Analysis
-
max time kernel
117s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
20-11-2024 00:24
General
-
Target
2fc5747b386dff22fcca16ae857c22c2a58f965252d20b8f9acdc4975391f496.dll
-
Size
278KB
-
MD5
f62dec72e740619eb1434108faa31862
-
SHA1
2635effea587714dc8a40397f81e9c9432a67c48
-
SHA256
2fc5747b386dff22fcca16ae857c22c2a58f965252d20b8f9acdc4975391f496
-
SHA512
0d21ee01dcc351a22df15f1174eed1417e85d018fc3decfdd027b88ce07296544cb35d1b06850bbf08cdc0498c71561b330295989d866acf2b477e380d3d7304
-
SSDEEP
6144:BOz/Z2rpLi/BuwfVeHqNSTh3G+2vc3xBRnBWf9/ZfF//:O4GuwfVeES136U3xBRS9//
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
Drops file in System32 directory 1 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 23 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2fc5747b386dff22fcca16ae857c22c2a58f965252d20b8f9acdc4975391f496.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2fc5747b386dff22fcca16ae857c22c2a58f965252d20b8f9acdc4975391f496.dll,#12⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32Srv.exeC:\Windows\SysWOW64\rundll32Srv.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1604 CREDAT:275457 /prefetch:26⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD513a5db49005269986e66cf2a11386f85
SHA1412e9fe6e7cae6725223625a3ff1539d7ce3d216
SHA2565de8e84084083cc342a51a65688d3221eafc24868335489b88e457e46d64fb72
SHA512d386e0bf196b39ff6901c0a917a1046fadbc5c1508b59f1b71f00ada0d07e1c68c63f25ad6769f5d55bb454e5defaff6943c2e9108fbe87428ec140c97d2175e
-
Filesize
342B
MD598b790bb9c623c46353881bd2aff4966
SHA121b19f69f8f2556c474fe88fdd706cd9a26bc75b
SHA256c217861de20f2bb61f996509f6176c8114f53d6295aa0390cef5e1af9e6c533a
SHA512d0b98bec2be06af0952996de09220b7b182dee92b6ef5fc9bbe36a365c5ecc7910bf742be5c5e6a000843c9b6dbc25abd93ab1df1e765953f268b67def75758a
-
Filesize
342B
MD59054cf9a8d3e500b86535472a12ff110
SHA1356c262df748483cd96219a0c0789477367c23d2
SHA256c33fd9cdc06e3335515c091e0fd01faee057a52e3f891d9b1b017e98dbd92dc9
SHA512552b674e990083b66a51a8d561b60cfcbbab99cae4611a9b4d6ddacf0a3cea0736fcfb659629335ded88b4a2acd127b24c78bba170b194b46d53c5c356001ab3
-
Filesize
342B
MD5b3467ca8929a42ef0bf986631c883ce2
SHA1729e6f5551cf82ba63f56936a42d1df3a690d71a
SHA256a4dffe7b4f9f22315f3490f7d390bd64de223edf2709e8d70939adc51b8ebeb0
SHA512aae7fd90d7517a3284b1c57128fc902cf2df3a578936c8796c25256c08c3c685e70b6f98b8c7f075a3f83b9e2d2ceb6cc5a003c63c0a8de9ad7c8d0cde988919
-
Filesize
342B
MD593c138875716883e136fbc52eef86e0e
SHA1d20eb8ef7b585a2e0b4a958a5e1c688f68239456
SHA256085506cafe060f41fbee29ce812739257db7a4d82cbbbb3947bd32169aa05cd1
SHA512e2e7da975eec72c5b3d57b8a42d0439525bbd0c312434798068d8ede44262e7245919eee65f5fa2fd02a0c238cd617b0e43d7e00ae34145b8c2fbc371337e9f4
-
Filesize
342B
MD569c0aad65979da75e9db7c48a8eb50ea
SHA121f619857f671bfdfc0197bdb064bf1e91da0a3b
SHA256878eca4ae301c41db54de4ef832879b6eded791c80cbda5a0cde402b33460c57
SHA512a8bb0b456fc41c84a9795c4b13550d92ed2f538b2ce4e8088ee2fd42be5984ef8cc86eb6b0e1539d875708ae8b2b2d4ecbb052401a0b3d57b3adce81a871f0d1
-
Filesize
342B
MD50efd0e6dc74859895a1ae9288275685d
SHA1aec38b247289d931e24405c3c311292314d6ad25
SHA256ac9eee715209028e8207aaacf18e19140f0c6bf602a6991155ccc7a56cfaa536
SHA51251de6acbac5d947408798cb679712d6480c43223a1a10de6bb7881f142e50e77e4b2fb07b40df5b72f23467692e5be787137a5d2b2d20f8711077ade774c3318
-
Filesize
342B
MD5f3e9c8917b3f9b4d79f39f13ffb6c919
SHA157799344a40016bd8003c7ce5f8e783645ff2842
SHA256927209ac01a121f865613ce9ce96153b5f12c290433dfd4a6d86b33386f655c3
SHA5121cf4ebfde51477e6fc355aa8f2ead1ae4da9f6027631fc6c45bfacf5d2f2105127769413cc79300224af10ddd70081aa27cb7c33540cd7b25497460a2db5df20
