Overview

overview

10

Static

static

3

915515c8b3...89.dll

windows7-x64

10

915515c8b3...89.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-11-2024 19:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    915515c8b3846d7f9251b1f9fa7f223ebf20b7a80c48038efc7c901c7be33a89.dll

  • Size

    1.6MB

  • MD5

    ff4ce0f335c3c992288cf3089395efa8

  • SHA1

    aa134e45e41b516bc56e646ed468b34e526cf6d9

  • SHA256

    915515c8b3846d7f9251b1f9fa7f223ebf20b7a80c48038efc7c901c7be33a89

  • SHA512

    92543ec4586dd30144b18174e24bb1ec1c9f990cf65d6471ccefac4c504c2fb0bc309e3e12c4979d869ec5a422b2df738521383ac6389de36d0fa4e0dfad1fc9

  • SSDEEP

    24576:J+k86F1f/Js7iCBfWx9mBVo/nWV3iV12PGc99RXXbnrz0BGT7nqRSA82Dej8/+uj:JBhmdwaTuWV31G29RHbX0BGTzESe2q

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\915515c8b3846d7f9251b1f9fa7f223ebf20b7a80c48038efc7c901c7be33a89.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2388
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\915515c8b3846d7f9251b1f9fa7f223ebf20b7a80c48038efc7c901c7be33a89.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2516
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2032
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2112
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2744
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2744 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2728
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
        3⤵
        • Program crash
        PID:2792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f6a91621e0d84d1881114115d5145146

    SHA1

    482eb6f5c62e7fc638c7ba23de7ffdc7e0eca429

    SHA256

    c9f43bf078cfee7c25ce63c954a4377cfc82cc8b4bda3b93ed27bd98183f6a21

    SHA512

    02a662d71ae56a65e7d1e909615e4fb6ea28a601ee1c28959f41ec7b3f612cfb6e2711e068b21075c4ee347bae45ccc432dc88f6e5055be675692a03d8aa1f49

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45e6130f247f67c946ab33827cb3c09b

    SHA1

    d3643701506f02415a85e6b487333d7639676a30

    SHA256

    c0ddf179b79a6960a3270a2f60af1be4d1374a71a3e71c8853405b5de419c8b4

    SHA512

    71ff2d77befe7cc5bef4a0ae35a8e5e2e2db08f811bb640b23efdde04f41cd9e23e0f1ed8e1004a03b6afe3eeed57c7e8f9d9e9e9426e8432b42da8ac69cabe8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d02f3161d80126415a57fa6c39a8fab5

    SHA1

    7986434154ddce3f19dea568c2151608771c39ea

    SHA256

    3bbb117ef4a7b946bbdf9707dde663e4f0a7c4c4e72e0724aef750cf777d325f

    SHA512

    04f2e76d7e1ea63a3f244f929fff3f294d7bf6bae2c6c015a34dccd4240fd285a62103875692154be1c87f9c4f36ff9424f922d5819cf7a3c405130b5ef77b16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4e210a118916ed0bc28ce5ef20f3f60a

    SHA1

    8226ae51087d24a224e00682baa7d78bb587a465

    SHA256

    514f76e3459df79b6777170ad2678a06e23ad663e47210484372a99a7798f70f

    SHA512

    7546b0e324fbc838f63220abf0a59b633410bf65aeabb43daf49669ec89b2388e58888882e976b0590b9f2c961ba55f7b8e1f145082a389dbe00f40b51068a63

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    207172ec2c5438d727bf7e98b157a589

    SHA1

    16eeb525eaa372262ab2b75c79627c1b7e31f5da

    SHA256

    cb94cdc01139c5d0f75c8e0b21f753e21c706a07934dbd216eeb458801b15a5e

    SHA512

    240e38e5ba4eae9e4b9b4efed67c9807d6a85075856336aa97b1d65e238d5a11606dfcd0b11261e3188777f56086c31293e44d09ee9b864d9c670c63b3572f39

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f4d91fbd96dfb7d0bd4724bcfb9dc426

    SHA1

    b1073f75559409f3e4fc7994c86afab0e9cf7a98

    SHA256

    4ebf00861197bf6b354fa1e2d033dd5dc6bb17dcc58348d15c2559b36554c9a1

    SHA512

    ea64ff00bf5c757d9f3ef1faeb072e15e702b4e3d47bd0b33d43d215658019744d691a5f855cd4f364c4369765504c058690f5664fb103416fcddbb5f2a1b4f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4657322695665813c4d0f6018ba86c35

    SHA1

    0018be120217a0f05b9d3beec58e73de616065b5

    SHA256

    8b1ef10c68bc4793be4caf088232cf8e91a4e2826bc9805a2ecde8b04895d03d

    SHA512

    fa50059c75669f8eabe2429f15bd8df7b8eb829ca5c9f196981e8a5d0959cad1cffa744f1f48fb14ab2d715c35bd8564be904b4811f26b528507b787aec0528d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f2c0b5741533eb86d76e52ba910c6519

