Overview

overview

10

Static

static

3

09ae112086...d9.dll

windows7-x64

10

09ae112086...d9.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    134s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-11-2024 13:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09ae112086a810b890cf0253f2ed1f3378c9394fc30ac5058258730cc9eb12d9.dll

  • Size

    4.2MB

  • MD5

    27f2fca9813a61077a1c3c0cfcdb21e0

  • SHA1

    f371f543b5d34bc269530d72d62dd1f51b03abc3

  • SHA256

    09ae112086a810b890cf0253f2ed1f3378c9394fc30ac5058258730cc9eb12d9

  • SHA512

    46df025cf9567bbefec1b1478c4161cb43b633a4f300ae65a0ef1c3d5289d81a24659599b757712c11e3e2dd5d71971bc3011e2ea4036cc8459a07d74da9e5e0

  • SSDEEP

    98304:Oaun0sM5Hnc30M/Op4yFARPbsC3kZ1ec0cIHgBG2szOJqNjRyG7Slcj0/5/9saFP:Oaun0sM5i/1NYw6cN4y

Score
10/10
ramnitbankerbootkitdiscoverypersistencespywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\09ae112086a810b890cf0253f2ed1f3378c9394fc30ac5058258730cc9eb12d9.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2388
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\09ae112086a810b890cf0253f2ed1f3378c9394fc30ac5058258730cc9eb12d9.dll,#1
      2⤵
      • Loads dropped DLL
      • Writes to the Master Boot Record (MBR)
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:796
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2520
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2068
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2424
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2424 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2df3ea3aa32b8bdbe2211afb225ee7b0

    SHA1

    748b878ec7576af7ff15833726c06da7dacb1d48

    SHA256

    80feba5df8e2d03b3bc317bd749a65f4c6e79872efc3772e566c712ac98af1c0

    SHA512

    03b32b1e853b06637eec43b1d1a00041f76d3e3dbcb5a2113f9239a9ceb0ea572db7bcf939023b48d32045fadf04d5724c5fe950d0141fb9b17963de43d47925

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d82d29503b719eeb5813f9c52f9191a7

    SHA1

    240977db2db3793cd746153ac2c3a1f228df4e01

    SHA256

    c36daf60f1434696bd189b7bf87f6cb398c24f130f0b1aa9c3377319f540187a

    SHA512

    a09e016ec3e49d92f8ac14373781486073a48ca81d18f13eb4205c3efbede8c1abab1f9337c9d5e224efdaf17f758a05b3e19311621924d333c6f8ac6f6caee5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65350e2fd795c69ecc9d7dcb701cb26e

    SHA1

    527f085f827e44b3a6b9da5c004cb38ae370347e

    SHA256

    a7004c7b97853af67bbee15186c71924736c90f328352c598561af8c2f6bc97f

    SHA512

    894858f3912cd9da3abbe6443020c9a4c84d14d16f64dc8df2275c19241b39f3334d02120e7ff2ad0f361808a4055bf0316b69a084b02a5baf61cf669200f9c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1611650739463142f01a3eb1c4d0102d

    SHA1

    449b52531d7aac53a591df9dd9f8b5cb2e80e9bc

    SHA256

    9c6abb6df8aa77e576076777cb7be8f69cb8206954a7b5bedd254cdc4b20d810

    SHA512

    80090035579fb5a879911ee61baa5fcfa006f295ed61ce04535cc1a7efd9f01ccbd643ebd52ef32bf677ed0fe45121a7290b949c4aa27462127cd83baaaf56ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    80ea67a261a0b2b1a323a4e069e236bb

    SHA1

    d47fbe81e06dc074259449a1ccf814a783eee973

    SHA256

    a8de03274c3a5766f30b753199616c548d4c30c601b61cefcef9104aac678c68

    SHA512

    daf208f80ab1fc8619b058fad34d3b0406423412d9bf8301ed440180e36d7d58f490e7cd00a463fe6aef9eb88eabb1292d797817dd3e9880140ca356ace9821b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    09794b22cdf97bea215b98ff77cd7f97

    SHA1

    f5d67bb4edbafde61cada4996bf560a1d7ac50f7

    SHA256

    284603bdae28f066ba911644dec71e3886d8826c11f2e6a028191848b3f3b1cf

    SHA512

    c50d29596a477c465f13b029740d0d01b01cf12cc77c0dd2af5de7eaaff798039f20f86434dcf8f9b3cc7ac2c1097f7a4c10f17db9e3ee846f44bbeecd887d08

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18109d11fae055dfa57701376e370006

    SHA1

    5986e316b252b132a109d2d86d24b7892e218edf

    SHA256

    7b60642a609d9c6e61ad9e158c455dbe0cf2ef3286c3c2d2cb09b7fe0ebda575

    SHA512

    270b87558def5bb07c5ca87f9ccacccb859c20e6fdc7bcac05c8acd9b0ca674e119783b9e4730a161916d7e8130eaa4ccb7cb1cf608f448d371d85955a166943

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5c2c7bc533692ba6e66392f6da6113e

    SHA1

    30a514adfaa7fdf37124b1233779272d96e43fc8

    SHA256

    a645e383efdfaee9b0ac4a33379a8bcb409a9938719385c331931aebf001ce47

    SHA512

    cd85996501cba3ab6a03760d76dba29a8152866accb770ece446920caef6a7d6f214436e69c10eb16f61a4a888899a3029e12184a9f92bccbcdcf4f252898a41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c38003df561dda0d295b4f2738cdcfbd

    SHA1

    d9103f599bca829ac0ddc9a2fbe80998cdef06f6

    SHA256

    0f742d812607bba5f872f476f9accc1c6e73c1fcf9a1ee399f9f15a915bf3fa1

    SHA512

    b80e92e8480a8289976a3bd32031388bc5309dad347514bdfac03874a30b1e58a0c549a04254bddc9e8ab13fa7fcaac02966b9499687b729a37178c073b7f103

