Analysis
-
max time kernel
133s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
19-11-2024 14:14
General
-
Target
596b41d08927cf92f3b93e089726516f3512a27fbae2e643fbaf5ef29a302146.dll
-
Size
4.5MB
-
MD5
f2298510b14effd4e1766648f84104f7
-
SHA1
3bf70b2f24e767ad9a5b61f0f4e0f37d3238858a
-
SHA256
596b41d08927cf92f3b93e089726516f3512a27fbae2e643fbaf5ef29a302146
-
SHA512
96c5a2b887087463b93a86fdc94c8f6d4d0ce75222734152a87a6f377ea23a6b8b0bac098c29c4cd5b8fcc0caf5fdcce2d5b24ebb2d9ee72c9098367e629874e
-
SSDEEP
49152:rSqOd18ZIH/OWyqFVowMy1BKp7G+NMsGZZZZ1fz+w:r1Ob8ZAXyqVowMy1B67G+NKZZZZ1fz
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
Drops file in System32 directory 1 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 23 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\596b41d08927cf92f3b93e089726516f3512a27fbae2e643fbaf5ef29a302146.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\596b41d08927cf92f3b93e089726516f3512a27fbae2e643fbaf5ef29a302146.dll,#12⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32Srv.exeC:\Windows\SysWOW64\rundll32Srv.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1244 CREDAT:275457 /prefetch:26⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5b7d8aed848ef45441f157d2cf9ec55e4
SHA1010001cb6a5f7c320757ba7a1a7324d62b2aae89
SHA2564b37064fe7993019611448951d3fe576fa0aed17925d7aaae0553e1f98472031
SHA512afa3799f754ee3d076d04f86410d4d1afcc01c9a8597aa995088ef0f01b1d4333333fcb11c80b5c66eae558c1f6caef52d1c717953e849a0180af3ad1016cbe3
-
Filesize
342B
MD5396df86b67e836f9d5aad05e8858a215
SHA1de2416249b2a0393e4086e87fcbc1f79965ef4ff
SHA25601b9e7e0a600a92af137c631bec71adf4c26e4f29c884943a4805c7095cb8a57
SHA512a89cd8483caa4a8fe481086c652e40261ab1dc6ac4b64a79719a375de15c02a66de12d6987fb35189332ad8f632d2c97d6376d865dd900e09cdc0801269833f6
-
Filesize
342B
MD5ade41bcebdd66d521ea27f59c212dbf4
SHA14f9f9a1f90d99b013bec43d96b3d632cba15914c
SHA256249f4db887da3a757a9ed9cc3a33541ac93088d2fc4f76858a9ebc71aa200013
SHA512354de478d57906b61620e40940fbfad69d3b21202247f4dcba3b82a1679e8088fb8ea6f70171a03b41e5af929ab82f47b52ba2f5a12fc8c28361cae2751b4270
-
Filesize
342B
MD530a5f1ffe6074d69981bb00eacbbff08
SHA1b60773fccafb1bfe6d28f2254159a50d4c2e539d
SHA25687fbfc94d49d9bb9dd051d4f8af11ad92b39d309f4a0c49e48f6cbcec6134f12
SHA51208b9bb5fda16faddb8927ae93c076aa52b9485f81e1e65260686e67b669be0b091bd3a3647ea8247cac58dd361914e3327f4741a308fd84f7fd4989764f6ae6f
-
Filesize
342B
MD526e02ba08132843d7c6f73021e839b19
SHA1651b58d5b44f0fbeae6b06e0bf65fe8563d8037d
SHA2569d4bda729884a885b00da11421fdf1406203f5132347628860d9251a38668f0b
SHA5127722d2962a808515ff0c4ef8d9598dbcf9b6289d7ab7d063a9cadf8ee227e38a1c0808376a1e2339f097df0197d0dd9da5a0cb7d9f44095cf2bf3f6eac723ac8
-
Filesize
342B
MD518152cf2b65c0a34b59a9651fcec93c5
SHA102f70fd8a69bf50f73068b0b8ab43cd49759c763
SHA25674d91a32948f6510892692755c2bf7733255977a625f83bfba47232712336186
SHA512f6373221573db1561e628209ac8445a5b5ca09ed74bb182b80a5828658f09bd14125103ee49e2756cfc2543c14df6001284b176daadb3caaa481b86ffeeff09d
-
Filesize
342B
MD5aca652cf47e1c98ff6661e0c4b22cc19
SHA1e1790ceb4814dd5b4b76e210fe464f4a8b07f221
SHA2568ee5f0798b462dddd04b44e6ff7a6e5ab907d67a065cf5070927e29b8ee72825
SHA512a1de86fcf6cb5269ef93fa89b65886e26c7c17a2b7d303c0421d38310b2d138a99c34b99043c746c27670242d6ad405b77b6ab68751bd11e429344bdb2ef3ca5
-
Filesize
342B
MD50ddc019fc96bfed32d5529bc75a33a3f
SHA1d805489143ef7adc72a9c93371175001f6e6d9a3
SHA256bb565ff921de9c862879570124579038a14ab802c64826a5e18169f80ef1ab66
SHA512fcd79ff5b9ab6ea38a4fa1fdce750244c1c2a0a556c6a0d890504dfa9d7b66603bba12bf13ee9baf6f2bc29fd49951c9a2483fdd413e88d49b46fe1f0e169b38
-
Filesize
342B
MD56d4cc2625c30b3cf2eac25cedde70e5f
SHA10c59f04c128a5865ef9531a15c15c21f2096ecb4
SHA256a81e6ee8691f3c90276ac47c3ead5dcf865a9aa6306510fff58e8d717cbabc66
SHA512ff4b547e032f39b8bb622adf1c001ac9df3589caaf8c1604bcf7a7b643324f55a6563b385d4b71aaa503363716513f35e3b2a8955f89b63532fbece1ebe986d8
-
Filesize
342B
MD572335c4c6d1619dd1b41c630aa1a85d0
SHA158c329a8e7fd1afb500fcad06d38f5e72c4bf246
SHA256468fdf0f9107d06fdeb54454d7cfcb333d1e7721ba959525ff47f85a8640d295
SHA5124e3f3056aa56b672c07f305b6bfcab07701ef178bc256291051357a3825b93a22ab7c964e33665f0ec7662a10fe472e71be5a69177da869cac1c78737a9d6ab0
-
Filesize
342B
MD563dc39c8702e80214ae4f0e6e1963e0d
SHA13620d5e4b385e02ee9f0a35af6fa8890bbb98fa5
SHA2563ce272bd2e055a460f6c1fb5e72c3182348d2fb999d508dff1ca9727362b0ac2
SHA5120a65c691a14572af27ac02956a87563ed06ef49fab69593cbbb6383821ff267f1086c1f83fad37e9f9d53adb1cad31830c4914174abfa9be4389cd3e225d7bab
-
Filesize
342B
MD5b4519cdab866be2f5400831dc966ea11
SHA11148b02d396550efac42552c30c6bd5f8188a1b6
SHA25633e5746004e9799876f038af44e5a0e47d80d77b4edb6bcefcf8cee4aee6f975
SHA512f6049bcb617cb34d290229a5aa8e39527a3e9b16cf031c67d4ece79b63a2efd37a0bbcfeb41455815dd7c4bbf95baef09bca74866ada6145cbf57b48fbeef3a9
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
4.5MB
-
Filesize
4.5MB
-
Filesize
4.5MB
-
Filesize
184KB
-
Filesize
4KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
60KB