414ee76920d014a8e1cf3d75c2251cdef3e57f4169a0aeb9b12aaa84b0bfa4ed

    SHA512

    47af022dab9b7c89589adbd1108a5bd96968d436a4677399d3091e49d3d7e72428da90640868d56b290495fee3f408cb751c6bb8b508fa35940945446b159914

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    31eccd352e116a9adffda46ed79f186c

    SHA1

    508339e08d8f81c803786dd6f48af14033380bdf

    SHA256

    c9535150745f446ecc27f78599d1d6791b757a35476b7bd27946c696fec224d9

    SHA512

    1e09f7a3a4327688c45db9ac3f9ba90acb868536707e95d3dc7e6c7473c9bba3f6948360ed947a6820eb9dd80a41364c190aa98e76604212407ee4492bedb301

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8bcada61a7f98069e2e21cd9d2526e58

    SHA1

    1a5dc1e5c8e389db32d568e11bc79f63fcc66296

    SHA256

    128d1dfcebc77cc8970b3c8ddd56012399bb6e0e25968826fe54e3d05b8872c9

    SHA512

    a7cd8f1ab9b85c316950e34568e391c5527eb59b5e09d59327a5915f4ba332eaffe83aef8a79c1ec3599a6e6930642281e53daaa98cee1031e735d79de6c6df4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4771f9ce738cc359c815d69b0d8a2f17

    SHA1

    fef0853e31ab98d3eaab1d79341013c5d4c13e94

    SHA256

    5a1446a64ddf2203d2c64577edb731875f0e99729da79f5ec3a04226970070b9

    SHA512

    38d8a6eac77978a5312158aac0a1165e97a9d4f1cc74dccf2955f7b31147bd86349638b107e6fd70e6446279230259a322ed2df99ec5fa2e9305c1405c1f6437

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c3aac814ed7f02db12f0ea4dc3177b76

    SHA1

    bf44512ccb6593577ecb7e4df9ea9a07316dceca

    SHA256

    23b351b31707fad03367c4df370ce3bce464594d4ccd1f3a2105a16916ae2715

    SHA512

    7012663644d623e5a3275406a92fa87dfe76f35184f962460d42cc31543c4ffb9800c09482c96a373097780fea59d2d37b7612aa7193f2b2a90763a0f90c5754

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    35a482b22750667428ca465601a77f7a

    SHA1

    b75400bfccb6c10033ce936fd2a79489abddea05

    SHA256

    a79ea9bec751c042da8a53e33fb5232784d51c912fc561e6683193c2a188911c

    SHA512

    ca413c254dd8638b5e6c702356d289f7d5ac6ad88f92d3d5bc7f914f3d206ef98b4a03979fd3db9e36e6754e4c652e2edf8bd4aed9da35e3dec58f639e2d356a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7b6568ac6730234bc17fe2e64e8255d6

    SHA1

    0f4b23213b12dc7d54fef2382a990a703f39558f

    SHA256

    01c6e56d33191b3a9bda461e66b0b20d359d13f316ba8f3b2925d2f799260208

    SHA512

    48e7aa731ef28a54f01b5ea5bf5667447c4aed99d32dbcb610567314eba45fa58b272f163b2c476ff913583ca3620eed25a34488e54340ed8c0bcc0d9eae49e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d4bfb231d5ec5ead308cf232028ca2bd

    SHA1

    d6d904022a5224ba22047771d9050fccc3410e27

    SHA256

    c86e966112d78bc0f1dd473ee2318e4dc224a6cb1f0e7ee757c80b7f01763355

    SHA512

    97a8c0037e8238a1c9679caf86ac6f0bbe23f89505acc7b2d620efef91af8cad19e02222ab286ea7d89fb806bac375c83253373a0430110c039eda6ad893be6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f326e19628995abee3acca82e00e2d67

    SHA1

    57a9d754b206e9e30766c363c61cdd72ddd2b083

    SHA256

    7e697b0bc592b4b49ffbe9d49138403a97d46f46c88143540b87f8a017c5c326

    SHA512

    dd5b7a3dfdbec67cf4508613b06a5b91ec3912326c58983788605524c26a1867ab65aa323275687b8981354382c2064d9debbf4f28e06e2470dab3ea329ba1b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e23fb3d5dffceb8be171ceb8bd88315

    SHA1

    c0ef95e070ec68002b95d422a84d77e1d27f4b87

    SHA256

    76afdbe98c8f8fbc8790e44e09fab6a4197fe452a364273819d685faf3de2cbc

    SHA512

    cd3d9f71f11c0bbce7f7d674e250d43dd890e27640cd62c677a03c7234a1680909376a5ea5c2244df04e4a92038ef35825eb05f564217566f2511dd09da922e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    39bd07e491662c75476234039495c0b6

    SHA1

    1bf57c7ab9011f374b37fc83461af144ee1afde7

    SHA256

    9771fce3ce36de50a278b4d7ba2863d2ff3200dc377ff72415787a91136d97d8

    SHA512

    85ed52db530e8dda8b34c29d60cf367779d4bf2659376e19f3c369710675e666257b07c80df56fd4eab6e3ff26fa82be4ab3400ea7ee798c1eb546cb91c854d4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab8D33.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8E03.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    134KB

    MD5

    774b9c11bcc0dbf50425e3935100b905

    SHA1

    519338139ca0deaa4b42e056468087e18fd1f253

    SHA256

    be6cab2cfd23bd5cd633264eb9a7d55f0feacda3aff05db031af04a531585590

    SHA512

    6d9a570b441f96013bc5ae2bdc6422beb0f48c3953da00e2443e94de531f8abda9ad8403380543f95e0ac16d84985e1a5829556ff7bf26fca85afbc86fc07872

    Download Submit

  • memory/2816-14-0x0000000000200000-0x0000000000201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2816-12-0x00000000001F0000-0x00000000001F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2816-8-0x0000000010000000-0x000000001002E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2816-450-0x0000000077B00000-0x0000000077B01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2816-16-0x0000000077AFF000-0x0000000077B00000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2816-13-0x0000000077B00000-0x0000000077B01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2816-9-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

    Download

  • memory/2816-15-0x0000000000210000-0x0000000000211000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2816-124-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

    Download

  • memory/3004-18-0x0000000077AFF000-0x0000000077B00000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3004-17-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3004-20-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

    Download

  • memory/3004-10-0x0000000000400000-0x0000000000477000-memory.dmp

    Filesize

    476KB

    Download

  • memory/3004-11-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download