Overview

overview

10

Static

static

3

76fa8fcc24...5b.dll

windows7-x64

10

76fa8fcc24...5b.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-11-2024 21:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    76fa8fcc24a73f17c57e585bf0d426ea74c761c4d978869ca596cc1b6774ff5b.dll

  • Size

    1.7MB

  • MD5

    4481da148a4cfc236c6ae6cee4e2f661

  • SHA1

    719a04c17f23e34db5c2f9b5604041d098a007cb

  • SHA256

    76fa8fcc24a73f17c57e585bf0d426ea74c761c4d978869ca596cc1b6774ff5b

  • SHA512

    17afbb1223d28e3ed3fd5dc84a5c27d9b060f581937b64bd8cdd6ece0317fd8857c8acc46c72978fac235d87a34bdc63bfe3aedb0e96f15483d67a00d87ba843

  • SSDEEP

    49152:0i6dS8Mj8NZMtBaw9zOmKgvp0UqopXrjarE/PUWMmPuu/mPG6n+4QvSBB:SS8MQMtBaw9SmKgvp0UqoBmrE/PUgj/4

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\76fa8fcc24a73f17c57e585bf0d426ea74c761c4d978869ca596cc1b6774ff5b.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2788
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\76fa8fcc24a73f17c57e585bf0d426ea74c761c4d978869ca596cc1b6774ff5b.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2800
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2924
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2716
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2612
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2224
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2224 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2768
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 252
        3⤵
        • Program crash
        PID:2836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43f5e1140e6bf54a23d0daba4d0b9b7f

    SHA1

    86b11e32089ca576eb57df490068ca501bdccbae

    SHA256

    efe5b3ea09110afb6df5895fca804931a636a50a4d3b7f8ba67707cbef88ab11

    SHA512

    5f8c5c7f14060fb8ed96b7629af0a3b40db0db0cd99fc29bfbb668f5fe9a03e0ef7036ab2c117cb10034bc84a1c52381addd28f96399ade7a0dbe62db6c89424

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f2b9e2443060fb3be85122c9ceeacda3

    SHA1

    72ad1d7ee8790553f6eb77efe407d8ead315520f

    SHA256

    f11124f057fd5a5192b89f34783bb0577b36f1294ebaa461bfdc723b4265ef1a

    SHA512

    382f9f08ab06429936aa57eb3979b4981b2a23b0573305e811f76b830e45b1cb18e4b37009f7ddda1b90318e92196a7bdc0446cc6230ca4d9f22dc5af2a0386f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a36749a4ac3a702e60028bb1f268e68

    SHA1

    365a4cd3927bc3abac46cabbd07105e4e1384dfb

    SHA256

    7579f4cacae83425672d6c212938fcc4111d2a006b766d3b1844ecbf80916549

    SHA512

    84e3aca4d95ec015aa817d717c8252db0c2b94855b8bd2213a4cfd1ddcc3d353d041c5d30b8a21673bc1e377c933c0cc5e5571aa7bbc316a590bb4e6b7ece196

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a3803624ec8b8b7ee69ad72b48a2270b

    SHA1

    0b24e57b58942c06e654baaf7af4c3f2e8050dd4

    SHA256

    6f313fd43135aaf7d6003f6b48c131bbf72e3597ef35db8d14618c55f6a564f4

    SHA512

    f77fe2c92e4222ce855c9c1816b8da288b4bad1821bdf6714b9a5c3a35487ce21564827614ad6bc25c57f03ff39f6be792e2ae8a5cdd4b5ab3b91f0d3eeb16ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc90ae7253e681a0791cc1c7b02a7262

    SHA1

    87e42c321bc75d50144e3d248900cd4679a0c841

    SHA256

    70addfa701996429d022d8e646989b89e5ffe022b5c27adbc4de34e1486449c5

    SHA512

    28ced61132196131ac5e45f2fea05f720ccd0f78627b30f4e240f622601908395f2949405e98101b4a5fe33554b1686206c2f00488e3d7c320b223579ab3ae1c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fbfa6bd84a9e306c89fcd34e9d856a25

    SHA1

    9d875bd72bc4bc356c8122f219bdd8832a43fe08

    SHA256

    daa7273dcfd924b96c96c31cd3d99c9cd0230cf6145ee3df25036f99009d2a8b

    SHA512

    8709ff757fada971c62f5664fd4f80da1179317a4a698346fff10f871a556f08ef1a93a29b340db6a08bf6e1ce0f4b2d1e9858bfabce2a61b4d4fb804a031d9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df5184a9e112a63b25e4eab354a469cf

