Overview

overview

10

Static

static

3

b56e29dbeb...8d.dll

windows7-x64

10

b56e29dbeb...8d.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    68s
  • max time network
    69s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    11-12-2024 13:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b56e29dbeb4f7a15308e0403196c422d8dec48bcd63d3230adb8f7cb9805e68d.dll

  • Size

    386KB

  • MD5

    d7b472caa2cf71209ce7a06f442a1f59

  • SHA1

    5bcd2f5fccd97856db0f332bd02a1a227d222597

  • SHA256

    b56e29dbeb4f7a15308e0403196c422d8dec48bcd63d3230adb8f7cb9805e68d

  • SHA512

    11c278a8d70d21ed4cc9cd48f1015d6451b44e08e7ee8159c2f0b2651f42d79443d96d9019b97c163c063c9e7e0c59fb0bf77b5efa4809815944b84b6a0b6848

  • SSDEEP

    6144:6ZUlm384BhhmfmmKgyWy3iKVCq5A4HaeapaqaBe/xEMNkbYe:6Slm388hYfmmKgyExEM9e

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b56e29dbeb4f7a15308e0403196c422d8dec48bcd63d3230adb8f7cb9805e68d.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2528
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\b56e29dbeb4f7a15308e0403196c422d8dec48bcd63d3230adb8f7cb9805e68d.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2512
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:788
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2188
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2812
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2812 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2868
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 224
        3⤵
        • Program crash
        PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bd38938fbd5c4524e39000c9c7a8435a

    SHA1

    6145d0ce350049b279fc8293bf7799f37ef0163f

    SHA256

    0761ab1780b0119ed45a13c90147fe46f22ecd6791e116636a14e85360b6834f

    SHA512

    6182cd32dd1c37fdae7e31f01d1895ed073dfe7da00f4e31164e277f391b22f2fb6a9a97071dad3441d109fdb69477efd8b06075d3eb73593cce7034cf3986b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d2a4af5a6d74c8ed09792cea922693cf

    SHA1

    258ba7f6d41763e8c76f4bdd1c7c350b09cd4a0d

    SHA256

    4cad9f0c4925641e59b7838eea12e92a05bc60d66b71cf39ec4182e778431e54

    SHA512

    7f92eb819430ab5a809a7308897f1b38d0264e26035c817c2a82f851f13c2ddcaf96883fabb56602e5eb27b32818b3e73c9e2cc58253b3091c900b98bf3689b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff86b655b8e3f356931b0e0980c19e47

    SHA1

    33fe3b754bd4fb25a32ce976a8f0b48cb922a996

    SHA256

    11498ac1c5d043f8e65725474bd1a4837bbcb4a89e91840a5ea89f06f3eb6d4b

    SHA512

    5ab54e6fbfe76e0e4ad690be2beb78760af7687fb974f7347a9d2028ff52799622c27e8ba22453b7ea25946371898d4ac40ea76273fa13482f035c864e7308a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0bd721428b436e7580a1af28e3ae07ce

    SHA1

    1d2ca6ba278ca8b0b80cdf1509deaace413c4418

    SHA256

    2089961863b984d3713a6422534f879445c97e4a5d04ae80d655a5f28c0a723d

    SHA512

    135bccfbc2d27dbef15940f05f6f695cfd598deac5f81e4735000046e303cce74efaac4d530b0acec47ad0218c8a1ea4ea39406648631acbd94142fb15a407e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    207438f75ebd2fc7a7cbae03421a3d77

    SHA1

    152af48ae363781f6a37d4f25219c8b1995ea680

    SHA256

    20a7d0e34751ce19a3e7a06196aaf2efd3121241e8299f79bc3659642328c939

    SHA512

    b828a85fd680185d9097e80fb1c9ec75271794db8d7bd0139903920d88c6c81ea63780df10c3b2898202436774d49e7f8854f8200c07e0e2e97f8933a03a329a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56755df7675e562f384a28a41a6f5f36

    SHA1

    ee22fd903eaa38186f04708f208a0baece2367da

    SHA256

    cdb4e2cd25cfc01c835d86f76f1c71c2c6ed840fb0227f8bcbfc2ca2452a300d

    SHA512

    0bebd3a9a8d3ea25227c0e95ed91d2789f60beb3ebb9496efcee388a03dc3dc01287a1212b7ef2a3e6409c40ba985265d558e7a5351c0c0305b6fdbfeb24eb9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    02f81bb8423fb34a5aafe0f2fe79148a

    SHA1

    631cde99668b57ffb6afd0e964efb6951abea20c

    SHA256

    19c0567c736d15a00885ed948e042366c1744987d8f224ff574e21d4ab58acfb

    SHA512

    54e0d4270f832c94aef81c4d83ddc9c35d64cd09895643e4fb4ca300d572f3a1019d944696203f2d81d7f61afed4337dd0ec083dc4024cb00857dbf1148bfbe8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    047cc1cd85619c199804ee25f89a98c7

    SHA1

    2f4e167593f20cb008bf4774a59d29d8fba2985e

    SHA256

    054ed81d2a4df4d3dcf319a9f55f8cb12fb48e02ff4020ab4562c00d2cd48a26

    SHA512

    83351a5636745049d5da30a9e9087ca3b5abe5dce262970f9c6492fd2ef70e19bded296446bcab5b55df7e941ba264953959961246e65281c9e84a6d6a8d8857

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c557ba36132ab48ee7cf29f83c5bdb7

    SHA1

    dc3ff8d3c8fe83ca11b979d32903876b524b8d40

    SHA256

    bbe4d06d472421372aed33ff25969c62063514432a4a8547bd8b2d6032e3ecf2

    SHA512

    6725723a3d3973b266036ddf710e772f257cbf3d9aad7aa898fed46f3b72efe0d138da7c1117578b159cd9296914c3a2240240fb38ae7706e6841e4250d72b72

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    04d162a4b3c3372df3b9c0d395fdab54

    SHA1

    58f0e05e39f6056e02d7c507f5789de99f62a0ae

    SHA256

    e0bc83c723da977e09783c8796b51306f22f59e0b8c4bcc869d3d3f4cb56c7f7

    SHA512

    a4fdbafb44c91cfe8bbecd7c018b2ab4251da5e920497d6b5b0ce8dbc37c94346caf200632609eaff6e8d41c95547896597e644598fc76feab9baf90b843cb34

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c2de8d73dd16cdd4828bf9272301663

    SHA1

    5d996578068ec448f12d4a5409b4d9b4af537d11

    SHA256

    7a11bfd1b430314785a34665e2b7814b7c7ee1ebb6284687b11842044bd1ae62

    SHA512

    97268f32690acd050e0e067f41ee84ddb5cfb813fcbed0ee44957dc0f72e0781612538c6be584c8152726c5ce16560830517704db3fad2be4240117939b0f622

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab92A2.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9312.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/788-15-0x00000000001E0000-0x000000000020E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/788-10-0x00000000001D0000-0x00000000001DF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/788-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2188-19-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2188-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2188-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2188-17-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2512-8-0x0000000000130000-0x000000000015E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2512-451-0x00000000001B0000-0x0000000000219000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2512-452-0x00000000001B0000-0x0000000000219000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2512-0-0x00000000001B0000-0x0000000000219000-memory.dmp

    Filesize

    420KB

    Download