Overview

overview

10

Static

static

3

7de643a122...dN.dll

windows7-x64

10

7de643a122...dN.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    67s
  • max time network
    70s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-11-2024 01:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7de643a122f5ae084acd6aaf9bfa8809922b53376a9745f8aa4786a857902f9dN.dll

  • Size

    4.9MB

  • MD5

    f6cce8b8cd1da4c4423aaff7e7333d60

  • SHA1

    fc58ed2ba7d5b23eb8587c3e5bdcd7f303cc4554

  • SHA256

    7de643a122f5ae084acd6aaf9bfa8809922b53376a9745f8aa4786a857902f9d

  • SHA512

    679bc0b2c2717763b6ee6be68b66a2ce2f59d5db2053b12ed8a6950617675e59a7549385a7b4c2bbc1b600e53ec23bbe8be349d8fd7f654475fa49f9c52a22a1

  • SSDEEP

    98304:aPlmy1NO7G3rbjjjjKQjzjjAjjjFFnstPJBAUZLH+QaMY7:CkG7bjjjjKQjzjjAjjjjnstPJV1aM

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\7de643a122f5ae084acd6aaf9bfa8809922b53376a9745f8aa4786a857902f9dN.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:628
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\7de643a122f5ae084acd6aaf9bfa8809922b53376a9745f8aa4786a857902f9dN.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2412
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1040
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2420
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2228
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2248
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 192
        3⤵
        • Program crash
        PID:2308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bc36e7431e3479c37994f70ef7ecfa54

    SHA1

    a7f84840b5146376e4ecacec79f96804d321463c

    SHA256

    1856cc01b5f67d21abd25e4ea0fc4036ed5c4277f76020b052c7aa473fe8e9d7

    SHA512

    49f3f2f15dc60781d61d625e2bfb13c57ab07223c87cf249350af722a159b3a6ce709aaa89b8162e676183c642e076167b61a171803bb929f5a20d5778327d4d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    74428f080ed0b920bcb7006e0dce3661

    SHA1

    906c182d998d59c569cb476fa3569a6de1fa8ed0

    SHA256

    2cde9e285299113b1e5f87204833329def4dee560fd0c6ec74e5b2857e2bda0f

    SHA512

    d0295f3888bc05f2573ce223a33f319c508c1ffac59e58f43a146e9981e7bf5088137982565f0513571a13ec00b43c7e28b66fdb2fb06667cf3d34d9454c3d54

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9209a068b21bde7b00a1b4787473ecd

    SHA1

    098335d942547779a67617806bb84c5eacb6cb84

    SHA256

    a1b967b64f6e56c213581c8889f8655ecf9b6c589b1fc6ddcec650544290e60f

    SHA512

    07443019827a10e2c6bfa9624cc56eeae496ef3b7b4405ca65ce716bf737c62f248d9d160f8a4e0ddb516622c790c0e27ffaf4478ba364ab2a1fb894704f7f6c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9fe1d62c2a285ed2be5f50b66236e7d8

    SHA1

    af2ee84bf3a006ac9bce53be2f55ac07248292f4

    SHA256

    fa59fd1a79ee72a1cdcdeb0e0e18e6c6a6dc4a7eb6a7954a0ca29a7422d816bc

    SHA512

    ff55567deb8c433bdf9e4bf9ec750785fa720194ca022b6ab1c945df12a3a624203a6d701b90ccde3473cb493d5d3979b934a213a646df9d69bca65c84eed550

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    62c07f19916ee344cd20e946762450b7

    SHA1

    170667145ac4de8c2c02c889a7b530a8c677bd0e

    SHA256

    08da149dcba6ed7fe11ccef08b67a1c3032a2217e2a7ae23aa11707eb9d79e8c

    SHA512

    a234d4d7d74373a25470df92c8e8996a104d6afc21d1afdc119a62b84044b4ea1e13bdef55912b715ebac17faa0a7d46de5a1aebba7b66ae25e9745855423925

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e2a31d302504cf6d8ec2581d1e79cfcd

    SHA1

    54b4b779d12ed8a8729256eb3c55bfdb43133c9c

    SHA256

    50d3621ebe2bfa53b37caa2ad2b148bc005ded887be5fc44f35dc8595a6d43d3

    SHA512

    eeaca6f439187ec54b98023164dbb8b6c4dac996ffe79b7798cc86849da629c2e8f7934ee2c75e3e4db0566bbfbdf9a9f1494978c036c6eaad90f934c98b0953

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df0224bbfe65c805d87ea3c4555e3374

    SHA1

    1c29a3ba086f98b29c0f5e7084dca7c7ca1d441e

    SHA256

    675aeb132bbaf5da5aa4ed2fe3ae1cf77df7ae8b5c629a43d4c32f9c33f69b44

    SHA512

    de02b6fe143d40aa9288962ccc308b4b00dab3c91b066bb4fd9a6a1142e939ab0aa736f1c69c8b763184959cdfe88bcface382a507b6dd411b5bb867701cbe99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a4b9e1ed426587ca3e0756fb826db69

    SHA1

    3f180b3db84a46f60123d0f15ec2feef9273d0a7

    SHA256

    f7667e56d6da334abea2d09fa446917a21fe1ef2b3e38d1e46b502b023507327

    SHA512

    b0fb5374169b4a572893640b2b27dd7034b22a311a93c5f78ec54df461458554779776bb653224d91d7194f19241681fa6b0b1868cf0223fbee018518e32c811

