Overview

overview

10

Static

static

3

a5a535361d...8b.dll

windows7-x64

10

a5a535361d...8b.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18/11/2024, 13:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a5a535361d3ddddba8abf3bb0f38602f86c646d39b1436c8278e5f90f28c028b.dll

  • Size

    359KB

  • MD5

    23f55828dad58be8bac265b03c60255a

  • SHA1

    405e997f2d7e46c69360f6b65741d45420c23c26

  • SHA256

    a5a535361d3ddddba8abf3bb0f38602f86c646d39b1436c8278e5f90f28c028b

  • SHA512

    7f652f20bbfec9a64eeb124b6ab10f92cd35aaf160405dde3cc1cc5064746107d685d15293f87ec475c4f74754d7125e38827bf9d1e88dcba38bd3bb0e877cc4

  • SSDEEP

    6144:xQv5i2M/AOvLQTvxaVTZfwPZ6qxqFl8Gsrr1aT05gzacgQIxrL:xei2M/AOvMdaVTerrRq3gQu

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a5a535361d3ddddba8abf3bb0f38602f86c646d39b1436c8278e5f90f28c028b.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2096
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\a5a535361d3ddddba8abf3bb0f38602f86c646d39b1436c8278e5f90f28c028b.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1832
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2476
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2644
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2836
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c81584c161f611388f8598230815ec08

    SHA1

    263721d678fa7cd05fea99ed6f09f2c09f731e7f

    SHA256

    3743b9abbbb0b097fe592ef917e792df2f76dbb01fa57c9d97de78b3ac184c2e

    SHA512

    dc5960cf71fb34933a618fb1b6ffbeff257528d5afd110dcad59bb90b81f147b84489b1d29b0fa72437ede244d7eef106dd48fe391b417639f98b727ad9b6773

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    23c3b4fa26dfe6fd7782eccc680b4738

    SHA1

    1198191a09e87941e2db0aa1121e17fc1bfbf393

    SHA256

    35c5394b6a17428c0dfc45058a0e6d19f0f236a609fc4e87087c2516af8974e7

    SHA512

    a5601862fe9e299a94b506d3bddedca7bcf13453d8d37a5375d6edf2e61dff9679f3b4f033722d1562603b0d087f098624dfeb2b7e44d97f11c18483b2576495

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b9e4829736568742ff4c87763da1abc3

    SHA1

    537fa0f0677225d8dc4888127f64568d1ebc99d0

    SHA256

    3e22a139c4592fe1fcc28d65bacdba9430e78b779df3bab5f5ee9b1f0a2df8b6

    SHA512

    7d1f3e07c56f677bd6849c50c0e243c7aa5935f9cf74462a8903c10a56c6a7553a09b90caa0afc479bc172268a07b19c820f79eb734fa7e83d1fd101694120e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd99852dfcb8106ea2ba4bad0536b766

    SHA1

    2606a690c5e08601d42aa82751f441a2aab8bb33

    SHA256

    aa4b0ee629ce6ddae8d6b447df6736aa7b9b59e93212cd41afad8b5fe6f6e099

    SHA512

    eee35fdb500fab4894cf27f51c47cdf01e11468051718ce3aed4c94a17e6994036e2d9c0f0356e9bbe0e65f72b359e27e80f8c499ee08ff9767d3469adae3253

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12ee235cd367e025f17e8455ca58ea32

    SHA1

    9626fd88464c546791dc67b1fb8490b725643544

    SHA256

    24905b52f906654bec6a13ce5033b26344f2e7ee23c7b05685ce027c3c640fbd

    SHA512

    dfe1a065332cce7345267ff37bdfce7ffb6557ec5e1cf2456cf870eb07733d5f46c13eb56ada94d852d388f58f009ed7611ab372235e344c07dec9eb2410ac05

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6dda7a16083a639c7ed4901dea869178

    SHA1

    5cb8f3487666577580e48175e30c95bc1cae7f42

    SHA256

    df74459938c6fddd4aa63886de201fe8c01e619c2ccf911730330078e442d8fa

    SHA512

    f5e433c7ac7f2634dadd72bba3f09b0a7a6edfd21b2f45681bd3af1596a50eb7f07a24c4366c31d66a0397565e4c41c445d49ec8499ca5236a14d464f609947e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    090d97b26bbe56fea87b7fb1c4e8af1f

    SHA1

    ff5dc087f4f6487acb3707e3395c02bbf323cc96

    SHA256

    592ab52620fe43c7fae83e2dec8ad310cc3fdf5635df1ca8dff9d1bd48493708

    SHA512

    d7248ee56a5bf44e64133aaac79c8c8749b3b454b439d09cb8e676de786b638702030261cb574b3602d1303fc29aebc37797a34974aa2e976fcbb1908e82a985

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d2dd110a2a8b5f4b8d9e8d8dacf71f8

    SHA1

    638919534fd39182aab380d41f351fa0398e6c3a

    SHA256

    1b6c110d82b7ba9d4f99280b54db74dd2b63c611dc5c0f7429538ba77833a462

    SHA512

    3581f83e62e8efb0846a7fc53fec96158d2e86bb8e2d19eecf79bf4d68f2c04c2d8449168af25f554a215be54031d8f71f43ee6cc8dc1971866931f98b2f49b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f8626f81d11624bb4defc10dceae8d39

