Overview

overview

10

Static

static

3

48810fa536...b5.dll

windows7-x64

10

48810fa536...b5.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    74s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    19-11-2024 13:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    48810fa5360500b498ca2402fd5b36c3339d1da33eba5dce9c8bbbe1ddfa44b5.dll

  • Size

    2.2MB

  • MD5

    7fc717ba1bb9973396483e794704f485

  • SHA1

    6373abdf99fa282f3c01766f6285ad2836481a64

  • SHA256

    48810fa5360500b498ca2402fd5b36c3339d1da33eba5dce9c8bbbe1ddfa44b5

  • SHA512

    455fd28a496a18912b83644b79199142970634f3b335c5305c2b6a6cf370ab1cfac56cc66f0998537cac904587b42e83095abb31c64770d11580340888810205

  • SSDEEP

    49152:mWUrzoZXe47D1Cn5sOtjD/GbXg+OPv5T4A+sQvhEwA:mhr0ZjD1Cn5sO8bXgVPv5T4A

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\48810fa5360500b498ca2402fd5b36c3339d1da33eba5dce9c8bbbe1ddfa44b5.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1880
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\48810fa5360500b498ca2402fd5b36c3339d1da33eba5dce9c8bbbe1ddfa44b5.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1740
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:760
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2192
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2020
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2816
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 244
        3⤵
        • Program crash
        PID:2156

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7d67a20ad70ee7d7a46b0a0ee1d94186

    SHA1

    099fe3a1c1129773dcf01f175eb4dd080859865e

    SHA256

    974ac5cd09569f9624f750857fdd847cc439e85bfdc0e858fb42660f58b72b73

    SHA512

    39fe7092c071522a962e12e2e6e302d9749d06f602ee14340be8eef06dba45308e78e42608f0b92d2e54a9299a8a222d63de5337a741518083a7305f14215d53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d00af92e21d87b7358eebdce5229dce

    SHA1

    8e7da1dd5ee20e193bfad836cf35a75aff4f98be

    SHA256

    d0886fe41e93bbafaff64a948ec4c0990ef89efd74e72c755b8396c57180672b

    SHA512

    84bde23290f6a244d95e38344690e4bbdbfc477709402dcb8fa6884fa906926c89af3b79623db6f31368a644f89dbba68eccb5afe958e3644baa5d05941206e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    04124550477cf2407c6fea3aa24bc9fc

    SHA1

    78a259066f1b956eccfd7e9e437db622522c483d

    SHA256

    f1543ef2b4f4082c3677d39b9ca8bc5185e77754dc1a397f5fd720cf5105d4f6

    SHA512

    f09220d30a7ef65b4538d06d5b9d0c9523a2792bc104eb23807305acf92d65aa5ef34a78a26526162a13c03288b4770be66420624916d40ddbda6ce6beb0e524

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06cd37dc54c447c14c3b309564b66eeb

    SHA1

    36613d8d72581148700b823d2c279d1ea8a826e6

    SHA256

    db0fa0dd62a5cdecfbbfe9dd44831744c0eb999a5e44bac0556a19e72c6095a0

    SHA512

    20726691360f2b71b02db2583a2b6c4361964cb937f205bd75b0392a411c9cb7d3d3c5141946351ab027fddfe3482299b1aaae4c9a9cad7b0c82a6fe1f1ea26a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d6fc5ad5e451fc443286c8883d540eca

    SHA1

    a01fc7c9f77179e228a83eac9918d60a6daf3548

    SHA256

    bbfdf4ae550f9f66f813f1930fee7db5625f16cc60d4933e9c8e2ffce3ddeba7

    SHA512

    a68a798ad73b37cc22f733583f69d8d4b5285ca5ef3c13943406346c34f7640c6f3af6767880719635df7f80d1f17454a9ccc777fa25cd9e40c7bb3419ef6804

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7b36908bb4c942b81c9e7fdf10bac0d4

    SHA1

    1c8a2ad629043889ffebef28726cb699366ceef2

    SHA256

    0cabef89e28bd0b564ec532cc8de3813da870a6cee98ca53196eb68b5e8a10c1

    SHA512

    71bc0283dff1898416bd83619c8bf69c84c365607e87a2f6b92404357b140e74362f684f35c382fc1560fac854076b3cf3015927b8f93423f9e82a59e22da88a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6bded1570a0d9ec623fe4851cf9572eb

