Overview

overview

10

Static

static

5

035ed5fcdd...1d.dll

windows7-x64

10

035ed5fcdd...1d.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15-12-2024 21:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    035ed5fcdd134622ded390da86e37ffac971905351523824cfb9944a3a71d81d.dll

  • Size

    1.4MB

  • MD5

    3b97ff9df423e25e55e619ab25aec98d

  • SHA1

    3abf7065c456f1f0f731492b085709e17b8bad37

  • SHA256

    035ed5fcdd134622ded390da86e37ffac971905351523824cfb9944a3a71d81d

  • SHA512

    409635d198d5732094dd1e7b99d0386f8fe9d9fe710cfc6b5565de3a42c24b6ca7196f63192a34ef59969f5c52cd010944cd713e0af0f6f1fc52c0c3315893f5

  • SSDEEP

    24576:SKit4aTOnCoUHbYbDzjJcvvNmIMlSE/p/SZjAygfc87LnwgT69gvmzmTWb:Bit7Onr8YVyNmdUEJSpkfvQgTsgvmB

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Modifies registry class 62 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\035ed5fcdd134622ded390da86e37ffac971905351523824cfb9944a3a71d81d.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2392
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\035ed5fcdd134622ded390da86e37ffac971905351523824cfb9944a3a71d81d.dll
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2728
      • C:\Windows\SysWOW64\regsvr32mgr.exe
        C:\Windows\SysWOW64\regsvr32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1820
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2832
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2832 CREDAT:340993 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2120
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2840
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2840 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2084

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bbd28ad569d9e4a12a63e7f25be9371d

    SHA1

    d384d20a925438b20441318d1a9de8431ce05bfc

    SHA256

    422c7798e327aee67f5c621ba44f874c39ea745f456c3608478fb66921174cd9

    SHA512

    9921c3d93917f61cded4a181cbdd21f1bf879732e20c76e673f992459a1598adc9c1b6bae84e734ee7a7e11345ae9c4d784dd4762e5c512f283a422194024add

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a3a08e30be15d71031823ce65bc31a0

    SHA1

    7c2fd828616d11ab5935ab3a98986fd998b7ce9b

    SHA256

    583fbec6fb4499afe552ec475ddf1babef9c683bc8e8276d885373508b7e5374

    SHA512

    b9aeee8f95671c096b3087b6542e474987cc63f68a68ec980c4582523ce8e0d9a5c0e398150f766853605caf365ea616b95b8dcd5201cfb7e72b7ac7c2b9e4ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b22be20ea865a433da9f1498c2796504

    SHA1

    d598c617b0ac0bc99c9135ce7a78ae8157ff5227

    SHA256

    5d5e0993d046afaa393bd3110816690284b6c2b550fe19a210344fa7459e77ed

    SHA512

    5f35a7a287699508e4e1018ce979301fabf304ab59ef9d4193edcf5d93ede4ad0f30c58d1de154344453522c7951a531286eb5725ecbfbde8ca38d46d584e863

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aefb4e08fae2532663ee3c98a95af993

    SHA1

    5b761be4e1d51a6cf9c585dbe4d3fcffc303d201

    SHA256

    b9871a8920dd1e51a7ef687efc37488a5f9308a1801c13762b37c888d9c69127

    SHA512

    dd51a82a5c10e6600bef8000a505df1680a7bb01efb5a9dab0d46d419d7dd528ff4cb4bd0a1e6523ddce5a337a142137c88951f632decfcf6e58eff1cd73e564

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    456bf012192e9870e8b6f4a3153dc1ab

    SHA1

    a1ee3a2b0fbe260f7fff08ce228832258d10daed

    SHA256

    301613ca90858a23a823f8c34b55f5ca61f9235c42a8c07f8ecfa203f913293d

    SHA512

    be2a446bdb083a3b672156c9a6ec8adeed751e7c8a8ca7a383ae77e8a8348c5afa0a8eac5d87f20cf37fd6efe3090c949eb2c137a2366e9920b91bda6c723260

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e7e739b89b6585e49982dfb03e169420

    SHA1

    b5a912bf2fe9258c7f1891492ae0d324a097bb6b

    SHA256

    e5e2e93acb637183397d96d5f4d923d1fd3ec3421c3d62e76114d15caf5664cb

    SHA512

    9737f4eb0072aa768612d64f067e1d2cab3b8b65818246789744f95bc8db57f763c0822f1df338dea0dbe9927a7bfa87864a1dd0a9c902c4db26f13504c949a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72bb2b4d44e59a3b7fbdb463a9951c73

