Overview

overview

10

Static

static

3

369080d363...d9.dll

windows7-x64

10

369080d363...d9.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-11-2024 06:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    369080d363e8275f061c1a114c230a422ba66925e58dae53c9e406eab83228d9.dll

  • Size

    383KB

  • MD5

    946ab3eabf70ba9f81f3142067c23e6e

  • SHA1

    11f04bde06b583120ce3e9e38752fb292a735fb2

  • SHA256

    369080d363e8275f061c1a114c230a422ba66925e58dae53c9e406eab83228d9

  • SHA512

    3b552ddd9d8bc9e37bb93643873c258993cb033bb00a496873cd4733cad03db717aedf2e79f6fda39a5bd87121272927df792e3cdf40da11bbd6be5ca57edc19

  • SSDEEP

    6144:3cfzQCZwws1KDAQlNyiUBAdGstgC5XYI1ys50O0BUcvKI/kBAPCufcpYMe0z:MfzQO5soA2NyiUBADtgC9N1y40O0BUss

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\369080d363e8275f061c1a114c230a422ba66925e58dae53c9e406eab83228d9.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2816
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\369080d363e8275f061c1a114c230a422ba66925e58dae53c9e406eab83228d9.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2680
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2660
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2844
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2828
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2828 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2992
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 224
        3⤵
        • Program crash
        PID:2840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    acedeae91c3ff3955578db779998cff1

    SHA1

    3c7f47687fa7a752d28c68760a7199b06e7ef18a

    SHA256

    ffe70356af365d2971fa37ecad72628d0ba6adef954f19f13caab47d301d6809

    SHA512

    35dcaf2ca9c994a5bf839812a697a278bb7277ca0fb25bb8717400781d342956e9dcd651f20d5f7d1ffc10200d87b9ab09364bc4f0ad7eda2c917b1d820ecf39

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e0746ffa2fc38ec804e5c386cbd14bf3

    SHA1

    4f0dcd42b0d6a2369f8d3228238f9923ba607d49

    SHA256

    48d01de99a0f9967931177487dd2079a1c085a782b283f8b01fd6ff633313299

    SHA512

    cb8deeef733eb890b47af5d9ac93565338024af66da01088e1103e3bb8e47b0af21f4b507ca8aa80af266cbf60ccd1c545601d2db5ab2b14e9ef8e21371147ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dec4c24ba13e3643fc12a0fed1d15bb2

    SHA1

    fbc0badcb16cdef51c7611ba4495b75424d06c7b

    SHA256

    0b4f887c4fcf81a66c0b3339e1e8712e581a396870d90ae3a0c06f5cab9b3e5a

    SHA512

    664aae2ed4b51718453bf0c1552038b719f10c37b53c7aa8ed4d51ff26588a1358ed82d1f3af03349d85dab8e406002db6017218d0b3544f336ab1e01ed99a9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a70c68921e6ad160a7ac77bc40c3d98f

    SHA1

    3605fca4cebde32d864d2867b8085b7c007d01fe

    SHA256

    eb60d269a03e29abb3d43e206c90eb54645181cbdbb74cc953283fb8f5dcd6db

    SHA512

    cea464e5d122cee32f6a70abb3871a8eb9bc81c3b06459ca4c1bb79ec096e6e9fbab7ae0ef8f4b9156fcf25db6f5ea067b8e01fc54d634bea69eb0db5e8ad81f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9986b1c26c0972c3e5e03bda3842cd68

    SHA1

    fb06b9ce3b962ffc5a9d00e708b4fcbdc3f833e5

    SHA256

    1c21a978899c61aefd357c2308658740abba722a5635b615ef5482c4f737bdaf

    SHA512

    9aaceea401933bd363b8c36ea44005b755d33ff85738eed8b07980ab53ec594179338829405a9ceb6dcee24c536619253f17ba5bf4e123478e0293a9eb1239b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be421fbe2e9550380f65940c1402a377

    SHA1

    9b2503e8cfee1c38f3133a4766d657d90d2a2f1c

    SHA256

    fe9027e6784b8712e591b43160151eddd6ec77a8e7f74a0bde2ddcbc7d6da21a

    SHA512

    c9d5a5ced4eb3c49f08a442c4238666afdbb6ec731b2e50dfc6fbc65c9754e97b86bd5a7bdf2b67761394d30ba42605bad79e2e5f52af8a9c253428a3341555a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7d3283dcc46afab965560ff265798246

    SHA1

    53a06e2c1bd7e629b609b7b6118682e1e2d2109e

    SHA256

    c26fc737cb567f7e1c86444c653fb7011a585a739fdb536e4217a97597fd58d8

    SHA512

    33854826a80e3bc2505c701178d2f4d9fa07f73142efadb2ad36c0d09e76bbc3baa5e57d9e2efd8cbd2075de0cf1dee1aab8a9a419e6149cc4ad213f4abe4631

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca4c40fb79fabe58741f83779a336719

    SHA1

    95a23293f4c7291d862b07098cca12544abed04c

    SHA256

    eda6c511778f5905b09668cc59ddcd834053c3b56707e013da189f754db069e1

    SHA512

    431f9ee31e0c35fe1e8884c8a44769bda308cbba0c690bb7c05465e57c703f5585d0057e94fcc86850a624fc8293ee372e4b078583310e7b00af017160a03074

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d396118541ca790692ba91326f0e8cb

    SHA1

    bc5fa7562c6cd497458458b7247e0d3cab685878

    SHA256

    012ea5c19870496cc6cddcde5af3b88bca7f705eeb9bcead2376d8f34b8feb64

    SHA512

    bea8af0afb8d62029b8b82b340ad914aee9f66fc13d5f9e026611629c5264079569115c6e93b2c57a10a1af4c0137bcb633726cceacad24219fad58eeb54a531

