Overview

overview

10

Static

static

3

0989c5dbbd...56.dll

windows7-x64

10

0989c5dbbd...56.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    11-12-2024 15:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0989c5dbbdccbb2e08fe7a29a62771f7f4e36813d59ddedc2d9af3342d5d7756.dll

  • Size

    150KB

  • MD5

    392f25e6871b4dc3f00bc031d36a8c15

  • SHA1

    17444eaddb2dd694c94413df1b18f9382778b770

  • SHA256

    0989c5dbbdccbb2e08fe7a29a62771f7f4e36813d59ddedc2d9af3342d5d7756

  • SHA512

    8851dce5aba3b10170d99e8de7d953dd81b78add5d583757f0d29fb0f8cf580ebed41feb6a77b9bd775e25e80a23ff4ecb5d4754868bbf0d583ccecacaeca592

  • SSDEEP

    3072:k7LTNzNup4hAQHnLP+VXmwxCtkNPG+XhZ0pi58GANtvgRoA:oLTfuCnj+VXmwxh8Eupi585NSb

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\0989c5dbbdccbb2e08fe7a29a62771f7f4e36813d59ddedc2d9af3342d5d7756.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\0989c5dbbdccbb2e08fe7a29a62771f7f4e36813d59ddedc2d9af3342d5d7756.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2376
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2484
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2952
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:3064
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3064 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2912

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    08b1b16878eb87f6902d4e2535a02e6d

    SHA1

    4e5686d1f97e29e2dd9919f8f984ce3d682fcfff

    SHA256

    22f9fef6ff524aba3a45acc0d25acabe6fdd9f6c1bb6210f9201fe16907d9ea3

    SHA512

    3643ee3984ab777a54996ccaf9731cc4c964eadffc3cadd6f0fe57242d05c96d8e8a7f8e143dadc2a200bdbfe9cd8104853e594edb9060bcedff207100c5cafb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    77eaba50bdc42c19fbe6b7e8c24ad385

    SHA1

    69627464a18cd763944f4465f1751fc26b4995a2

    SHA256

    cd3eb69cff0e33f6e6eddbdf5ae0e0b393cb725313aaff658c7def5eb2942f8c

    SHA512

    f6b47b3e7009cc1efb0cac461d45e810e8c5ec518a0253afb6318c92fa097c0767a34a97a4dbe54345de96c38ec5b1f0fe37b0f2a5193705e650fe1cf7d2ea45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d50e5c71a61cf47ec0085e64b9d85d60

    SHA1

    ea6bd6a3c93c46280ca90508fe768c74f3f9d2da

    SHA256

    903ffd3b1b9c48e5f4c252739927768653df06b966159331aded330803bb9441

    SHA512

    ea3ac04b23edd9077bf237c467e9b6127b3592c11241ff62e7827a917886c8bd44fdec84bde1c643098f8149e3aa896ea90235ffc80f4fd2664dfb66a5aa9eb4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2dd551ddf7a8acb12c811136fa5a0c69

    SHA1

    d7e03887637b7c8a5ff34b6adbf4eee4e2365407

    SHA256

    238ceb4dc23917021e62710bd4c3f2c85b6dcb623b019773809dae2d9b9b2a9a

    SHA512

    0b6529e377b729a12573e6d32a3e2a2d5cb59889cb4d9b9567436efab151c5df761373135a3326371cc8e09e1d3a6376ead7d84c86c80cc965a8e849a9241e5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c836843e297dbd942d507576067d7080

    SHA1

    b6247ed295226ffdf43dd689e4787e96750d156d

    SHA256

    d7f9108e98a820260ab889fb85a01106680030d318cfb9ee08dfa1b8e528e4ee

    SHA512

    4035b360abbea625337c020f09535ab936b041eacd4af1fc51ca76d7cbb030324d6f52cbebb8774c4c69722bca5c279deffdc61dc82e9cd5c278389e5ca81c0b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95e6bd48a8bd273d5fe2937ea3700360

    SHA1

    11672daed855e817326b990df18e7d1680bb01d0

    SHA256

    775ecab00173539be283e67d963ff1065c77ee2da462c0a946354ebb6df97759

    SHA512

    52b64846797458ab9631f6161dc7f005f8e6584e537a84d341385c6ffb2c866630e9a7bdb0a53a692cf508239737c59ca57a9a9cdded32a14c6da928931a3a19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2c4702426b8482c74f13a8ee023f25f

    SHA1

    67eabfaa35f4a5acf2f4c5d1583b13f57aa97e35

    SHA256

    bb0df6df5c8b22ac320f4c405fc563df589c20171126cd4a0f11a975079ed9fa

    SHA512

    39dcaa5e27f5da5783095c18af964aa4441d8a97050fd6b5b9126eaee0c2a042a97288f34f3066ff78286ee5bf620f49f2e475e48709cff12358f12f0ba8ad16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    126b20765ea18be661f642c46402ea55

    SHA1

    1314a6e9364d6b6352d431221ef2a6b57a24aa33

    SHA256

    4c4f02d0bbfffd6b11b08d10db4ed827c79732f1bd0e80b945cb0195139b5d76

    SHA512

    0fc1b7da4a8c7986757932045bc46b7727a35718d7b05350f451decdbe94974be88fb91893ffc029427e11887c662073adbec989313b9a46913ccfb28712fa9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18b8b2438386de5d8f4a6a9e27c2097a

    SHA1

    43908974eec75c3b61acbd149e75f23867ee6463

    SHA256

    0dbf2b86710405a44a2412a0e033c1ae995f5407a5a276e83471aa018a5c33cb

    SHA512

    2c76b4b3ee07bae2909d89a514cff38d4fa53b2ebb762e63382dc02f9a920b7c14482450f08d882156fcace20442d6f86eaedacd2dd21e21ba850e222955bc66