    SHA1

    4f85f75b55876d34c6a4b97b5c00de9e93c1629c

    SHA256

    50f7a79945f759f8f285c851f0477c0b59decfac4a9d8973f6bd47ec0af8b8f1

    SHA512

    8610ad7dd4eb0caa8a59f7be50a14237c6927940f3dc5d9a7ccc814c644bf0b4b232c51b6362e93e9ba60dd0ba695b88237fd7740d9c6c5a8510e5c0161f5e67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef46b4b417609c349db6731f8cba734a

    SHA1

    9070a80fc3ee58645d7c77619251f3d6486cdbc1

    SHA256

    0259a2645de0671e97c58bc180e3e0d95c877ca285281ba0582bb392bfecadad

    SHA512

    90c62a6a434cdf377e75de86ff3af10978db4e46ae18497b9efa3d9246272581b6ebf5dcec98715e2e5bf083891e7202b0e117e09bdd838903baae31bc8eb087

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0644b858a23ad9c46d70c0b136282b59

    SHA1

    c0afa0950c9b979921750bd7da3ddbcc9f8a0779

    SHA256

    350c523512800a7b72eb99bba38c719b736c80a37fa33564470ab7162ad99174

    SHA512

    38b409c44f5e37fce4e195ae09cfe33df9cb5d1129ea11218f6793b672356a229f69352714c55c3947b52865c3dbccb4f661d28df84a8f570efe78bab4627aae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    148d445013fb9b3babf8f2405b89184d

    SHA1

    278aec0d5f8b790e7dc83cfdfa4e4f03cd43fd39

    SHA256

    ea7e3e7a79980be578471b832a83aef40089beea950fe4a131117906f7f28a38

    SHA512

    8cef2cba670bf6b393074c1d92e37c4480218b1472bd694dd7cea45dc914dc9ef46be71f80e7b93428533cfe0d972a8cec514bff0a1f85d526686539c94e5654

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9f4c8f651e7abd1696dd535dff1ddfa5

    SHA1

    2c85674e05f9e33cac78c0ab68d099559ac10336

    SHA256

    bb892959e221a78dfbc731964e9ee7b567408f7145268479442a2ff8b6582443

    SHA512

    06848d24f325cb341b319778183aa294263802ec7baa5053538dfc02b264680245db1759dbca8d0683c307a990d51dfdcc75407ce617ae3a909ad7e618718a9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2883058ddd3e77375ace598186b5a12

    SHA1

    4b5d9cb38890017ce8a672cc559620b4b48d8699

    SHA256

    a12e668c5458b7443a148daa78baf0f288d199c77962e1cd2e4a01fba7390c76

    SHA512

    9e31293d620ab04a7367180cce52f7bb4b79391165c68214d89f02039c24f8202d474f4e07a02ebc2cb45baf242a3e57d970b948c6822f8f53741373106f6139

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    31a9b0e49faf965a8637e2dcb5b50849

    SHA1

    59d417398859bdccc8367bb5d8a64d178025a9c0

    SHA256

    03e7e04ba298c2b21cb883c00105b444c2102ecec87d9f67ef80b32379a8ee42

    SHA512

    29807cd827cabe020595315a38da90e2765b3ece8274154e10ff3b6c590c2e16f997c19ef94aa1ade6ce47ce9719be84abb70fd07a9cef8733de42fc583fb39d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    27b3ca47915223666c93863c89fab4fe

    SHA1

    d679cef7155267ecbe37db2a9b3df1f221cdaee3

    SHA256

    6f9f3781678797810dcee8b442c75e3993b87857dfed15229e3083c1d971ae3a

    SHA512

    9ba4d03161a93768e1b47bf76b9c42da83687d1d9cbd312d88ee6dbd2654dae462054288869eb5b2f2df5d6604ec75718a0a100f953d3d81e92b4ddb47b05c32

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb3ae6612cd3ef624ea6d1d4196be05f

    SHA1

    d37a7496d731d9cc090dfa51ee3bde2f1744d927

    SHA256

    1896acc0c88b6c1137c33072860d7039faa038b13a77b80df821d8ee75f5e0e0

    SHA512

    b5bc728769068a6c2c7bc8fd2a27bbf2d75b084496798f52e80ec18f96604f6a24e510506ffaa157027f16bb671a749ebd6e92262f3fe2c71a713a822baed9ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc0210ca6f435e38c47b71337ea4a82f

