Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
20-11-2024 00:17
General
-
Target
09ae112086a810b890cf0253f2ed1f3378c9394fc30ac5058258730cc9eb12d9N.dll
-
Size
4.2MB
-
MD5
27f2fca9813a61077a1c3c0cfcdb21e0
-
SHA1
f371f543b5d34bc269530d72d62dd1f51b03abc3
-
SHA256
09ae112086a810b890cf0253f2ed1f3378c9394fc30ac5058258730cc9eb12d9
-
SHA512
46df025cf9567bbefec1b1478c4161cb43b633a4f300ae65a0ef1c3d5289d81a24659599b757712c11e3e2dd5d71971bc3011e2ea4036cc8459a07d74da9e5e0
-
SSDEEP
98304:Oaun0sM5Hnc30M/Op4yFARPbsC3kZ1ec0cIHgBG2szOJqNjRyG7Slcj0/5/9saFP:Oaun0sM5i/1NYw6cN4y
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory 1 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 23 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\09ae112086a810b890cf0253f2ed1f3378c9394fc30ac5058258730cc9eb12d9N.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\09ae112086a810b890cf0253f2ed1f3378c9394fc30ac5058258730cc9eb12d9N.dll,#12⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32Srv.exeC:\Windows\SysWOW64\rundll32Srv.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2776 CREDAT:275457 /prefetch:26⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD58b8a8da344ccb90e9516d7051267a8f3
SHA1c92e71d0ae6c2ef0a3f4423c178ea43595cc552a
SHA256b6776dde5927f574e4c66b34428ab29f2843a22eabfe750e5723e8c59e1072a1
SHA5126283da14e8e9eebe3349fb1fbd3974bbbb9106537213107a408ef7aedcd091e6cd5b6cff8817fddbbf79624dfbff0cd8d948e31b567a9c7fdbf48a91899883f5
-
Filesize
342B
MD53bffd5aa4a6ac5977b9d628303c3a998
SHA126ee920e6d06a6743989cdb0a963d9f5b7fff62b
SHA256f214a1a34429ae41c92df111952e31088fec80ed71a1399b4ecca3b70d1f150f
SHA51233ddad952f4f781940817dbc84fd02b4d6e5bee210b1ffcd3fc69c398f9324d29a332982e6b223ad74e9024fedc1c6a77baca86c0fa4ea7a94b7e18b2e4a268b
-
Filesize
342B
MD5bb4d8b713583bfb6d3148390d951f353
SHA1aabf9c339e688c8d48d55ba287657e94be11fa03
SHA2560f9524d61c8888bdcd33ac71303ea45f6bc9faef24296e71270385ac18816a27
SHA5126c2bb32a413889d6bc609a0ddc37b2215638d157bae46ffdad56ddfd93e2eade4f44d197c3d5c41f5d5dc95ff1af7450feba6c6f07d039672c402524e11706a6
-
Filesize
342B
MD580f6b844e9a3526ff35c504c92390679
SHA18d776b119c4726df6ae5dd440f9922cc3b1b31cb
SHA2563022a82b75300ae747f8e495a5538aee7b575e90084da90a3d9690a433b96d98
SHA5120b8694e01af500f76861dfe1b699d8303c18cf690ccdb42d5964cda9e7d7fe8764a2daeb68f6a8314a52f7012b016857993f8f4b4519eadf59fbc00618dbba4c
-
Filesize
342B
MD5189b45f19b961a42bc50664a8771624b
SHA126ec0144ee2577cbbbc3791dbe9abf6ba416ac15
SHA256df89a42ded66c5c17c2dd1d12c8482fd4f53b2eeecdfef862cea338a29c2b14c
SHA5122aa82a62b5e9defea0974d14296259eb42726491f6ceebf91ab2c4b29a78df20611cf0a4aa4239ff9f7837ba9344ef7f1604ac83b1d9133a689fa43125f3c901
-
Filesize
342B
MD5d7148e1e95b579a7f9addd452a3f5f78
SHA1302a8a7da0efe279338819e27790ce36d278ce5f
SHA2564b7e62a9f56b331806584f99e14f90ee0753723d88ff672a53001fe4f4a45087
SHA5122ba58d1c722c6cc48db0d3608e332f0efb61ea2187ab0e8b67501b63a0082a4d92ac9de656270231aa083c8da52dcabf324ef6744322b8df4bd5ec5c6f24127b
-
Filesize
342B
MD5fe9ae632ef5d4cace1d339bd85e089af
SHA16e932fa1ae8e81aaf40a1e3757268599a664d829
SHA256a24bf0c7e1893d868c267bd345016cdc48008ed12d1c066c7061f51f7f89e698
SHA512fe1486ad20589946c5bb8ce83a7e9e50aa3caba0ea517515717dbec9adcd1fdb00c5055bbabd6f9d299cdba61285c0b3b8215fa9174ee6ee79b620676bf6e01f
-
Filesize
342B
MD5481aac3f96b94b71ee20bf4ee4701479
SHA1891226386edd95a6806c077917dda29bc25bc6b5