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e8f37f8d0ee55b2e523c1d2ed657adc0

    SHA1

    80f237124e3e4ba539a2f12de784096bdea14479

    SHA256

    5e03804176b45ace28d1aa99f3314e7e056e3269b3fdd161343944e25fb67fda

    SHA512

    4e8b5b42463c06bf694d1902439c0d0ef2680c0ec9599c725002e292112b3b5b212480c57d2d10bef661cf8c829bf380119e050af29170acd94a56d6d250cca7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a7da20e01fda48f41495f261f5316ad5

    SHA1

    6b63b3acf630532680593595ad37e13d2854a654

    SHA256

    bca468dd8c93f705c456ee6a12b1606ecc11a5b3f60a3bf2faf56f2cf0790f72

    SHA512

    ecc83d52e75cb47877e480759485d8a692a0b3c8240a8d5d0d61a09898bcaa1000e64d423cdcd355acbafc6689b720a6b0002df7364d94e8405991c23fa1245f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bd47285d6608a3085f9bb860799d2cf6

    SHA1

    0f4f3dcb1381ce3bf04683d6c8e4228be6601854

    SHA256

    ba84328b23640967fb32f1d879a7fcfc676de4e0638e77e36e33ddce9e9ee6a6

    SHA512

    98df8a35bc0567ae2449897f4950e0b52fd106982ba2682d52554bdf16d364db8c89490e627fe5845b713ad4739293392244016ca1f6b148077aba8fa6c370a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e2197d0ab122ebc4b6dc0e7322b72444

    SHA1

    23cabc9f0b89e268bd123397b0fef1c8f87e93aa

    SHA256

    faf9626d62f36644161fcbb7b5103b6a90a6cef90a47c9fbce97c658e78edaa5

    SHA512

    be239e1d1fdaab4ffa79aeb23b7113889e4fb8d0a7a0f5f8923b6b608bc7a1bf515a2c4c8f3f7bfd98a41a74378d82758282e8597d0ac10df6bf9968ca08aacf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ceeefe09206707d6645bfadb09f8d09

    SHA1

    cb276937aa42ac9e1ce7d98bc74a3a203d399f75

    SHA256

    9d51514cd19813caddb6ee8019bef0366c49f104c5c237f78b24727b569c490c

    SHA512

    c29fc358487de4ef93b4310fb053fef13a2565259d920036d9e46d0f4510a3b96e081a0b8b4d867811f4aec578685554d17903abd9aa7f9483850a4beac41d5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a116b92c595049b545da9c51dfb7398

    SHA1

    c7cc49530f560af92a2d3299a73cd35678050e52

    SHA256

    4d6c737fd6327946db2a8367465550f86a0a823dec06fd6cca3da25a0f15a9c7

    SHA512

    55d86ffcc6b85c4767a02aea11bd70cce5238a2cc68b0649a600e5ab23085d43e3f1d4faa74708ded8f7a1689ced6db28a63dec7ad7f28f98595004a4a08ab55

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    77b7296c0629ac66b0fddd50cc60441d

    SHA1

    2d037b110f0ae93ce00f6dd3911a297afaa9729e

    SHA256

    84bac85f66b7cdcf413af9813ace42de1e8a6531d832bacac42d50dc959fc042

    SHA512

    6d19c468850d9041261532c9298289266368a240833fde764ccf14dc0970605e2340e8526528387ae782b9326679397657d82130e5f508fe09f12d8b42eab5d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0c45bd21a258203a2ed6c0639ae4cdd

    SHA1

    a4be710ce557adc88571c26cda7ae7ea0870440e

    SHA256

    1dcc97f7b1f08aebb931342733bdcb57601f7795bd4403f06fa273c48778290e

    SHA512

    351c78b503a2d086a2fd00302d3b0c2267fe6dd9d06f319b0822a54edb906aa79faee5651023057809a4b0bbae9c41a2fbd6fbde5b26856899b0353f9967ab9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee4ec006b0d3f1f20e9c68b573fd585b

    SHA1

    e00f11e15c09ca6deec17252c52aaa27bc6d7011

    SHA256

    dc4340faf8b3ff3f5a5bb003a37c64c885dd71ab49f9e6a8a23c2c78a20f7586

    SHA512

    a9533d820b2092403d7a449ad9f472b5152d084b705b7beabc8f784b01ab636d7555eb43828c81b6dddd96db91f21958282a3c198e1e59008784355023963868

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb508d7312cb87976728c38bb8ac7313

    SHA1

    7ac2df59191c28be31ca84a0e629d1b68281f5e2

    SHA256

    c9da9f661889e452e1e06e9c7db930c151d61ed60629b71826fb8ce87217e568

    SHA512

    895af28cfaa313788265a518fbbc79c00ca67d17ab797e7304ca5419e9cf1656a77a76df407d2a236ac3da59b4c3681492f48055facdda7e07df49f19e00de6a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab760D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar767D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2660-11-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2660-10-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2680-454-0x0000000010000000-0x0000000010065000-memory.dmp

    Filesize

    404KB

    Download

  • memory/2680-25-0x0000000000190000-0x00000000001BE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2680-24-0x0000000010000000-0x0000000010065000-memory.dmp

    Filesize

    404KB

    Download

  • memory/2680-2-0x0000000010000000-0x0000000010065000-memory.dmp

    Filesize

    404KB

    Download

  • memory/2680-5-0x0000000010000000-0x0000000010065000-memory.dmp

    Filesize

    404KB

    Download

  • memory/2680-6-0x0000000000190000-0x00000000001BE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2844-21-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2844-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2844-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2844-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2844-17-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download