Overview

overview

10

Static

static

3

c9572f1931...82.dll

windows7-x64

10

c9572f1931...82.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2024 19:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c9572f19312fe60446ac39d1ce415b34c9b7d2da0b0ea4cfb99847897e8d9882.dll

  • Size

    556KB

  • MD5

    5893b228ec97a3fa62eb40693470107b

  • SHA1

    1cdf103b467702647507d096cbc3b3eaf38a91e0

  • SHA256

    c9572f19312fe60446ac39d1ce415b34c9b7d2da0b0ea4cfb99847897e8d9882

  • SHA512

    b62ca829f65cbc520e9d8f7d5735568eb7f093092df100783d2135213bd8ef52c17bac1a9d9b8fb918400594787a457f0e18e0e9cf2146fc556c2d6f34c4a8fe

  • SSDEEP

    12288:f1q2gvcVlmzStzHjgx9M7YwJ9sU1rvZnpb:f0ZcLmz6HjF1sgpb

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9572f19312fe60446ac39d1ce415b34c9b7d2da0b0ea4cfb99847897e8d9882.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1884
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9572f19312fe60446ac39d1ce415b34c9b7d2da0b0ea4cfb99847897e8d9882.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1028
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:3512
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1100
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1100 CREDAT:17410 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1588

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    7fecd001d472e28495336306d3e0b570

    SHA1

    7dabf5687a11d1d8f92f8ffd348fb73bf077e960

    SHA256

    d3b1b54dfa02ea5cf017cd692023d382defa55e40749816bbddcc3e8ef5e9bff

    SHA512

    5255e2e7897f3abc246464dacea7d32b54a8bdb88806e9d0f54a3d23e76074e2a88adaa35789c32b68d0ca8d6f67726c9ceec31597f3b05628b29cd52af613db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    ec51a046de0ba424992affa414035578

    SHA1

    30e2bf81684f60fcca9f91462d7e69545d167139

    SHA256

    75e2bb221fa233172fe3c1b0d3827beec344e40aacb62b81d1aca2ee61f58661

    SHA512

    c14d6ec43441be348ad0f29e8f245f3d646f73b18720e6516be26d763b7bd11ec8bc1d87ab3bd4e23aecaf581934f0a296d1c5f530459d46c8adf884f9f0bcb6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver1E80.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8R55UT9S\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\yqiA2F7.tmp
    Filesize

    172KB

    MD5

    685f1cbd4af30a1d0c25f252d399a666

    SHA1

    6a1b978f5e6150b88c8634146f1406ed97d2f134

    SHA256

    0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

    SHA512

    6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

    Download Submit

  • C:\Windows\SysWOW64\rundll32mgr.exe
    Filesize

    261KB

    MD5

    3ae03147ee0e6eadde6539d9a7788cd9

    SHA1

    0923e5edf62451a8c9078fe9557551a806eac272

    SHA256

    3a889c12b0feb9c87408c7ad438b50f16d255fd2d842556e4a4c94f89414cb8d

    SHA512

    9bde63534cbf9e7b26b470cb056f34114875813d7cebb2d1034c9a8e368b10ece65be3fbb858d334fdf208c451abf41f169e0ceca4b810575fffb08df50ba19a

    Download Submit

  • memory/1028-29-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download

  • memory/1028-1-0x0000000010000000-0x000000001008C000-memory.dmp

    Filesize

    560KB

    Download

  • memory/3512-33-0x0000000000710000-0x0000000000783000-memory.dmp

    Filesize

    460KB

    Download

  • memory/3512-18-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3512-30-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3512-27-0x00000000772D2000-0x00000000772D3000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3512-21-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3512-25-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3512-24-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3512-23-0x0000000000420000-0x0000000000421000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3512-19-0x00000000006E0000-0x00000000006E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3512-31-0x00000000772D2000-0x00000000772D3000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3512-16-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3512-15-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3512-14-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3512-20-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3512-11-0x0000000000710000-0x0000000000783000-memory.dmp

    Filesize

    460KB

    Download

  • memory/3512-13-0x0000000000710000-0x0000000000783000-memory.dmp

    Filesize

    460KB

    Download

  • memory/3512-4-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download