    SHA1

    04dcda3b705ca6d2a475efbda691fe6b239f4370

    SHA256

    d4c216c86b47bd4d69334ee4b93115e220d38e32e0004caacd8bf4825081606d

    SHA512

    ad07efb5201e355d40b1509a6777bd2142bc3eab8875f39dc6200410d7e0e42dff95ff3b5228cea3ce6ef7a5ba54610a6d9acc4f392d7537290ce12bb1a31298

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    26677dce2eb7ca76a83c6e7b7de38471

    SHA1

    60fb7038b134400028275132e4d77521fddf4513

    SHA256

    97da75313b6963f879df3f6653ed730d10792acb9492a4768f0a6046bd3fa861

    SHA512

    5501d534d9fc3dad94f580064f31447e0ea5fb4ae6485b24d5630c0604441bb4cf4a1c20c77554f740dd81a627ffea2d410e48232a1f5be4f6d240dc677574ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a2978fe7ad307131b4c4923ca7f5b433

    SHA1

    d9cd15346be89c9b1d883a080f16a4dc7e77c243

    SHA256

    d4e1d5780dc9182dd2d2d5e0901edf683b506c9a2317ca3fd436a0023d9a932e

    SHA512

    328bfa5308436c60b681267d09fc1b81109d851dd92acd2a1c4b268624a503f95e5cc7b81f009afa7714b9050dab47872777c46b25b8a782854452c91afeba6a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de1acf7e58a41981556081ed3c8f10c7

    SHA1

    c9f25bb8cb3de3279832e34c835ed0180369cbef

    SHA256

    2cff47411a2e1d97e1ab884df125817dc3b27166eba07170ea6e76511a04de7e

    SHA512

    94907e000b559b145003fcf123648c3d8c149cfe56a1a3f202a6eadf8b5592ba4a653880210530a25155ad1e8cc21a3f982bc21d4f9e0e8016fbc3f39ef649dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a662ef6a0b46d362fc327a6e130184c

    SHA1

    167abd6790e858fe397c4b241099fa527291af7e

    SHA256

    0b1b2c525f7670cb0339004b9b5637b5d09cdc4a2cfd0cfeb158e7abb28d1590

    SHA512

    6351e8eda96f4a2ad90acc091c68ce7f720764ce4736397851e62ef3cadd5ab704cc96f8df33c4fc56be23c5898be99833d996210fd6e11d73e9e284ba5ee80a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8579dc865fb7be6920bdc77ebbd561e7

    SHA1

    2d3ba9e951760e3abce21cebc6ec7caaa6d81815

    SHA256

    74591b64129bed216c86f5c76335f1bf82e078f5bdf8fbda8e87fad9274976c6

    SHA512

    b13dd4da881d0a6e2519c078f60a00e7ceef09b6c64459252c497b79a1edff5060b3e12138a2c2807cf7278f43b2bb9506058666f25e835ebad36926a546449a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    53357d6065c655547b938ec7dab227d2

    SHA1

    2324584b834c99576929ece34de13e2f0f3b0505

    SHA256

    02dabc6ebc25f718bb6602e1da8a96afc156f2e7c7be5c57f1e57d6ed4350df8

    SHA512

    048c6a6c4554eb6f1cac8ff9d279350695f00be26c685fa2e47f155b988bddab8eb159d43fd7455cb5768e422e46874f38759670282d33918c9d3dc245b6681e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    371400efe12579674e0eb3d78edae6ab

    SHA1

    e3840dfee46851c17c52bb40058a3f2983dd1bb5

    SHA256

    c075a7029969afb3b33dd7612aaf37cb072bb61b9b6323a2a5b59bdce01f93a0

    SHA512

    198c07267791c5cee1c74f1d7fdc6a22af11596bd1ca241605f052d1ecbd76442b21969bd0b2dc952bff8e1dc261fab71d441ebf2de71a9714d8cb919c365cd9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d3501565283ae048eddfee9f565e5065

    SHA1

    d58918e3cb4dad46b896be8768086b9b135e8e11

    SHA256

    adbedc45cf8d8d11ec2f57203d752fe54cded2de08941e2816192e835dea0f05

    SHA512

    df0df9ff0fc86a443ebc9a0cf9940fe7451034a051b4985fb04751647a0ccb0eb863d47ac187a14df82a451e47e6190d5c0f66db9922f42ff358a9a092ecfc14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    568e5815b2c28b281ddfcb7d63b4e91a

    SHA1

    391fb4acfede94fa3b198c844f79563ffebdc420

    SHA256

    bc5b57f0eb228aacc94ea6b035a4b37a1a83d7ac4029c81eaaaf2ff4bbf0c22f

    SHA512

    a7ae344663d6fb3b87890e3fcb5b9bec947e0beae497b9747c96ffe129976345905a53fc59b11874f0044e8c4da86243580df40a830f36471beb5ab84939b267

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA48B.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA569.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2032-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2112-20-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2112-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2112-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2112-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2516-24-0x00000000741F0000-0x000000007438E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2516-9-0x0000000074390000-0x000000007452E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2516-11-0x0000000074380000-0x000000007451E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2516-12-0x0000000000280000-0x00000000002AE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2516-6-0x00000000741F0000-0x000000007438E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2516-0-0x0000000074390000-0x000000007452E000-memory.dmp

    Filesize

    1.6MB

    Download