Overview

overview

10

Static

static

3

8e8d4c07ef...7c.dll

windows7-x64

10

8e8d4c07ef...7c.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    133s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-11-2024 17:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e8d4c07efc3ef996cfb2ef5c1123cb659354cbf2fd681ee8688dd174f38b47c.dll

  • Size

    2.0MB

  • MD5

    3bfcc84f05125a14577c28b8339b5237

  • SHA1

    58de557cf08bf8481f6b58c15a84457d4ebeaf6c

  • SHA256

    8e8d4c07efc3ef996cfb2ef5c1123cb659354cbf2fd681ee8688dd174f38b47c

  • SHA512

    4c03d3e42b2a52f1d7934c3f7aa9b8d99f016fb198c97b150a77d489233b20776715812795e0007b7dc1bfb6427367fcfefd806417104488d310094d670e8c23

  • SSDEEP

    49152:0dyWovHcx4JEKeTO8Fbilex0S1OjuusSNQ:yyWoEx4JEKeThFbilex0S1Oa

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e8d4c07efc3ef996cfb2ef5c1123cb659354cbf2fd681ee8688dd174f38b47c.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2088
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e8d4c07efc3ef996cfb2ef5c1123cb659354cbf2fd681ee8688dd174f38b47c.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1652
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2100
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2328
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:272
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:272 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d13c0324c5047104bb50e03561711f72

    SHA1

    14e3e71ea1eb7d1e7361669f79739cb717474d36

    SHA256

    14dcbddcc3a945a40e96bbd2eed011eb18cc78ea062e908060a438f7cc7885ac

    SHA512

    779b7fb76c6fad35bd611f17479fe9969ed9d3322e0d90ad1c80f7511408ce9e89b0322dc01c67e6fd41e170c33f70039f1238840d1b03788c036ee5aff6576c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5392ab20220c87841b8cfc41a9594efe

    SHA1

    544d450abba894b2e6f8dce198bd96ec0875dbcd

    SHA256

    49d920496d986fb0a945c3dc5437a922ff1b00fcd49bbd879d94db912aa970f3

    SHA512

    fcf1ea471ff97de657f9b7e3bad19a6533898354f6c6f87d6086383be4cf9e5d3f9ddd49972eb9835933d5ddc831928320278e01f8421f44ac9224e23ae1ea69

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    622c340fd68475edca8d48e673fd03c6

    SHA1

    9ba57b576d0a1b31067d5f06551f294db5ab24fe

    SHA256

    1c3bf334bc2ce5d8658d70d2b42f8206b8da3ca70add937762159283b47a27e4

    SHA512

    0c9cde82c81df98bdb27e166b5fc27efc9b94e33ab4cf78dbec42b346879cd58fc37e4e13e8bb18261c4ffe449fa830dc20f9d1056ba80de93e1d63f74c05c89

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2d38c61824dbf113ce59603d76ae5160

    SHA1

    7de1b6240a35b21fa284b3c08a5499f2291d17de

    SHA256

    641d8affb3cddf3c5f2a19cd191e284038b295389589834e48c6da04e1ed1fb1

    SHA512

    52f2296abcbc7b899331e07ae59eb752d21d16f6f17c34f9d37aa7190862bd118a7f4a44d6555568dc39b80adf143db11475d8dba93923951a5ec80bbd188ac3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b4460d45363705c422177c5e4abfd7e0

    SHA1

    26d56ede288554f4f2385819ae0340a3c1d004bf

    SHA256

    3362650a25f7ef0b8efee5a824cb8ab616c03342dfde105fc42f21c49fba38e9

    SHA512

    b79fbd48365caa2c46a8c6b4c02e36cb149a8e06d438656db28d87b342effa848d48ab21a7fdba4e51aef1de298fdd00e1d1a5a9e4ef05c81525b080f265f445

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    81ff803363d05e6f3447a449e1320af2

    SHA1

    ef21e3573e473318e46c95baaa5c41eff5103bc3

    SHA256

    8db48832d6b2f231d2498e5504e92e8a3a3f9ed62b063769bbfbeb9ef1e7fc17

    SHA512

    ecda4cf3a6813deb8943ebaa028e3f20b3b71f6f40e5730af7eaa006d43d7c7fa9b9caef644129f0e94d76bfe56e0fd7d5a658ae1e0927a5a76c3ae0d671a737

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0b1c8b5ed7f41d71cc410cb0aa7c615

    SHA1

    650815b67df413a178f55bf13460374c4800e5cb

    SHA256

    8d8578707ed676e2b2b2604f119f888bd7ec272920c95cc1961ec7ce268d702b

    SHA512

    49bea782d0af128d32c9a802c6d3812fbc4194c77647ae5279c465ef1d05a40cf45261ccdc6f55c6382a218431187a340c9283c74a428fbbf1d739ab79d9a311

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1afe42a82ab8ad044272993391dc2525