    SHA1

    131bf9fb3290ebdf5c5ea1ae6d319c71991fc015

    SHA256

    4d12c21452d436fcca4ab1620079cb16eef90b864c7a60decff5397af23e034f

    SHA512

    6cc5c50d108f12a1b9a79191d8402fdf6826c0d8e3b5cb2e214e5a803dfd1c73f879287b7fbde9303fc0cd0085c113b88b4998f563f2fa7ef9f9edebbfa950f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dcf4bc54e7ed3eb6e98ba30f34a8c6ce

    SHA1

    a93d361d0a86b1134bd9b43289a7c29b02755a3e

    SHA256

    0c29ffce563b6d0029a356aaccfa43c4723d530c3ab02a67e43a1863451117d1

    SHA512

    6efc1fc7a2ad4c89cd55b230eb4c03d66fc2073667841bb5eb0ea777a37c856566d9f7623e9975479b806933ed2e1e8210653c9321b5a19ed8e22ba993498f8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e1e43a3ea8cfde5988cf549fcc8351bb

    SHA1

    1f4e9a36f09ed116fec0edbc5e725ac2c54cd757

    SHA256

    7dbe02842fecd927e599af684998a3d127ecc056f687efcdf24774c8ce2022b1

    SHA512

    9594b5a8db8e05a7d39803f66fa8f5c5539b751400e9e7e914246e4f76c680ddcc79d1b9d4cab4617f0d2fdd47cbc381f7518d08f04edaab4517279c2997b838

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d17f5a51c049aa0fb2ca105d18b3d790

    SHA1

    bea7cbea96826665d6a4a64ad36d2e5786ada52b

    SHA256

    c19f795e790f2dcce9e14054028b7235a2fb8f46bcfc49b3ab241b06495232f1

    SHA512

    be2bca168dbb6bd4771d8662956bfb685ffdf1401629febe9adcc23a5a90c9d88b8f9813a1bf6e7ac5a4cfa9290148168911879dfe3d3436e99b4c0b9ec6a6ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9af478d0643910fdede2c9dd5c8a2b7

    SHA1

    829bd62ca1cc4e1d26d91a0c9cb9efed5fb15202

    SHA256

    b049a7852cba838c4d78a174bf9ef5f096657535fe1c7426d0208708124205a4

    SHA512

    6463fa73fc4a4b9b4d1b3fd0e8f5bbe2d2b3b52a39d3d506629c45c8bf8be935270629e4dd2123910f73248f2d612270135eece91d0689496ce994f22f3b4ca5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b291c262329e4698deba594e3982f257

    SHA1

    01f757c4fc41040c14199debedbf3cfd202b393f

    SHA256

    235f6da763f0d41841da91a9e512856624d663afb1029a14e3e9a69340f234d0

    SHA512

    8142928de85a979874a519c4e04cedfdb0a81f7c600bee33dc68304619c11d38d41c02af7e534d0f108d5f0c3b1255ce5b0668800c2feb955e7bb7b53945d23d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d969103006a9ec17cc478e3ee3f6959

    SHA1

    90c460d8b9f947b7f323b98c0ef2e1ad991b7aaf

    SHA256

    1e62c3d0f08c977e4135c00a1dbe5c044cc356e9b57e805c85269b65af63d449

    SHA512

    10a448633161443346aad4861b7fc22aee6ed6815ee45605be4aa11ed2eea72ff1911870f4e0607a6d36ab73f1fd91594c44397df2232f1b424a85fa4e8edca4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    599e20c74ad7a99cf48eb1fc6f27cf0b

    SHA1

    2f39a4d4ec98bd250638ef44770cb809f47f8cff

    SHA256

    eb0f56b30df3e64de79468693ea68d3b73ecef2028ae3bc0df59bb13e33b177d

    SHA512

    40cfe18e1a55682aedc7257346e122fcb1cd129b16e33bb0581e504db204f227770e23fde33fb7b22b0ec7d0886f854cdd470cb3141375416d67f8a101dd7931

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    483ad06bebbafe0fbbf9ff7c51334753

    SHA1

    fd2df1890f271b66da6f892c847c154992aa551c

    SHA256

    319c0f2a09be9c98dd8fb98c07badaa1c5ab8d55da5356416ce960025ae454cb

    SHA512

    c0912c7ea0124e2077a41306941c7c9274d480d3d2814ed1926d908ac1b1376c64d5f21cb0077cd78bf14e66349ae010ce9523051bff23412edf70535a8039da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    68f4666a113e3f7bb9e5446f3f94c34f