    SHA1

    554e28efc914b6be389304319b7bd2aa22f325d1

    SHA256

    f67c35556fc031de623a813a9af6d69a846ce8c253d73da32a3b780b5b472611

    SHA512

    4af3e037473b5fb3b29f9bf41273adc5f523ac1b093d2cf037c2faf2359d9ca741d362e598bd4ab7268318d7f08ea4d24b231a43818148bf45a5fdda0d930332

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ea37ada222c0e7af560702acd3605d4

    SHA1

    47f88a63ca90f7608cf4e9187104f58cb03062b4

    SHA256

    6d3fb02eac9fc8b9397d0c375a85877519ef8e932017f1228d7b5d8fea9fd895

    SHA512

    c053ad52ae816a6440592328ebcddd8e7d10908364ee84d4211c5339b44851a34ee00097f901b2c5bf659360eabf3f426bdf2a062aed89c8d00c7e465b52bec6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fddaa42adef795e279894fe5fc114f4a

    SHA1

    d076d65d77a4e02ff728cb59e6c823df54fe91bf

    SHA256

    999cc651539dd2638310bdd0a49b6c5dbd1aa1a1aabf6e9085003ef5450dda9f

    SHA512

    733c3b46d4a7354e84cf70ffa791fd3d7532ec2f840930aff00c07c2a3342284ef406df682a6642103c5d100f3b35bbed6e3af990d1e7b71b075db3b6a9b11d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b4537c3b098d31c5c4ca72ced51f60bb

    SHA1

    ed3bb123ddb7c96f0d81c1b00e5cee563c240d6a

    SHA256

    5bfb94b62ed895701d3d1b6956ca56c352118eb1c13cdd965a48e9b000160f64

    SHA512

    d24a6f9764fc3e3c15a76fa9adb3fda5dc4d5bb18ed9f0cffdfa8d91c81f79bc8c70c23c979711493185eedcbd9e1eec3997c17f02ed9da11a4198e1337162ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    276fb6043e8208ec59acf7c367247e0e

    SHA1

    43873b31d307727d0aa5dc1774e660cd8d715b3b

    SHA256

    10ee6dd2a39346823a99da8e32d1ef6ea4f6b59c10120b1ee90350a2c9146f5c

    SHA512

    84f3b73f3f3e519bab5b34b4a31249f5c3b3d032d8c6a6da1e36fc502678165811988623d106d3f89947e805df5ab2b7f9c73142015505e52c451bc06017a7e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f22ae28b98fdbfe0784e1aad1207ae81

    SHA1

    cbb2fa9d48e2ce47d31e3814b67f425cc8f50980

    SHA256

    0c0a2257e438c0a947cdaf606c8e8ca13c2fb25412d776c16eb25147bd7b016e

    SHA512

    a1d150e272dff018b66f2eacf4d1b4d1f9c7efd97b86900a0bc58be6028b24542b8709abf2c3345800cbb9982a1d1811b6acb9ffa3ed41ad4d3c503ce089381b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    57b2a0c7ee6a25d354ab034f4816464f

    SHA1

    f969b110012c6fe042f5a67f61f0d46e1140ace3

    SHA256

    f7031ec3dcead11f8744186d0d1d73721ade2040ad10a82a18913c132b92e90c

    SHA512

    e16a9e55f4fb90fa99c39d88656ce1fec592c2fe165d9bce96b974e82df11c68e5420bfba5ec358904342fd8885f14a3cee3d5a6ef6e24269042e305c782e181

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f994e3d7257c82e50e2bf15ecff1960b

    SHA1

    71d9f7f43b001cecb398a2896c025beff94d6283

    SHA256

    9e25d3a528aa5be530eed588d79f8dc228d720b42d398c8b8f7044a7b10f7a2b

    SHA512

    72b696f5d0f2085943a987cef501b6d7f26bae73415afa8b081c835391d0e53fa61623bd29cc7ed5d07b532443fc10dbb8eccec41fe37e519dd44b04cb5f49da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8623fc998159c16f7c7c7f4c7a184481

    SHA1

    62ec5970ead85970f5b4de910df2c3ba9efe18c4

    SHA256

    2d03249b285b0ae31c87dbbb0cfc27f59ab416c17a452a9d522e8a6e581174bd

    SHA512

    793dabdf6c5da57821bf9c01e0db5a9de416ebf9c55c35423e892210a02fdcfa9ff5619ccde9a17c18b7eae958ac209248ad8d0b4e0a36776aef872a57240753

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9e938c820bc5c8bb63120886109f331f

    SHA1

    a15759ca88c76d88e648c88899c0ceb84693d481

    SHA256

    1ccf67f4dbe8dab1bedcc7bf6084f9315f44770b0567bb69117b1cd6f8940c39

    SHA512

    c6035fecb8da55ceaa2499a8a3fddaedc210438a036041329f48eb1e101cd68ec91dad9f2657c38d03cf92b0cc8d62a4974fcf1e9d6b988f2cfb0402d703e6e1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF8C3.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF991.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1832-5-0x0000000000170000-0x000000000019E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1832-0-0x0000000000280000-0x00000000002E3000-memory.dmp

    Filesize

    396KB

    Download

  • memory/2476-8-0x00000000002B0000-0x00000000002BF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2476-17-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2476-16-0x00000000002C0000-0x00000000002EE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2476-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2476-7-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2644-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2644-23-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2644-21-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download