Overview

overview

10

Static

static

3

b946240db5...eN.dll

windows7-x64

10

b946240db5...eN.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    67s
  • max time network
    69s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-11-2024 03:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b946240db5c9341fab1ce5b067f750288dd6032fa1d2b3f0e751e40f32a0ac7eN.dll

  • Size

    150KB

  • MD5

    6b11b42094d790b2bd683bac405de5d0

  • SHA1

    3bf0b2c7308139a6a0021f08fe2ddf0fc61353eb

  • SHA256

    b946240db5c9341fab1ce5b067f750288dd6032fa1d2b3f0e751e40f32a0ac7e

  • SHA512

    d2eaded193941084eae05c1853def369ac891e4e131cbf9593cf00b19ac76e89664622bc7aad278a92b5baa92f589bc27198569d485746cd928ec652c506cad2

  • SSDEEP

    3072:o7LTNzNup4hAQHnLP+VXmwxCtkx5KRmVnBWf9/axwfF/:sLTfuCnj+VXmwxh/RnBWf9/ZfF/

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b946240db5c9341fab1ce5b067f750288dd6032fa1d2b3f0e751e40f32a0ac7eN.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2364
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\b946240db5c9341fab1ce5b067f750288dd6032fa1d2b3f0e751e40f32a0ac7eN.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2516
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1544
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1960
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2564
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2564 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2540

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8aafa52799f30df8c51f6da3dad5c979

    SHA1

    108156fdbf0d297dadaa531a65e461442dbccd92

    SHA256

    e094755381c2740acdcb97dc157d45aaf3f7351fd47275b3aaa2d1928ed5f80d

    SHA512

    9e792206e97863156bb0ed1e52e6ea3d35e5dadfa94173e243e5bdb9121614771d54f187afc0a923e1a10081db2d413ef9cddd57c3e5fd5948fec1c061a158e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cfe28ffd3be11432aff1f642b5c661b8

    SHA1

    87ebcf3c9ccf2f0226c42867983b9818bc0d1ddf

    SHA256

    69efff520e54f9d983f050374baf413a0aa32e1fc714ab1c4d5370acf3b77f10

    SHA512

    b5c77927ac32dce07a24a82358d67f274159206fc0a3247dc9e3e3bb380eea17f0ca5c910390ac1bb1a2f4687ceebb9a791b68e29e1a025dbcc1186c3df67207

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0bd082e3710aaab626b395c46b282a06

    SHA1

    5501bea1d971c7362fbdd1390e1234c1198a00aa

    SHA256

    3e45b49a45d87b16df05eff7b08cfa437f488faf4856ebd39c3c4966c4222100

    SHA512

    0040c6c88961d94b6a581a5eede5eee9478a51a7c7cea5a3d558b1be89f2c8267399a9c2b734e8a14fe8488cf1232b0b7f52029ddddfdc815b29fe7589403933

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    86882441e81c4aa9185544a126241a8f

    SHA1

    e64be94673ab7369bbb6237496322bb4109978e2

    SHA256

    325f92f93e5421f391d5ca323248945717870b766eb4748ef7000b7262386f9a

    SHA512

    91b5cf4cc7cdef63472889535c472b16e670ab59bae5dcfa626009f63392a792054bb7089e0c3f26c26ee00d895067ae3678224eac8385da5b497e5458c68499

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    14bdd59ee0b670dd4455536b4264ad8a

    SHA1

    e1b4ae750501057d507e4afa661ee0ec5e0824d6

    SHA256

    e4f4eee25304ade3decf6db2e45b2ba9b8b6acc8195d5633dcd48bb9ed891766

    SHA512

    f9c613d801794a9996b35436dd6abe9680eeb799738d1b90be5a8e6c4f4f83e2de9487f72a18d8d0e99d713c08c843f439e182f26dfdfe0149fd37f8ab24b1de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    487ba723bb5cb01564aaa2b1088a4b72

    SHA1

    7dec77469b093554f973ab4cc6fa115349a74006

    SHA256

    94c5182ff5db04600b3171cbd348238b170d6311a6b84b268628a926ede3c9db

    SHA512

    c28193b6e632742763b11836b0725a15bf1fe2bb1dc04576beef392596af22b7ada6c3ea28a2ca7d0d092b6e372725f190ce49e9c8909eee03d83b50ba8a391c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a98a4af12c92c40aa7fd6123c9fd6844

    SHA1

    994f65b2990d280edcd50a6b81a15345927286c2

    SHA256

    e0372bc48aee05542707a5fbe18528d29764da3a79e1e98f710cd4f5b0dab9f4

    SHA512

    6030e1e0166428023c619eaef7671c2f5f260b51b4210324aa27cea2835e4df554101315df2db4899d37a8c9c11afe588892b5408fcfd8171eed7078fd3f3e68

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    02a60a7f6112332756464d342170d946

    SHA1

    ffc8ac647f28b45f08283654721f76b93aeb827e

    SHA256

    96e0e40134f5d918f49b1b7089a25420edadaa1256c4dc28200d041f23187117

    SHA512

    384d7821d6e50792fb9a76826390487634cb6b8cea70559c8e2b262a75b7be9caa2811eb1eb93f60135a148f138e9c35f988625f729446b3e61c7353b04206e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06d8ca68f1dee3122e330a7d1d2af9d5

