Overview

overview

10

Static

static

3

66363b73bd...d3.dll

windows7-x64

10

66363b73bd...d3.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    11-12-2024 10:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66363b73bdb6ace5e28f782557e354a09dfcfc815faa9a0cd9824942e4fd40d3.dll

  • Size

    400KB

  • MD5

    7a8947baf23b068ca6f5f5089bad8281

  • SHA1

    fb3fce01ac33f4696b12e9388c992a3f7eb2799a

  • SHA256

    66363b73bdb6ace5e28f782557e354a09dfcfc815faa9a0cd9824942e4fd40d3

  • SHA512

    b6574c3e68e3488c5aa2d0b3980638c7bdfd5f9ca8083c0b385ac7e933b6e7edf832218ce26a8241d9b7b93b995066eecf65251b87e6a0cba7b81d293ceecf51

  • SSDEEP

    6144:ScV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE/99C:Soz83OtIEzW+/m/AyF7bCrO/E/n67J

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\66363b73bdb6ace5e28f782557e354a09dfcfc815faa9a0cd9824942e4fd40d3.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2444
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\66363b73bdb6ace5e28f782557e354a09dfcfc815faa9a0cd9824942e4fd40d3.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1980
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2548
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1256
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2364
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2364 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2980
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 224
        3⤵
        • Program crash
        PID:1932

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c4cfb121a9da971d9ace86cdd8355f6

    SHA1

    41747af05b90d700dece0799f5b8128c0b8f0360

    SHA256

    fa2f19f028f1c65f234d8edbcd77a94c49cf60bc4de9144ae0eca4bf0a136be9

    SHA512

    324b37d8d9b3de9071fddae98739099724f77c50002745a3c9793e2318271adc7f76bce64165f450f34e372501d120321b6e8088fd54c7439b48da4d76a6d013

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d96722bf24962c36b8f3450d3233231a

    SHA1

    3f4e6de3647cb1e28073e26cf289fbf687f09fd4

    SHA256

    679c3ee530ad9dac4d64810798a3b7d6b3d21406451121012176392000ebe550

    SHA512

    9384ccdafea753f7ce2390a5b232af6058e0d59ecbc77a3be48ba91056ea76fb40b11bb400a097f3b9b629382ab2859dd7ada4c30f884b6d48fba56a14389204

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    55b2286e8dd85b1770b3a3ea69811db5

    SHA1

    ff16e16acf1158134304a9284b8d1a1fa4805fb1

    SHA256

    202a5b920142edaa931d46866a01e83d39acac1ba0fe415672c07843165e6964

    SHA512

    08f9827ce8ded64d64cf594affa472839f546d6c2aab6e084aa064b9956b5100c4f8c37c253dbcc9d9f59967f9f0bb9a26a72788d7b650e4883efbedede8019b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a9a983c16c82805e1d254794cad25d4

    SHA1

    d3be98c55ae8f650659a71851c363c33f1cb1014

    SHA256

    de79f35dbd178e9da1832472ff79ec121f49d35ddc488bb40d31e5d2a5cc5a95

    SHA512

    5f40a1f38b948599818033ed974834cc04858c44aca71405d305e08194eaa0730d559d46065ba77d7d69908cbaf81495e04a91b2dff9a7e2af6606eb4a29dfe7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a0bb5c2806ba035963e723108c3f350b

    SHA1

    9ca244f64b75456515195f13aeb7184a3fb9e187

    SHA256

    801d5006be104ad17c31c5aff62b00fe441ed619838210acfa849724c2af9139

    SHA512

    d544b2d1e1e395283b210cf6872a798911d1351f2d678556264a76af02760dea50a617ea6874d3b48ae223581dd811c6512a8645eddd9c09b298f185e0d710b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a1341f2ddab105759511105acd10138

    SHA1

    9fbffe136bdd538227ff323b6aaf23cea313740a

    SHA256

    ebe8c68b866ae14b30e2655b67e853a0edd205649d8b86849e6745ac3ce6f92f

    SHA512

    1e5aefe8a8b1e33b54ab3daf9584d774b36d11ff6576ab928dce1772b4fbdb24819dac19d71bd18860bbdf0a282a2c3ebb8614c74554c9bc7c972f00ad7fbf9c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b597c82a38f6c628d0e3b29373bba9bf

    SHA1

    7a1d3fbea18b2d2f269728a11f3f80ad8bccbdaa

    SHA256

    6a127eb559f7c6ee759e450aef5e60900fae0eac5bdc1fceb2d37d01957d971d

    SHA512

    d849445c0db6ed08b3d4eb7d7bdb44ac7ba64b8dc483981557661772639cbf44ef7ba88c540ffd9691309860bdcd215de73ff223064b3e954cc9c4d9af1cbb2d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c2b051144d488ca3487ae44a0496de6

    SHA1

    38d30aca4518634976f03745992e6aa06707dd7c

    SHA256

    026312b97b4a1dc894ccbd323d2fa449741615a6276e9d853cfe2c3b97006a72

    SHA512

    8f109d6b09042b415d19a6f884df569b3a9bda5a84d622e802d5b136403f5ab18c60b704ddcc9a8e740cb84bfe1acc76e3c13c60169fb448fb3d9ae3b77f46b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e02e08deefcba5e95f68a4ac0db796bc

    SHA1

    3844ba6d8e733df239dc96dc84f01c3e813cf3a8

    SHA256

    002ea189a8cc4015b1ac29a27eaa7af8d3b2b707b12267a85163b4987c590519

    SHA512

    f72209cf1c214c677c2d98cf52530804c271dbd8d0a0e7f08fa4925b3cf1fcd32e494ef73137da2d6dfd15680f3996183e8977e03a735d7335e86ff2252d1f2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    699f11b6adc72500ae992c45c56c1d88