    SHA1

    572e0a86670629c2766086f2a8bcceec894f4cc9

    SHA256

    c4b4ae61e799884c3265ef5060f7d316a54bfde85ffe5b575558249de3fb1de3

    SHA512

    f3e297a2cbe179851fc6b14e360f3d7940ff9636eb4fc361b1710a7b77bd986bde1d5decbefa5ed7a014b1be3b9c4ec52465f9f9b21a4d00843cef5dee398853

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1774ca0a7fbfa6916957778910b6aada

    SHA1

    fa06913679f4ef4b6388cbcca5e1253af42cfd0a

    SHA256

    5b72a8c7f7461f97b8de1004e611712d0531d6e6a6a7f39c8d57b311199aaa36

    SHA512

    527342971b7db692c6d6a9fe4fa6cd7d806556b1b05534beb6c646e9cb6f0427651fefff6fe345e8ba9558e00f10fe38ee8535b194dd30fbc5676c72d8a78aa4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b38d7a56648c23588b44fe4a71d76ebc

    SHA1

    da096e8b5bb3c4a2fdf807c9fbf43fd3c302b24a

    SHA256

    2ca9d51d5dda3ea75ecd2a9e1b2aebc3ad6256cfaeed6db74c3c3d7a48e04148

    SHA512

    66bf8fa746751bab28d0d55a6270f2784549afe6aba947402b820e3b5726390e0dd88d0fe0c5e4f48b205458eb62fa37668cd4bdaec27a2e5075be8a6e6381c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    97d87b78fe569279d92540fe0b9c0586

    SHA1

    18d59afd69983296006d3cec54d74b9bfe16d27c

    SHA256

    f62dd7ae90bf99243004761a8e178edee87ccd9bf54e91525ed1c16832967a0a

    SHA512

    7bef132a13ffa413b3f1f847b83e3da2b16dcbc86f5fb6f35491ad4193d1cd33051ef492ee7a8eed995fb768048d654c80fda9e08bbcb1d3af12190d75a75b4d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a4e6a38b9c3ca6a81c82672fd2cdf7b

    SHA1

    6ae417a6a02ece9858e7aab298317a5422b0f70c

    SHA256

    fd6ee5e769c60bff97b8f858180a8b923d01bc3c4caabe908d3a05271d84bb45

    SHA512

    9df465aa4a6db2fe359b615cedd6f4f20b780bbe9f476fa61cac4e52175a6aa108d283cca210fecc49f525c981aa52f3049bcb9e53df906de17e9e69c3aff401

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    90ad98179327cad091ed81d97fed6ba1

    SHA1

    a0e789ac657d3837197e338070bca25b06e0d61e

    SHA256

    88597eeff44ce02c177b8ff26b411dd868fb481c1c428f8712abf9a77600cad4

    SHA512

    af43cdab13b3542c2e509f30f5c447e074fe7246f8f7b5d83a63c7bb88578fa14242280bac28b13f74e120a37200a532e841a8068965c2dacac831f309d1afe7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5a4fc8b965daf919b1a74b8192925f7

    SHA1

    887d2819e11bc2e25db68b542c5ac6b855ab2ddb

    SHA256

    562687a9e8a14745a39e8a954d7448e0adb6770a4e02fb15afa967458bac1aff

    SHA512

    faa4ff399bfa83e04b4b7ef8dea50ba70f97b8b051186c13a4fe58ae9b011224903e6818cd21619c4d26a2f6689a6ed549358ba020e126d9ff88f74d7a1e09e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7de2e389b3648605f08fb32bee0586d5

    SHA1

    443a105e9a9e330266b1dc8c72c88f14a0ef5fbd

    SHA256

    6b887e3ffd9dde2f27c6bc2dad5e95cb6fd699661c49c56577d69c9110a2b41d

    SHA512

    b51c3d9caf3e9f173ecc74b3e9bb61ed978070ac6950fae21784a95f9a57e877e969515b935874cbe0012dd2ae97aaa397ea438d3c4247feab8c7182722b5076

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB3A9.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB86D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/760-18-0x0000000000240000-0x000000000026E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/760-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/760-11-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1740-8-0x0000000074FB0000-0x00000000751E9000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1740-10-0x0000000074FB0000-0x00000000751E9000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1740-13-0x0000000000290000-0x00000000002BE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1740-9-0x00000000751F0000-0x0000000075429000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1740-1-0x00000000751F0000-0x0000000075429000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2192-24-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2192-23-0x00000000003D0000-0x00000000003D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2192-26-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2192-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2192-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download