SHA25601ac76ab45d0f743e338fedec9242d50af08e2a3c51dc3f5194161ce433524df
SHA512f21161896d3c85ef5a394f0137584d3129238ae9502704fe615fa995d502e41b78f9d3399b2ce483e8e83147978518015591741c334cf117e60de2879960b781
-
Filesize
342B
MD5684ed5eb95e07029eeb4d7a3e6470703
SHA1ef864e18ab786c3edfe62d6643a5f810a195e876
SHA2562d695c4e5d0eecef40f9ffbad469db70b11cb61379ccaaf36434ff35d80481ac
SHA512ccb46bea7022c6d7e1840df4fa511487d42ab453cc16e78d746deb39833270c0feeb5ce6b283e2ca4075e8151925140628275969383b04ca3cb79ab93ebb1643
-
Filesize
342B
MD5fd547e57b7e9d39714a11533b1990157
SHA1edd2a52d16da712a25c859ada7265d2813b0a5d6
SHA25688a8113c34f5f28613476c377c03e2ad3e6917269e99cf65bfc487d1f7d4e727
SHA51201845d6bdb5ba1bc2865dde18f0606633391b66e960c052aebedc748396b3fd03c269a2d59da8ffcbdc3a8b1a918f58218ac01ebefda04f44b90d989125480fd
-
Filesize
342B
MD530821a6266235d029b0d3df1c2be0640
SHA18eae01e8fc1908b0eeb539aafa98c72018575f0c
SHA25682558058a7b1c340c5da4bcfdb8909a1db5a14c1bc6b4091529e712577cd8b09
SHA51235889442169a0d4e4f3ef53aa8ec2455d4ef0aed98063bb4d7f0305aa7e85028afba1037cc9ab0d1a7298d484ee25e69ad03a3b134683947744c0f4c07505572
-
Filesize
342B
MD51a9890df6e87158f741507f0ee042daf
SHA184d72d10b2a0a4b908353e407516968d75660e90
SHA256af0750277c795055e73d19d879a67c045c3097ae83f5124f8f842d5dbc398444
SHA5129a857a370bc3833575e7c93f8d85125a58f00224a454a775e6b3e02da92bbe73ce7c6b5089f9f4e2ad210a32cf36d58ffbaa0fba13b2f5f296e2d2130fb147b2
-
Filesize
342B
MD50ad8b42a55739c654d9ee8e2cda52748
SHA1ea10152b06ef469e33d33f167a2d20ebeccebe4b
SHA25651b2f455040ace110b0a64fba447f63b40ad396d3234e78e4ffcacd93ba6641b
SHA512b8dd2c63c2928e5552fa6c550926bd502ef98409c8d8677328673c10e599acc2a6873a03b58e08ac923336e366723c13bb94d125132f11a29620da94026cb74f
-
Filesize
342B
MD5e6f15d6864cc5f62b17885eec2a94742
SHA1308f795c64c23defe7f782045a6ea7c4e2a324a8
SHA256606af7fbc5d2ce1ffbde6d0484ebe4545c1bd59a5fb9d25065a8a70e0816d055
SHA5125873cd293badf6b19978b60dce35a0dd833df46401f0f083a2acb5c339053decdbed245937e3bb71b4c1de4785c68764a5eb69a48cb2ddcc880162dcd23a548f
-
Filesize
342B
MD507c7fe5d656812bd957ebf47ea5fc215
SHA1a4bc9e76335eea2e5fa2f69177277eb9fd6219f6
SHA2567867091a8e085d035ff10c7348a10adb44f8241439fe261eb41648a48ac910f6
SHA5128f154b0a250e7453a057fe9642e1c298e241a763531a87ed6f2195ad2955b81024f9643acccdb49f04510af17e89fe6944e78b275d5aa4748fd3184dac13f8da
-
Filesize
342B
MD51fc5c0bfb98831c38a8c05d21429493b
SHA13c3fb7c6c8938fa884e113a43c87529b2e6946b0
SHA25611497c598d26bf2e2c52ff85a4990973e236f9240859e899ee79d4e4021ce231
SHA5122751717b07b9ae7f53fe99cd5177d8fcc3a21dd9afddfecc90cc30487665d988566a1242d2b1d0ab347a45581a358d81c12e6141b66ecb312b15e814f72f2e08
-
Filesize
342B
MD5f844e847e4ae936ee72cefa820f5b8fe
SHA1e2aa3f1bcb9827462ad8904f6d2b72cb43c4d03c
SHA2565702c8f522494c590afe27a7004697bfff465848ba4a34cfb4cfdcbebb54918a
SHA5122f953f9980f331f08ca5b33a7d42c8f6a6e6ced0bd313c02d8a7639af363b8c6cea46b2cd8e149de3fc5658e20241c55754f25b3a441166e0d3ee5141d54bf98
-
Filesize
342B
MD5caf9f51732b3ff142eeaefdc0eed68d1
SHA16f7ef7e792e21f47baa55021ceba0f69254a4631
SHA25668c94c0cf78e64abde10abc11ea855d8b4ea7374c97aecb23a4e6a41e9425c6e
SHA51217151cb26452373e1891a2f016c0edec948a2f71f67bdfa787f6f1427a26de372cbd581afeaf1537e112f9598b52e78664d7d901218464eeb6ec7294e45880a9
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
184KB
-
Filesize
4.2MB
-
Filesize
4.2MB
-
Filesize
4.2MB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
4KB
-
Filesize
184KB