    SHA1

    67a9f5d61d8bc96be193e47ea596cc30fc440eb3

    SHA256

    d107476ffb915dac4ccf29232bb0d08a99e74b6adef1e6dfc5cf5ab0311af79a

    SHA512

    5245fc41386dd3a6398e5b6a199b9e4f8687bc0e5e6dc616a2754290be4b69dc5fcc02a9d2394503ee771c8489c11f8ad9defef0ac4ffd5231325fd6c459f8a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5249ec370d07a01af679efb8dcb2370

    SHA1

    da2592890a194791570a96f5fa21a88221fc6e1a

    SHA256

    6afc089ba8e5dd9eecb0a3b7b92098187ca6d960874d3d55287a7fae43682110

    SHA512

    31382241b2d5f8a25bf6dda9a70f5d7a250c3557616dea3eecc802ef2cfd10840218ee967f850ab39561a196aa90225fa773b6d117bf6ff64694db72a5167328

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c412de8e9e1f6381e3aedf364ce5355

    SHA1

    d4ba5eef7fd22b9873c02e03304f63eb6b5466ea

    SHA256

    2b27b172da99719870d7742dac7b9453d863de472fd3fe0f451de97a27a133a6

    SHA512

    4e7e75359d0235fc0659575e5202fcf06bb83f458af0cc759df453780d86ef98c3807608f5466a6bad7fff7921d5e23df2048bd998105eed90de9a2167f1483d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5d48b02d7b3c1eab1676637add1a06b3

    SHA1

    bcd8c79d14d24d8b8ab9370e3fbeac019aab764d

    SHA256

    81e6ac422530433c6b4824b1c5713557d0e962d4ab9f435e17c023eee2061073

    SHA512

    1108d02d428249ec76eb204dc72beb69b32b07ded6fc39a6cb9e09fd5e83bc49fe153ad26ebe3592c5a8112abea58fa0bfaddc0b0f4603d824ef0b497ff506fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bde539dc841be7140076c5cfce819d18

    SHA1

    d6fa4b5b691b5caf37f31195406cfd4f17ed25ad

    SHA256

    4fa9a3d44bbe136edbe86ae528c3c35ca8030cae6d282aa896934d5824060518

    SHA512

    417d1d95e009187bfdf0a1fb2e38494f863e38fe4b8bb79ae17f31230ac6671a0a5dca8e2218b92d44cf4f900616af1eade0f14557d2dd875e7d9f683e6bff9f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f1b1cd2da23969f6ecc9189482379e25

    SHA1

    b9025ab38c3221dec2da70b02d707ade5e31c2da

    SHA256

    28edbf206fcc2e285a8cc56f8f7856a92610abe60a633315b9ae629c53a08afe

    SHA512

    7a1695b758adca487237e0e53dbc561f7460fb2d72954c818073a76f8e92cc6570a077f394b2eb43e80ee83c4bb032bcf3c5081b10ced83c2cb15c56107acbf3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    587eb8b741128cee5b625e8cde8f29e9

    SHA1

    013c56b94bc29e350fe48d3bd2a92dc27d18587a

    SHA256

    f67fce9bc74c7f432c46dd0d29f3261867c79d6712556fba7e38b801e27315fe

    SHA512

    a3486b4200f6a9123d355c4be6cacefff0b256e7476d2ccff590f4773aedd8ef5bb4ab8123e652c9724d8fff3052964a2a993be2a1396a1fa912c30e3d7bcd3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a13f47aca8e5e9267fb0f77e3bc9ce74

    SHA1

    231edcab889be4f81562e0a9efde63b434bf98fe

    SHA256

    402f6cf4a3395f770a3cb0d6b199507cde0565c16e0bdfb56bda5c47382171d2

    SHA512

    9573f920aeec47feede7a7558bbf914142681ae6fb39d74948549f13fb36d5aaeef5414cde5297dd5cf3f03d7e46dea09a8697ad2b03d0e202b898b1163bbf24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd5dcaa7e9d0bd0379e97f7eb5a1cbca

    SHA1

    ba515c401064c529c528471be7dc09c52782b492

    SHA256

    d3ff4b9e1e71fbf5aee870d1a5c0988ed57471fc2c1ecf836dcf7c2c37f7e11e

    SHA512

    9e1f595ae2ff1aef3c9efbc04d0682a5b24423a94c942fd83120ec7f469f625e7205b4d54ba9f076472d7838918cf2c7c595b358b1976dc6995724482aa3697e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46bafecf0b2e336597721620eb88ba24

    SHA1

    e7a6ef831702ec46ecf4e55c7310b4f75dc0052d

    SHA256

    aa369e45bcc53302d1910cafe4eb883c2e0226bb7cb72ac0b726dc0ac185305e

    SHA512

    2ec55c45becff17c082381e8f04de9507ff68c07bfb65907da86463ed41fedf76e5ab19ab3d3673b286dcf0ea80609e71cc533ffc565b41629b85c372978b91c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC5A1.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC651.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1256-17-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1256-19-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1256-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1980-3-0x000000007C340000-0x000000007C3A5000-memory.dmp

    Filesize

    404KB

    Download

  • memory/1980-10-0x0000000000230000-0x000000000025E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1980-7-0x000000007C340000-0x000000007C3A5000-memory.dmp

    Filesize

    404KB

    Download

  • memory/2548-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2548-13-0x00000000003D0000-0x00000000003FE000-memory.dmp

    Filesize

    184KB

    Download