    SHA1

    cfcf4861c3feab5edda5012f4d6df9a7a2566bd2

    SHA256

    e7154f64626c8b46027cd4d2298b40f24d2b8d37ff44bcd640b4308a97d701f8

    SHA512

    b059f693fe8428391b7aba1ca68a54a79db001f1f8a317660f29d704e91d7c7ac59ba1110fb52cc0afb232dcab1b42a615c093f907e0629563fc891d0529cde3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    288dc615069c1e5b817c7a23a2e11b0d

    SHA1

    d310719bf0b19feba4c0ae3d0b3d96f3783f3c99

    SHA256

    b41af399d90ff560049e17f16113457af5791d8abdd6d96b51affff9afddaab9

    SHA512

    fbf768cde414f24bf629c661ce00e922fd221d1a016beeee81bba31654d85090c24414c994060e51f04233187fb31493c38561a59f12c2e9b8e0955eaf862267

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    89229b72c4298444b3cc2bc8de8787d2

    SHA1

    8836e96bd2abdde934cc5b088aec97326012b028

    SHA256

    7a16ff2de63d72e7363f9eac4606dfb16f8c11deec63678d4cdbf0d2faf9b159

    SHA512

    e39aac4c6a4843c9f431c2a128861359c95d444af3f5eb83aef5c3b406fd2ed350b0fb0b67843903544dabac30e52547880834b28ebd68f6c5a0798af8fc6ab7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f9d9a675488c8b3da47499f1f62c9ef9

    SHA1

    c4305f9606a9445a8750f15a77156c47febf5e4c

    SHA256

    9ff1bba8387eb730e86363f62a6e8b56bf15ba14f74bd75de4057b0f495657d0

    SHA512

    c260fb0daf23676970509decb16873e620c3aff287d98b6a35f194a1f67dc7db14beb0796873a5c1897c332b5600c0b765f8a0612e797e1109fc6b54271d4774

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    290e6db271db8d1b898ca84473c0c4e2

    SHA1

    3bcd2f032a09cccfbbc8cc4dec06dfe8f4b17355

    SHA256

    1c8ebaa1c3b1c7993af0064a51c66839cce661df95db9dfd68fc9a5cd6a59144

    SHA512

    971ca8735ed33dde3fea5cdf85e8ff55f830ff0cbf8aaae6c6f36006cef452fc3fe8176050f30f07277e10843f33724f0a0505487bf53ba50457e38da65019c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f23b767bafdd2b44975d7514c0c2ee4c

    SHA1

    ff3fb952e8e9310973453f6af66e95ec3e4f9a05

    SHA256

    c8a9c44bb3809adad297685ade512f1f1e421341e5855205c9c7bfaa4788e16a

    SHA512

    22c58e2041f2bcf521a2df445d8ac99f45f6e6317d2880c51178c38989c7c7715413c639b7f7eca3c54336cfdc03c1892bf77156969f956f6a1d1879b5222b75

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5FB65A01-A6BB-11EF-A8EF-7A9F8CACAEA3}.dat
    Filesize

    5KB

    MD5

    6335150a4fb30ccd13b3b3323212f1de

    SHA1

    b927dcb114923116ffdf9ec90805fbcf714d1489

    SHA256

    13fbe459209f91ea3c3a45b1f36b3cf675c48f57092f1d2ec512ba9f4be36fa3

    SHA512

    45fa08148f7998d5ccdc5f304d9e08fe1edff83532c3229c1d0a199ed53cd1c6f1df7f6177c3cc9c4ee6e69bf593d327b668e211d09662968b055e6723cb9aa0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab659.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6DA.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    182KB

    MD5

    dd49909ad6ea1964c51570dc8e0509d0

    SHA1

    8b0b696306389efe29328520f7982ccbf8aa02ba

    SHA256

    1ba4e1899aee0c9f3b3298984afd793bb7a8b838fd7d56f4f9584a285354f1c2

    SHA512

    86b8043cd378ba8f1d42f170330df08fc31980c400149b1e624a1d2e6928e6248ce805213b993662b8f99a9480ab07a2c4d077002f48a79709e3d21c3ad1ca76

    Download Submit

  • memory/2800-450-0x0000000074730000-0x00000000748F3000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2800-0-0x0000000074900000-0x0000000074AC3000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2800-8-0x0000000074730000-0x00000000748F3000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2800-10-0x0000000074900000-0x0000000074AC3000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2800-11-0x0000000074730000-0x00000000748F3000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2800-12-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2924-21-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2924-14-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2924-16-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2924-18-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2924-17-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2924-15-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2924-13-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download