    SHA1

    7402479d498dd832308991f5bd82ade52ab3c813

    SHA256

    5228f5714e86d3016f21cffb650e0068ba9d9c3ba0508075d6b780fc39a643c7

    SHA512

    deed2c2eff08f017907eec9396eeab54b2cd79a6642a0d407a7a72a588253cf86c2248faaad4414398c49580a358433e399fb3b790aecc8dda7303eec110a17b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    142a2e67bac6ca9bb9a3c5da0b9a508e

    SHA1

    d8f72b59726e72a732122088481c07ead8e7d79f

    SHA256

    e87be6f516c1564d7875e27c6bd3bf0737a9a6dc3eb3d9a7795d9038f1af1f8e

    SHA512

    045a2b8dba64630d854a6e665dea0038b0d87a6d72b61acb68caa185701a0508c5e25129ef5f482ff47349ca0d1fe78c6b84e1ee493284bfb4dac3fe296ab80e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be02e98940ed434f7963f172fd0eda75

    SHA1

    435e0ce802ee1b676966fcbf78cd1c315e189b69

    SHA256

    de0cc987ca088db83b9bfc57beb8149adb5dc36b777b57629f2dea252e7def6a

    SHA512

    06c95ff81ba5393c64c6d6f94736924c14fa27579e2918227d23bba5deb64eb9d9fa298972f564cf8b1c1a919927e3aa37ca8ca39b21209edeab48c47d834157

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff916971d4b4f9a31f0294830f69e527

    SHA1

    b4644ff901555bf2365d75e851df70f929f63b88

    SHA256

    a9e616d03ba4dd8ecc7838521f7edfde5ba330bde29e2e9cf3efd364a2e9aa42

    SHA512

    d39793504659d7fc7f3ac0a27271e29dc79708165b2b7f02e63dfabcea72614ae5113b1d58ce2679e6560b3e98421829eb443128a2b227a5e201f0ab2d5c2939

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    537280a6a74f8bff5ea856cf9b8c4347

    SHA1

    b12b9de4a5ee95a9a0cbbd7e6b246a738f21c01e

    SHA256

    7855b79f0084801eb541664efd0e10660bf5290de1943ae81e1f9d7ef1f27341

    SHA512

    b16659f92c1b459943c1ed16e5ceefaf7ecbbb42558c45bfb4b996f0261574346deab92a8f7c8159adb9fbcc83f23ffb7c5369a39f0077d339bad12268a3b14d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b521bd1d5a96fb1bf2528ef6cbf1747

    SHA1

    a33d7ddfe712675bcc9aa096ffda2716f053adfb

    SHA256

    67c7614e9d8236d7c635c518183a53e0a609c3736fcd91ca18083ffade74315e

    SHA512

    5c13325a1d2252f091ea29fca4aef752a0e0021931e0db66a8e91e6480ae9d75a823b38c5d7a9fef73ddc2b49a13ebe7bbef26749b02074a6beff48b91b1ff38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    32f6170332e2e5b923feb2c1ac09e22b

    SHA1

    3c8050b059b1d6ca0cc160026a310306ed3d3350

    SHA256

    73b19f72a21671896473f370c913aa77488306033811d2b8ddf88fae1431c070

    SHA512

    9c1cfd5291570f9efc81118e7958ae8e4450f15e6019a4ed32221b707db8ffc0dcc4415f6fdb411d654343ef12376a47e112e2f844a827aa4551076ce61c3314

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f6c2579d5860e5473701b15d9319c0d

    SHA1

    267bd87078e1fd0c1965302cdbf47b99fe5b2a66

    SHA256

    02bfb6f6dc41c111177000ac6d9471bff0abe0b0d42308578d323d3b95cdf0eb

    SHA512

    3d9fa02713e9281119fecc82f0a1c4e0b8880f8e023fd4677c44bb9042c82ff400f546543a0ce86eff1616a827c668f609941c1890ec0126c43a08e60c4a93e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d0ae7ba87b6b267505bd5ecbeafb16c5

    SHA1

    4da0bb4ea853e801c94628f40d8fe466acf82fce

    SHA256

    d4358670120dd101acc8175158a7ddbe532165abe6e4df9c5da371117294b68e

    SHA512

    e0c4c0211e9f3ab6034984bf306a03c88ea23498cc9191d1186042fa341e2b4ecccabb4c2a8f86a4907363dc4123ec96a823aebc73d2f39806ae95fb877926df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a034c597a701aa60ee5cbfc606b0e29

    SHA1

    9866a00c508be61289e9267e1fa15dbab59a73ed

    SHA256

    bf0976414cd3cfadd154458f231f258156b2d9c3cd17e1ce3053b4d1465ff08a

    SHA512

    3e5c5b56c90a79cfa45ec5df29affc3846ce35a00ae4664880f857cfc5d851f01946795e6e1fe94774ef36e933a4f6e8fa9cdc2ec2517283307b7256dff24d68

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC7B4.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC883.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1544-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1544-23-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1544-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1960-20-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1960-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2516-5-0x00000000746D0000-0x00000000746FA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2516-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2516-8-0x00000000746C0000-0x00000000746EA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2516-7-0x0000000074680000-0x00000000746AA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2516-4-0x00000000746B0000-0x00000000746DA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2516-24-0x00000000746B0000-0x00000000746DA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2516-25-0x00000000746D0000-0x00000000746FA000-memory.dmp

    Filesize

    168KB

    Download