Overview

overview

10

Static

static

3

da2d7245ab...02.dll

windows7-x64

10

da2d7245ab...02.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    18/11/2024, 16:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    da2d7245abf8124c54ff551a2be3f59e9c68377659f45baa83180d14375df402.dll

  • Size

    435KB

  • MD5

    7344a89e1663417a3d7b142764224445

  • SHA1

    edc7cf66d2a06dd0fbed0da1d3b980038a0d8027

  • SHA256

    da2d7245abf8124c54ff551a2be3f59e9c68377659f45baa83180d14375df402

  • SHA512

    024ce0bc4c670fa99c2a179a7868d827773f086437c00a5da7ac2627f7c56676484ae6f993ed4cf2f6d4855cbed9c116ef891deecb796f61a459679bc20cda4b

  • SSDEEP

    6144:AmxIbni2hn/hZm8XqyQFAal+BtsnA6C4Xqu4G/LzliJacgQIxrR:Axni2h/hZm8XqyQFAu+nGA+xiJ3gQa

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\da2d7245abf8124c54ff551a2be3f59e9c68377659f45baa83180d14375df402.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\da2d7245abf8124c54ff551a2be3f59e9c68377659f45baa83180d14375df402.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3060
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1476
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1876
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2712
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2712 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2736
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 224
        3⤵
        • Program crash
        PID:2772

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a6559e20e0788df74b36c75641b19ef6

    SHA1

    4d7b4f70bdd5a166ba3d2880304db71b32b4b0f2

    SHA256

    3afaff94fc052c191cbb3d56e6ae861a9c6b19342f54c0c3e1e46a52737df703

    SHA512

    b0c981e4af565fd49daf7b715d3991642558e6130dbacc602b04f3fcd4c78833dc00ed0a5215f78ef4f3380c456f24111659ff238c31892892bd42154df92805

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8af27b683d4cc136b4b47dfbf5150670

    SHA1

    b8fe74f1576f6324def59cc46916ba9917cee38f

    SHA256

    2f52dd214c60cab44b75b68c1086a1bbe4e6992bef6cd712af279529ecc42a98

    SHA512

    1072d9409e75522fa647e5de5b6d7b5736521220969cfab8f281ea345cf478a4709cdf79c70c411d435003fbe0d3994c0a7b6a94820e893f11acb3d97e8fd0e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8ff4144ad843b69faa455112a022d79

    SHA1

    d4c60e2e7c1db4bc5ff8d90ba4b5bb3667a56886

    SHA256

    3a3b97dce4275fc2cbbf6a5c279464feaf210da8f1aeb5ab54ae1e978d9bc38d

    SHA512

    a4ce96097a94617cf26aca346165786c932ba23e34ed2a0a0b80c0f988eeb9d7776f9e7e013f6e9157e41198f8b5a9a203ee2ae0bd8c206ab1e0f9876bcda935

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8666163d7a3bcb89fab643da5d00a931

    SHA1

    c8bdd6e157fbd727a4369477369bce351aa44f86

    SHA256

    ab9ae636eb957f10269ff8079e9b981b7afd70000ff4fa2f25d052c9a28ea150

    SHA512

    e8c1b778e8b6444974ca5c6306ccacfd145871ac05734d11b539bddcc33fb2610bcd6a03e27f9d3f13ec9851251e0010b812b5ddd26da5500974614bed99a225

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    01484ec1f76bf16c65fe5e07683e19df

    SHA1

    3492d2bc6a7046939e3bb6a894f0842000849387

    SHA256

    f90cd90b62cd639b7d9dba52a2aeac432b1dcbde02881acfae68e37abc3d5d86

    SHA512

    c503ed78c2776a6abec10a22b81c2a580fe82644b9e0318b0e63ec79e2f5e4bce400eda473bee8cd3954e30e5290f16f67b74e65c0a34fcd167c8238481fe8dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef7f547936e09572382b45795529b87e

    SHA1

    2157ba69d5c9b6e364c6daad844e47221ffd5970

    SHA256

    b70ccc753c900797fdd3d6299a9d4f6643fe62dafa19129c1e9cbb82e0bd7c80

    SHA512

    2dd1f5e8c0ba6416445dd86912218adeb4d551e7a84859b7c6826a030e589153e2130d225bf0aff842d21c217f600b2171d86118990f08730bc7493aa8a8cba9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ba21117fcd73922e8e3973160f4ae376

    SHA1

    2bc3ece62fd03e83fef81d536587321853913051

    SHA256

    d2f1ce5e76e6ace41093c9c5ed2b680f21f5d7dd2742e9b683c9c91f6179f9a9

    SHA512

    7e7b078867cdb84470adba995fc581af40eedd36a17311cbc6e347113d03111a70207c717e2f2b532904b2240eff5c1b63b9e1341bdfe23417300f46dcf79cac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2dbaa193cdba008fc15ee21cd8c6483f

    SHA1

    3679edecff9d026fe1ca1b569300897148c9cdc4

    SHA256

    0cc4419fdbc215188ac8e9113047243b15565004bf7b67985d50534e18621075

    SHA512

    7cbac966e282b6af50319ea4a370ec964134e96aea717355eb97a866677f2f69c311d811302b555452fb557361a0bdfdd4269d92e3d3437f98311797d1698034

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72e4af369ce4ce86262e28736758de14

    SHA1

    0893c5524b6642b3044e54f1bd90c2b9b060ede5

    SHA256

    54bcdbfd774b6837dc34f1497df391bbfe5fa2592fcc6c30f53c0b3b9055674c

    SHA512

    d4fb65b641129e4c7330b9c4181db6b1da365ea412f205d461a11d65c3da2d514fe184eeb07bfa90bf41f0ac3b0f42d815cb4dcbc4f5769f46dc3ad82ce7a0f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2087dba93d8a97747c1ee031d5a29c26

    SHA1

    37e7eeaa0bd7f7c1b75b256cda87fecbffb27763

    SHA256

    8ab065acda594009dcc5029fa5e7c5a3c176535fb622677694539353cdaaf3e3

    SHA512

    df5f0915eaf6945107350cc7d4cc12f46c0d194c9c486ca2636f57dba7489f1802a4f54945364dee2d7b7003a4743cf873737f5ededdee81a5bfd67c5779b2c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5d86df010f61dd6523bc342d2c16a79c

    SHA1

    92a18ea4f829926e901c9c9cc620506e5050a601

    SHA256

    eb01be88b924938a7ede9aca45af03add7d1d94a0c66a696cc43d8003a91d072

    SHA512

    6d212734573c96a9fcc520e7aebcce9ebb6cf2e99d1734714d32f1649de7099aad4e710ce38b12bc459e3dbc32e73ab0732d8e5985c96124edbd5f24e19c8725

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4A7B.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4ACC.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1476-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1476-10-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1876-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1876-18-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1876-16-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3060-0-0x0000000000210000-0x0000000000284000-memory.dmp

    Filesize

    464KB

    Download

  • memory/3060-22-0x0000000000210000-0x0000000000284000-memory.dmp

    Filesize

    464KB

    Download

  • memory/3060-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3060-4-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download