Overview

overview

10

Static

static

3

2f92a40b00...7f.dll

windows7-x64

10

2f92a40b00...7f.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    68s
  • max time network
    72s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    18-11-2024 12:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2f92a40b007123b882eea2b0f2e3ebe064bf6d55a5e5e0b9767fc3cf736fa67f.dll

  • Size

    358KB

  • MD5

    db4057ae723dfe267531cf394c37fb29

  • SHA1

    4f2cd0feb111305e86cedb16c29f08a9dd0f8199

  • SHA256

    2f92a40b007123b882eea2b0f2e3ebe064bf6d55a5e5e0b9767fc3cf736fa67f

  • SHA512

    d9c8c75d0e190545f228b30863ca12be3cae720d1449943d246cd93855cca8207551025bfd6d645a540a7666d5a7d72ab641c626a1f70bafdde64202a3784ed9

  • SSDEEP

    6144:d8ZejRfmzNAtHwcW/mpkjC7HRm/AjokhX8Lvulj4pA8IkM7CZmQacgQIxrT:rfmzCt2jIxZxXouljAAbL2ZmQ3gQ+

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f92a40b007123b882eea2b0f2e3ebe064bf6d55a5e5e0b9767fc3cf736fa67f.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f92a40b007123b882eea2b0f2e3ebe064bf6d55a5e5e0b9767fc3cf736fa67f.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1888
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1724
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2548
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2956
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4fc53c8de7514312b48a91156d206a8e

    SHA1

    64f1f7d9d1bb9a5b9259de5cbcaef339e116cb7f

    SHA256

    a7e792d3d30d082ee55111cde61422e5be1eca3ede1491cc0bad00e14f3a52db

    SHA512

    c423cffc99101c11f7b63f100d50cb2ef3d24ef0b0e1959e23ec17162d27adeaaf2eb68de37556ad359530fd13c046071c1d66c73bba7bec3a3a8c6b56acad9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c03163100c4dc9ddd0facc221ab755c

    SHA1

    3e00c0c946cc39bb3fb1074dd54c93721c6a8868

    SHA256

    787ccd54eb741e50bd1eedc9d9e2d160923c471bc1741b13dc072d650db33d44

    SHA512

    b57c7e61180af7aec8131155b30729f8c58b8dc4f0e59e7b64beefe877e2d700b7c9871b798c23989bafa86e797dec20b619f2f92c2344b019b70e14acfb4bb5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ab95296480073c685910769eef5a908

    SHA1

    8510536b3e8c240175bec9f2e89b8f8abb86b6a4

    SHA256

    60c3b6e250fad0422c68b8aa2a88abf58d9ac7317a083ae6a3c5caee21730a34

    SHA512

    45a7c914479ffdbbb03c2f0dad3257f9da646e6b81af7664572f40975ae7bff16c70ee813961ed3f197fddd961693d959b7f6b9c8602cf1d1af375a3817b660e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7d014632bc8e5687669dec21731dadec

    SHA1

    564766ba47128cc21c5578bfc967430f4d6555f7

    SHA256

    10abea2a83fd71a0d63da4ad03d3f601bca2afd63863f15dad720055e03c050e

    SHA512

    e680963703af8cbbcbf2386f01485c1ac533adf2fa4e06e82835388706993251f3d53873df953dfcdfde68812371491e02e436b08d1f15eb9d5f3bd3d8e72bf8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    623aa7ee96ed0d14496e98598796b11d

    SHA1

    33b735c9e6edfe55d8b4f97ddc87987177de5f83

    SHA256

    bdb0ced1a15f89c93f00a917f906d593d4b9a302b469880eaaa1941129e66e92

    SHA512

    370c728076e4996f336a0a883d546408fb82fffa8a0d8756171a7bcc75d7e18d4748d7d87b9db73d49c89ac4d4729488f1bac8879d69ab0742846a18dee29610

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5eeffbf2fd63547a03896ef5355780ba

    SHA1

    5aaff74282979866b416c65c14474156d95b92ac

    SHA256

    eb228eded8bd57018d8b59d22a1c66ee0ba9472ae2f344d16ac7ea0602a0076f

    SHA512

    93c56e5bb52769e8d959386eef2f7164f903d66f59c12d98e12838db7dc5d2e23c0b6d13678105c791ef13582d05b8745c76530b63a29be8ef2fd39795a40a8c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b95876df67776f3dcdc051804a4e2af7

    SHA1

    c814046828da6531b0d3592823d9f6311478864a

    SHA256

    0c7b12367fa9017aebdb548959fa58bac653b37d79be01ad7f200718a087cc2a

    SHA512

    89ea60f6af30a372f2abd275d9812d536395a8ac4c49f2a57db388fa60a9f68f3a6ecd2a3c8196c794abd713676043717051044988c770e246b0d564ad325a28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bbbfe92ecca4e51e5bf61bdacb0fa8cc

    SHA1

    b79de326519abaca3f7f71afc7b8741870388b60

    SHA256

    28609a43356973e512528868e34f5e3dcd2f96bfd8eb79f6f1142d39cdcb1cb5

    SHA512

    52a65fcc17cd863f0a4c67160c0cffcc0fcbe10a33322ca5b15b0e4dedac17c19767c913217b83638506ed9ad425b52993abb11341e344731c18cc34f7b50bab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    13ca538c77be03a323dd68aa7061775e