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9f55e8d9eae0949b6ffedbc1bb2c10c6

    SHA1

    2a974d4cd0c43ddc93e368ba3691ccf4b8433a0d

    SHA256

    a9b3f81fe0035add4891bdbe67ae170acd5dc1cecc298a4e4d4f5589329873f4

    SHA512

    ef23cbb7a7bc82d7d1a997cc862df422c81e19451978d121720753b860a772c50b0e539ee0413975e03056cf64b7219b2f23520bc0513b0889f803277bde5c25

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4e8d9f7298d3a225a4170ebb6772abfe

    SHA1

    66d8d49604f9c68e59150cdb5bdc9fb286a82f6d

    SHA256

    aad08d9bc276c74745292a3bd7a289f393e6f2207fd8b467d3300234be41261b

    SHA512

    e3744cc3c4d771fa1556b5d015fad796854906e95a94736f04eb7636954149b9558b57e15f62b1b0fefbe0c56c2019fd05fe5fe1413e8af042d3b8a0e754ca86

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    53a722f0f84424969514c52dbffd966e

    SHA1

    0c6ec2edfc27499bc5843a4d9bcd30afe97b579d

    SHA256

    398e7686d42f4fa67780fad9cec0368efe850fa9b680a4d0a57a2d475718b7a5

    SHA512

    c3c16fd9d791bac69f9ec5a30ac6804fc5558b8e7fbd9e49b7c05614c1dd4c9302d2f2b7459db2d96bec9083376284601c876e81dfae0c6ce64ee76f6623261d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48d390052dce9f0827e071fd25b5646d

    SHA1

    30f6d34936818dc591858ecf2c2887ef7508032b

    SHA256

    3bc530b256745dddf4ca8c82472b8277bf29c23bc20f743144b0e08b77d7fccf

    SHA512

    b04c5d149aaa18d3cf487f92d5a247f31b2e9b1d62420582ed1f3b1fcd9a131ddd413d44fb8a0282869dafb1701b5512e07b44fea2355e48075be38a143fc30c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3fe6767ec1eece60e57ab2a2ce477c92

    SHA1

    98d36bba79fa844aeb25325d59256bf935578a87

    SHA256

    c7e99ebbdcc4dc3dd7476e27de22de439b924eb20f6ea2b405fe550baa096f9b

    SHA512

    ec8c28c5ea2694b5c37ee9f315bcb94c791ec5462f00a81cd0f564e8e8ec62d0a3c5414512a80cfb34c1bd14af6365a1ff33e263046e4585a2d92a8ec3bbbffd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    79cb5153b4e4051bba71a32e4ece01bc

    SHA1

    5af1f3a82c438b83b7f342c4ae465209c8c636df

    SHA256

    8ac30b5857971833b3c29923d80ca9338ddaf8cf4b9f23ba8f061cb28d477f56

    SHA512

    3c91ee1ff90b715168e3e30cf5309c0268c4dee153b7a3654cd3651dd925c83820552ffb96e26d77aff3812633ee25e6b6bc3de3a120ca36067831f849d6fb1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a51750d65b81952278daf34db9d682e8

    SHA1

    51c31fc7ab5af5a7f947fade716b50421b054ddd

    SHA256

    f17b9760e7ad0004d99d19460923d6bba80912e17de01a03ec6583502cca791e

    SHA512

    36ed0e8257016162c728c2aff0238e259d639307e56dd477de9f4263552d587a2fb84e4afe9d1928c7f78983c3ecd628305d7e2446a9e9484549e6648633fb6f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    83011fe653ea982207a79d9e0d5f0bfc

    SHA1

    1409cc62695e889f5deb0f6f72e723b5adae5462

    SHA256

    c8075d330322797ff1b82301fa510e382898590d3e97e768dfda3e213022c5c8

    SHA512

    cc6efeec074c04a9d60d84cbf6f8fb124777015d2dd589e3535ace80b98a9b2797f401af5adeda4b2e4f4dfb6142b2fd04afa06f7ac37e15b5b3a37fa300299b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    07822b76c2987bd66de9f07c208907cf

    SHA1

    d5cd9a5d44c07d54aa69c9504158d3b510ee0b6a

    SHA256

    f90c75acd11509a8ee3c89a943b91a1960b38ce465b9ec7ebdddb510036d87b3

    SHA512

    65ba03ee1968e172464c096f73b8941dd52984b738115ba74899977db2391edabf9e35e072c917150f874dcd77ef61ab356938cc45ccbaf182d1d6fd10f92e9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    836c6a2791a59c1a55f0672b4ab32aaa

    SHA1

    c8125ec678ae577fcf1da92d8039024bf5c76606

    SHA256

    56ceef409e8624a8bfef8690cec6a13d3083807d2a731a46dc42eaabc6a45573

    SHA512

    464e64578b68f50d9145c1de872041feed7077cef81dcdb5d221dbfcbf81724cc907b0a5b5a194ee0658eaa87016a6f26d5cc5fe43ad5a9e8b31d537e5989a93

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF376.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF52E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/796-4-0x0000000074930000-0x0000000074D63000-memory.dmp

    Filesize

    4.2MB

    Download

  • memory/796-20-0x0000000074500000-0x0000000074933000-memory.dmp

    Filesize

    4.2MB

    Download

  • memory/796-14-0x0000000074940000-0x0000000074D73000-memory.dmp

    Filesize

    4.2MB

    Download

  • memory/796-13-0x00000000744F0000-0x0000000074923000-memory.dmp

    Filesize

    4.2MB

    Download

  • memory/2068-17-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2068-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2520-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download