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bfe83777b710021e86ea1e004c7f54ca

    SHA1

    0bfd32da240fb1bc23a23caf30c0c06fd15879fa

    SHA256

    c4335e67b22b85d456e2607d384672215cb8c053d9f7103136f2d0ac2d163a77

    SHA512

    9c12777e429ae644344077a694c4c0d5c7e20b820b871cf61557948ae2bff29d5b6485b22a0fe2dd7205fbd18410715ccfe41355fe658da6fa96856bf82db32a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8732e5c2a8840f2905a83c5d8b294ffd

    SHA1

    cdd4163a88e5cd9b817c14a780067962ddaa0d49

    SHA256

    5e86970950603f8c92b2e868865c5ab5a332d50e741e7e43e4c67b739124c868

    SHA512

    ab698bd544a964a1fc195429aeaffe2c47e27d66f1271bfd7f00ef277fb1b82f851eb9c12122645b7162c2b1a23ef303de93b5216861e3d045e446d42a6ac7e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cf06d69f19b16a76f150646ba41ab9bd

    SHA1

    046e66022f56cd9e7e15217fb53f65197132e21e

    SHA256

    2c87d02090899833f968a804c782054334c3aa256b740b7e1fe551b27b63c232

    SHA512

    93b0330a7953b2c825568ba56bff41406fde53abf4b2c2d767a6de0cdc5627d1f1b8cb808a440f79156a8d63d697529818c8e0bc797a8dfc8de8204a1f141de8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c73269e04238f335c87d1133964178f9

    SHA1

    9cd6e992fd99c178b2c3bc593980f6796cb36129

    SHA256

    e59055d45c63ff526542a2ae1ca55c3cd727d2ce5838f6ce4b1460da7a0812d0

    SHA512

    d1f72d5716eea40da2ee4bb465b8e9d5f08a1b818aa8634c8d5e7f609d221f2d1443c5ab0e32b54913039756d3cc88299f5c2a23c413319da789ed9cc7ac7f1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b29bf669eaa41cedac69c137b4f23c0

    SHA1

    163d6a0bf47f818928e7e96541530bd79e522a5e

    SHA256

    ab65eb3b8df3ffc868165bd11a19ff45d33649814416d615c5108a22cd19f00b

    SHA512

    591062c732c70de1708ca58fc8e570eb7da55d2f2d99aaf947b22cb589df495c49528181b0effb53aa3da733c77868bf1da3a81deb63d5f0cc808dfae9a84d5a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd9a5853e5e0cb943a6e474ed6c0cbb2

    SHA1

    761f3d675ed71a19ac795f0c9edb8e9a0e0629ae

    SHA256

    729fc5c94453bedfe9302645cdff7e3a200478f8d557a4fbab9f827100434c5e

    SHA512

    5a5620443fd9ea12d2a79ba516c4ac455c82d84497d7464b2d0441aa2d0443e44a7d805063284cace2551107129bb98c367a01d8961c96ab4e652b08e38e95e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12f32d3451408d3cbef02007778eeaaf

    SHA1

    eb455250e1afb4daab009328779e6b51e4da452c

    SHA256

    685f0b0da54ba74761469289eda26f81e2999106e6076138777f722ff6764d59

    SHA512

    49f30ce2ce9013899df66a9ae913fa2d2782554ca3ab671a49308d6ddf090109e1d509bbeaa3899d3241b486cb6f65be35db09655df1376543562f0639b8af03

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3303ce18e7d02dec326513d3b6021cb8

    SHA1

    f81db40239fcb19c0d0231c2412c77de0763b609

    SHA256

    4ebebff88b3312d4dfc8093b093a6802468e54700a792281566c813811921e45

    SHA512

    ed65e1c61afda61337215e94319b94d1d3027596459813a5a33eaacd8ba6f4215c9d0e72f2a09afa75a1868943f1c4bd34d202fab01c9d93cb0feb113f9d1ca6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8078b8e6dfaf4244bd3092d7d14a92e8

    SHA1

    4e0ccdfb8a111d19e0fefee0fa95f1f67f603f90

    SHA256

    3da5e5677709d97b90aaa7ad06ab0ee935a4beb3f6c6078bf9a0f98f884e3388

    SHA512

    d861affda802a601be48f3d4d8317b335f11630d480506cefaffcb1ce4e4bbcbd82ce53201ae3e0c1f37303997d3b3cebb09f254ae5ea4659c1ae5a35a9af3fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef5e76c1769197495855610106e1a5c1

    SHA1

    ac9c9edd684a774df2a7822da4ef89b969048194

    SHA256

    8c849a296162976ab9c267538b06200f1b83189b58da272a722f968c40f03c73

    SHA512

    e7404c1a81fd722b02a0494aa062b799712efba111ee3f3f5dc0b15755a462f429c41078114a611c60a26536bcddca9d06e5a9c53253bbc2d6014017bd03818d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3DB.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar60F.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2376-454-0x0000000000120000-0x0000000000126000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2376-25-0x0000000074C90000-0x0000000074CBA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2376-0-0x0000000074CC0000-0x0000000074CEA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2376-24-0x0000000074CC0000-0x0000000074CEA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2376-10-0x0000000000120000-0x000000000014E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2376-2-0x0000000074C90000-0x0000000074CBA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2376-4-0x0000000074C90000-0x0000000074CBA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2376-1-0x0000000074CC0000-0x0000000074CEA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2484-11-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2484-12-0x00000000001C0000-0x00000000001CF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2952-23-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2952-21-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2952-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download