-
Filesize
342B
MD5c2c5a46aaf7bf617a19f6f413ed05cb0
SHA15f0fef66af5b7d3ea80428bb84bdcb77b4813c03
SHA256ad7a948819d9f9268d506ec32cc0f5154a54dbd3cfe5c76b273836eae3be2c43
SHA512d26787d4c60340819a1925e28e0420c154f6b05c281796c1bfac5ba5172ca83172c29a90f233ce39fe6118a3971377860c36083145a79a7ab90e8895d9f1dafd
-
Filesize
342B
MD55396383159616fead92c7cbf38d272a8
SHA1ec60da675a27bf69bcdaed32ae1afb91378d3564
SHA256a3b3d5fa5e7bad0ea6c9ea07399b1f8860f6f723b74775f2072efc8ab7ba7380
SHA5127428476aa627cc85d6d0dc9cb75f1e4f87aa919a7bad8a06fa33665fc7028ba8160836dec5dfce9ed41d1bcdebf7ce143f59dd56513058e954ea3f77879cfc81
-
Filesize
342B
MD55f7e85579fb6f51fde2be4743bba0cac
SHA152e2b6d4ddd296030986933192d6d54ea8e91758
SHA2567237303382c4350740504487f2687ea65a7d75e78686088ff66ff687b859fdaf
SHA512ab4954e1b8a7daa62ef68c8686da482cc74a473099d1cb0a435e5f259144c04ab90b50c3e1614f9127510d89bcf6e3402948fd60e302d8953ffd6708ac0d3c5f
-
Filesize
342B
MD54e15f3067a571aada959267593932006
SHA1bf86002115fac9b4cd3a00e1f58ae429df7afdf5
SHA256df790944f7f9709a06d5430a737705523541be4815372e7119145a88f9b7abd3
SHA5124b53422d5acedeecb043c1af2bc707d50ecac70e139085efedcdd0ad956446f44b24f9735ec5cf0c59c4784cac4375fcd0638c1be56479fa6b7d7a84bc99f77b
-
Filesize
342B
MD5a4b492c0353e0c345b197f43dce939d4
SHA10b7a96731088ae75ca8e92200a03602f5bfaf108
SHA2567eb1ae3c5b928ca82a8575876db47f9512765a97bd116e00d51d8ab615128c80
SHA512626d53b9c42485e5fbbe1632cbc170bd011213cf6426430fd948790eb6f000015d65c0166a159e8482f159a46909356c37d85a2ae6dde0900043b7edfddebaae
-
Filesize
342B
MD58cc10ded47f54735784c9df45fa37f9c
SHA17501eddbf8c831713f15bf37b371ec86fc50e918
SHA25640ac9eea7a004f456982090bfc41fedcce886e609aea542c895bd46fd3ed5896
SHA5124fa2a53bceb18e80f3cc4beef71e641f38d87f3514fbdc26a17b276787ac0e10538adcce2e29395d0e20f38b1d6a60f8d2287db1d7b26c9e25d08096802b2816
-
Filesize
342B
MD549ef2b518e839539a5ad3e700878ca5e
SHA16e7e2d94807b8b79410434bf7d61af04c61a600f
SHA2565648def93e0dd1b5e371ee362caebd5a72c76aba757a71be94e8c2ea66d11ac5
SHA51269dc0512998be75ba34c10c4aaab42f93347a41559ec7381e2f74b6fa25a5fd0d7e9f70f0fa81c1cdf37f15c50ce9692ea4710d49f69a98f6ce48a0d98a0d488
-
Filesize
342B
MD5dcbdabbf83b56a4253743c5d0782962a
SHA1adc4db9f3959e48aaed6e1fe94bfa6f002dedac3
SHA25650634d208bf40ac50a01a14af7159bd254c2a0e278d76d48b560babec9dadafb
SHA5121fb3239a75346b85dca2fc762535ba3e140a2951eb7788245ede5a4091be02a7f499f7e6e9b0153602b0ff181c6e3ad0e6abaea48ad75251ff2c1e67041680ca
-
Filesize
342B
MD549a962d6c7fa84a1f54d92f12e7e7b53
SHA1ce19f81061515cee20c3de12694a146f6ea1a2ab
SHA256e83174ad99a5382b395ec41b4172ecc6415f03061e01f85bdb0d0d73bd93669c
SHA5129cefbba64bf585d4fab7f3244e320c0cf5e041f47465b8799a2effc35c73c4df4d676d2efc8bad87a87b3b1ddffeb958835de1e8333220c7e3ac7b8413c2690a
-
Filesize
342B
MD52130c9b31dc3396e74be421d3bcff32c
SHA15bf3f017e49e12fefa6a365f443c218d0215b919
SHA256231bafa796176dc17dc439001fbc0b8201b15f507ff184bec00d416fd0cc6caa
SHA512084c1c4fd43c10343d8dab7d5934179842c47e9fe312ec9c3e923d91ff5214a456fa9b3891c72c6af2fc2691e9e492aafe93f0544ab1a8d072aa5b1a692fe678
-
Filesize
342B
MD5e17f8d4b1bae8c01147403f23e1bc66f
SHA17e2db301cd8f78f938eee8eb202e40dc405bdab1
SHA25615697eab0fe0df433f92acb4defb24e815e764ec241274306fc10dad5ba2a2a5
SHA51287d65724f2307131672f7620a4fc74f22d5d67a23d6fcd72ceea59861fc918722298aed33900b93677f0cf1f11f8bf403628323a9f68783651450dd218410a82
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
Filesize
184KB
-
Filesize
312KB
-
Filesize
312KB
-
Filesize
312KB
-
Filesize
312KB
-
Filesize
184KB
-
Filesize
4KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
184KB
-
Filesize
60KB
-
Filesize
184KB