    SHA1

    c1ed2e1419448fa6c1e2220a387598026d6f7fe7

    SHA256

    9e4cad6f472b0547c5dede4695c670530b537d1e4fff873863ee7a045ade957d

    SHA512

    c97bf1e241b848d544ef150d21fde04cbf0bf54abc0e8095dd0ab4204277e8a33f49743cee82bc0d3e0e1ba779ab50a3b5d2134e5619eee0119ce503e831472c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b39c1845b71d59913e2c477ad49e103

    SHA1

    fdd44016b67e447eb8d72d2e15ab6bc889247b0c

    SHA256

    962e93884ca2d4ddbc6406484c6af537872e58e32429103e7dae1179bea7f7be

    SHA512

    3e860bb911b1c17b91f064bdffaae2cba889341be08f3edbc763109110b02bf94358347fb4a06ee2f09a42f0738e80bbf0ed58168421f77049781559bc6bbe0c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    abc4dbc7cf96a2c288a785bb51d1367e

    SHA1

    590bb7797c437a310532d220658acb64027efea4

    SHA256

    3f8a9fc23f1be724bf0385da20615d04d25ab8f8e16fff1475a6dfd5b36805e6

    SHA512

    3a4976cbea8a47547a9c688949af830e9b5a7004167558be961e80213b8659072d836cf33a68e62f0552b6b7c6516c5c1fea1d340f02d36b172c536648085f86

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e37134d62e9f0e59fd13672df1570cdd

    SHA1

    c1fb689492c25a8b69db6cc706be30addc5c2db3

    SHA256

    da9a2e28123ef9c203f1630f306c1c43852458f1b62dbf5b4d636d45c0a48368

    SHA512

    95bfd0d0f7585ecb7dc0911580a4008be0da7cd5afe89b59611450ba7eb008d2cf73c877e842757823ec8543528efd2e2aa7e97eeb41948b0073a4d08d96d98b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bffe616b8de5f23753e771a1d2f1a0ec

    SHA1

    bdcf74046b6e3f54041ce5591c7d6dca737a916d

    SHA256

    cd3f5791876ebc4d7a38f4edbab719408aef5556899519702b16d4316a96dcb6

    SHA512

    1c004c39ffc35a94b3b9d3fa6d24b3911a93ae12959269ec5c8c7ee9eb75f3ee8c5d75904412b2253d20a707288a7f0a3f39b43ff87814c5f98021b39e816865

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    87954b51cbe8bcd06f90e1296b6a4c90

    SHA1

    2d9062980735993eede17072cfb0e7ec26339ca2

    SHA256

    771ac3bba5ca87d5d10c156424970a767aa56b68b99f95cf2de4e57d2192569e

    SHA512

    b76822f26a0832aa1bfc59be4bfa153fa5fcf83fd216202fadd1648eb16a65cca649fac708608ae3935bcc8356341ef6397a82aa154259cb0d5f0a152df266c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45bf2e1ce8ad5f46901dff9e92b2c5d2

    SHA1

    18aa5fc3ef10553dec9423055283af7d05b77538

    SHA256

    15d0793f73ba0178c3e5f062f7e31b5ab4ab26242e38e7f94f3c0168b00b68b6

    SHA512

    3e8636e4e26b6bdfad4907a60780eb0cdaa0a037910ba40657171e1a4d97aae16acadbf03e70e0e13fb0c36d7695062a37fdd51d6823ee0188a6377af111b5b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2d93191916b27f5ab4c32483ac4e1d2

    SHA1

    97c27e7aa3ac347246003068792a07796d239ffb

    SHA256

    42f65fb75ad0516b03eb91f072d6d15a90891ca0a7ef254e98f41875b5c4c73c

    SHA512

    1146a491dddc6e0b3b9cd9dc75705bde4408f2fd6b6afc41a296e2de44a75a3589109728f7c314af3953dc1a5c45897d85a5d618eafb1b4481a2b0e1dc8b023c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46a0caeccba21109ba8fadcf74b9c141

    SHA1

    87d2a05135d950954d71652e758e6f6ca1558883

    SHA256

    9197777e6c8cba37847c9cb62e1c93b8dd2c66bad030fc627c16107d98bc1c35

    SHA512

    301d7c1217d430d58635c364c1e23fd2d2c64fc3569397766ba8898492a019acb65898a212bb27ccd4d3ee783c17198d573997430253f6b5aee09cc1c07849b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be7d5628298c9f681f7923bcca18fe26

    SHA1

    bfa1721b3c8c9e4380dfbfd7f8e302c1ca3fc8cc

    SHA256

    b248bf495359ff527eb80bab3fa6152eff109fb1a58c5ebc57c5f4b0670c69d5

    SHA512

    5b1a3ea7ae0eb95a9ae01049e5708ccb66999f6dbc99e295bb8fe4140ba32f4320fa14782d8014f5efef79f6c3d9320cb60c09cbd56db84d6af8bf2415d46ebf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD359.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD427.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1652-21-0x0000000074330000-0x0000000074536000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1652-2-0x0000000074330000-0x0000000074536000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2100-8-0x00000000003D0000-0x00000000003DF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2100-7-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2100-12-0x00000000005C0000-0x00000000005EE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2328-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2328-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2328-18-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2328-16-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download