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c1a39368f8478b72f224dd6c7fc26bc5

    SHA1

    c37924c9ddbc730c528a3eefe56d1991ca163b4d

    SHA256

    0b53e24e0f72afbb9c690f89b71335af6974853cf465e38c58fbd1b32bc2fd86

    SHA512

    3e3c48a85276ba686ef5a45141a7a69c6c24428243cb6d69e8bf5b5e7f82d9a4256152af031c53ce2a6c3cac55b1137146f0b9a3131a156478c8dd08077e20f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e09430297363d441967abd03c694b8b5

    SHA1

    000393af79dacb5fc6960363922d947f3d2a2395

    SHA256

    d1cf055751a2e0066ae628206ed811d836d2726a989ed641c48c8cc5b51f647e

    SHA512

    7857aed0a92b03c763c32b0b61e0b24e2133d2ddbdb7959d29fe836fb4fa32a6e646fcd22de250d188f8a2c3687f89b65244361f17412886aa9d5d800493012f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    71756413538297015ead4a4822015645

    SHA1

    39eab38daab20666598672003057a6701aaa0885

    SHA256

    f87a6eef99fac22c16466a561e9a1dd346b03086ec4670c0bb4658e25584265d

    SHA512

    7a303861c5237bfdf61dc02f2452360ff3c81c756802f9911f962180b59c2b1a4aa4681c9ccac8c9351c0b387d91e3c96c9d7ce50a6a15e475497995c828752c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9678dd454312496f742ffc79ae1b647b

    SHA1

    6b5818a1ed4368ef0389cb9c56c1f2f2836dd7a1

    SHA256

    b72dedb60223ad927e530d7e4224cf0265f9f3630bada071b1a9fe58cf470688

    SHA512

    a1e2f0e7a003910ecee9fa949104b31e3aede0955cc95c83368a2f1a77452b110a2c237323fcfe2dbb692848cf15ae042558c45863546b2b7089d7e22ef9b49c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9008621966bd8452c37ba9667eb7859e

    SHA1

    d9aef66a4f8f38087b8ba048e6a462adfa96a63c

    SHA256

    303b6d6e2f896dfe99b5776e0bfe7b39b3625dbb0e0a985a5a2cf0630052d43f

    SHA512

    9bffa0e6cd74a6598387f00aa9d28915b3c04e7734cd8eafc66a26c2fa95850ff00b33789cd13a09b8721c7cd2710427293222d8aa5611db1b58b00588b89dd1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ae61fdacab05661b3e0a148f92f35a3

    SHA1

    ea46169d00eb842f872f54eddcd2b528255bdc8e

    SHA256

    90b7a04ca24160a41b7aa3c23c02251819b686b7d4311da127b65315e11be10e

    SHA512

    1b5971f329aef2bb0432ae4e3c188aff6293fc809d3f8a0c23d1d765a9c37b28a3c9ef4369068ade440750ff878a13e2945c42397395d078f87fc7338b9ded29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0dcd1bef8ac7b25116243c06567683c3

    SHA1

    4b3af486a0596d3eaec5e333ff683c92bbfca4cc

    SHA256

    538085146e88a872c878ddf8188a83a5a8a6ddb4c8199c883c4571ecff22ef45

    SHA512

    d536678ad536faa42a200e85a634ef0bc55834e672dd6df63a43f98a7de9ad9d81bfee81ec4deff88a84c1b247b6fd80326135e81dac25b9af9fb653cfa506f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee6ee1a988531b34b3860608fbcd21ad

    SHA1

    3d9feebc6bda178f114f55d79e4e478ab9dbbc17

    SHA256

    9fbbdf762d7a71d1a4ea9be2c948dd9be32fd764650a19db64129cd1ce62f61a

    SHA512

    776745cd3118f197fd1fb15dea6648f8e72f0a1d3f60af8b10158a2e24f462c9fbeaa123d151afcf43aeacabb51400b7fd1a15b3afacf3c95ad8f9d81d690a9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    804919fca6248b67a2a1fc49258f8204

    SHA1

    e687b8e6761484afb63657e6b4f53f73552f5ded

    SHA256

    8552b7ff422a3a6ffd676f3c2c7412977e82b4043386d0f7b0d323d2697fdcdb

    SHA512

    61733e499e013365910e73d1af089bceeea7bf81191b1544f2f768f86f4c5c4f385e73b47ffac1f2ba5260a62791ecff74160e1140005a44eaf95808a48d9c9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1af29dba55d54c0369d8f5a7064931b9

    SHA1

    dc94afa9a1746e324fe54d3e5afd9b0ce7ab1ea1

    SHA256

    b5c0e062f4226a0f70914193d50a61e3afc446c9ab7d81a1b21c2422df269313

    SHA512

    993f2097180afad7db16a9d6b6f9e9f6830d5da69aabc1b6ce5441ff0c5b10fba8e55c9ff299dd76e97e83eb8131f4325094a358804f82a15feb0594e7fe877b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA6AC.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA72E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1040-15-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2412-7-0x0000000010000000-0x0000000010549000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/2412-21-0x0000000010000000-0x0000000010549000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/2412-22-0x0000000010000000-0x0000000010549000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/2412-23-0x0000000000180000-0x00000000001AE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2412-24-0x0000000000190000-0x0000000000191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2412-25-0x0000000010000000-0x0000000010549000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/2412-8-0x0000000000180000-0x0000000000181000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2420-18-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2420-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download