    SHA1

    b6bcdbb9b32af97cf23c961d92ac344b9d97fecc

    SHA256

    b173123f51690a0f51be563152916ede7e720f5818ccf5f19ab99c6fd04a2c3b

    SHA512

    412003e33a2ad38b296d8d17ba0f13fab2a300a84aaf9f592c0b5d9e489f5990da5d706cffdf60df1eba2f92497d85a69ccce2881066aaa013890f717081e7f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a3d5000f3d078e08814d13ceea80247

    SHA1

    62878a3f6fbed570acf62c354ad11e9c4c669236

    SHA256

    c2259ed9a5544143aefaac76fa9fb974a9e22308ecbdd53c0aa79664532d401d

    SHA512

    e99c92a4dc07815882c8b4f35ec664216ce027373b9c36f7a31fda07ab39cf7a8e7639531be263cd5a0cb735cf662ccdf406949709535ec2913a35e2c4afbacf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9a05135e763ae62fb0c85cec56e4dcfc

    SHA1

    a1b2c399481d2867f847e94a34a877c155363b1b

    SHA256

    85e11f1525f94d8ded43ab8b09fe1f5532ac5ebef6f0614f18e2ad75bfe1d2ac

    SHA512

    c72227868cf28b58936955b5e5fc28ddf4cd677ed5401da4e8fb3df7dfb52e97e2a9d7dd7e926171ab52fbed6f1521c1ee422c38c54c11000c231db34f7f8d5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c36d15c13c0aa1b12f4bc4aeb739cbe6

    SHA1

    d7c8990e683457e3559d0b4df353bb3ee14a2b37

    SHA256

    e998eafe5fe3374f0d036493c81d931c07aeece10dcf3d280458707ccdffedd8

    SHA512

    bfbcf586c5ae44858842e235d0552a7035c80d388a5afe4925b2e97b5db7c70e9e8d52ba19235c928e9d3413e245b12fe9aa2685904e6ebc57e952690020cfa5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c65a41bf20e66f21dd3584f504b3e7b

    SHA1

    ca36fd4982b29ccba9600a2c527692997dc7ed7d

    SHA256

    ea22e0d281625f18d45437951a2bb3484e3bc7d912ddf7bbfa47e36d979d733c

    SHA512

    0701d2e5870ef742934af5b369a24a7a2c4241694220d61dd1969ebc1c232fc6810464865edcad4f9d006e774428fae5a4be1ef20e484b9c7bdcd40a73bdc9f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    daa1bd4c4269c9365d567f15d63cc918

    SHA1

    9bfd1e4c7cff4ea2a8a3110920a4513875e4f7a9

    SHA256

    49c3ca18dc829d8f2d03e43b8c768fbc816fa14030a51cefe2ee29956d00eaf3

    SHA512

    bd161c101700fb1a689789bbcc0acb1e0f20ee0a07c639677741b477e72c68c2d571b1d751dd5bc8bc2ce5cc31968077c5e5f904089b5809ed5d09ff63db52cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    57acaa2bca6e2a77ef5031c1b373c404

    SHA1

    d3b8a2f49f7188498c945d34c10bcd17524484af

    SHA256

    1a07f532b94048b1f2005fe6f7b1d58daa0bae7c3fa082bcad9f5dca26361bd7

    SHA512

    d24d21c32874b27dc0935facb77750699fffe19f1c24ed17527326e4f47a082eb631eeb98dbd968b0daf3d77873f9ca5056f0c6d3656e647853a8409dc44d0e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fa4ec26de54af3605a6c5d4f46a66f9d

    SHA1

    e6b6fb25b800822239300d6bc16ecc23a1a82d23

    SHA256

    d1440b13104c6dd02d1352ba6e8d159d96f078b891c52f9bf0c087f69c762474

    SHA512

    392d4bfc248e5defc5264686b62b0b65d5e30e3e56806ee4aebb0a7a3140bc9a319261371d725ba06cc99af007202fe74776e521cfcdad46e66f7863918bb22c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d3c4bad583fe747b93a8005ea6e19a4a

    SHA1

    1c36b1edab666e4164ea5ade246507fea994dbf4

    SHA256

    3bb79bb8477fbecb927c2d79f467c5e442b4505aa7cbbc3de26d396e87858a32

    SHA512

    8ccc37ed838e4b5284ccd1f2279e63dea9da0bbf0dd3a52c7a28565a19d703de48d8a61dd60e45a0133c8f4ab1ef5a64b15a676a13ddfdc41e5c61a57ed96844

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6c7f7a47bb52c07d64991e108570b4ac

    SHA1

    d4bdbe705c042f64527635cb5f2f5a69f0945322

    SHA256

    e5702c1ce51e04cb8bc5ca26e3f9d06d2e717a594206427cd5fc700723518fed

    SHA512

    e3f488e8c8540e99587c5d6d1d45c66c428ae5d9f3163d8b766826e3d1a364a37e718c93660bf479380d7837d2c7dfe7dbdbe32563a8b0cd5a35d25a458fa45e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC1BC.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC29A.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1724-11-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1724-8-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1724-14-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1888-25-0x0000000000400000-0x0000000000490000-memory.dmp

    Filesize

    576KB

    Download

  • memory/1888-1-0x0000000000400000-0x0000000000490000-memory.dmp

    Filesize

    576KB

    Download

  • memory/1888-6-0x0000000000120000-0x000000000014E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1888-2-0x0000000000400000-0x0000000000490000-memory.dmp

    Filesize

    576KB

    Download

  • memory/2548-23-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2548-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2548-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2548-22-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2548-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download