    SHA1

    d1a10240f71c974096fd924a00f5fcbe5385d75c

    SHA256

    ca7f1a271c4860a22ea4dde8583b510c4960e921fc522448be119271f7291dda

    SHA512

    2ea94b1f2adc51e22f8e5fd4d07c808c5d91a29c167d750b10a5ee29005c9ee2e5388c3126e49f04125b3af74ed4a4ecac0f1285b3ffd6af42e970e49f7d29b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    220e053aa46e35c57f61f774fb3c3e64

    SHA1

    1ddc4bcecd36ce002f27a70ca903a39eb20e68bc

    SHA256

    7dc19988f6063b88b0d5e7fbdebe79782c7d89d3def886bc218fec5fe5018a6e

    SHA512

    2265e4f919071a9eadd3898cd97bc30144d565d66bd0325283bf77d677cbcac5c5954a2ba4e5ef3dc08cba3ab6cba5d003baf67327813e6960dbeb09f22f5562

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    78b6de8f8a0c1d309af44dbd96b8ab24

    SHA1

    609fde9450064bf8d8af8984377cd6d750e81ca2

    SHA256

    f8478a6a165c613a345598d8c12c64294c3dc9ab6a7e55644f97d31e4438d6e1

    SHA512

    98e42f0b69737be490bda377bf8d76de32f3f8acdafd9dc445a9c93325e6b247c0d84ceeffead26045c4c1c6b30de4c028cd5c6b969387a08cbb39cf13753d18

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a37e00c0997fd66f6388f84a2bd008ee

    SHA1

    ce4efe950a4a7801d777a393993c54accd1d631d

    SHA256

    58ccee04c37548bde9d6441a3012741de16641bed0f719c6691bc1e20a8f53d5

    SHA512

    92fd8acf36b0f0655073b68cdd40a743ca9ef4e0c8e1c121680ef611925a3cf47340a68b5017d5bfe5c26e6b8a6073c05c23356f0397151a8a39ee1f5cccf767

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ed4c370674519326a4629140ee32ffc6

    SHA1

    92335e5695bbc723336dea3810e4a8767435d90a

    SHA256

    680a45e26202ffe74250b866c0ce5e75082b68a5048e58d70a9d9597a6223146

    SHA512

    50b9bf907439f1b021132d68665eed6e7a29aaed46bf99732d702354951536d008363d205c715bdb4f93249cb98e8285f2f025904b2aceb509e5532a5f8a4742

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f92a49866602ec4582952fcf7b02a27

    SHA1

    83bc0ad10620903a0f8c40d7ca250253f17e2422

    SHA256

    bf8d4cb4d446f379f2f8df5e5358a5ecfbe8d5630b598c1d21e64e5020037397

    SHA512

    080ba4e65ede715255fb2e7410c7658e180e6852f55a5eedcdcd1609618baf6511ffaaa1115a33610b5cc53ed26a7dea677f7ea1391e28f8eb58c4581a3b822e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0819A491-BB2F-11EF-B939-7ED3796B1EC0}.dat
    Filesize

    5KB

    MD5

    f6d64cbfa6bdb1ac6692db4b32e84f3e

    SHA1

    9cce435dff1fea3d75f1450f7134a6f20caee92d

    SHA256

    c597adbb39153557b04023579a9fe484f675bc1ca7e003f4736371c891679c30

    SHA512

    6998ef45312cf0f63be410e4878e4805e08f0a1f1ccaa4589bf14a23163a494b1fb04db05b7e7cd76c03e89260f2548959ada1a0a18f0c685d511191e3595a8a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFF67.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFFD8.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\regsvr32mgr.exe
    Filesize

    105KB

    MD5

    dfb5daabb95dcfad1a5faf9ab1437076

    SHA1

    4a199569a9b52911bee7fb19ab80570cc5ff9ed1

    SHA256

    54282ec29d4993ed6e9972122cfbb70bba4898a21d527bd9e72a166d7ec2fdc0

    SHA512

    5d31c34403ab5f8db4a6d84f2b5579d4ea18673914b626d78e458a648ac20ddd8e342818e807331036d7bb064f596a02b9737acac42fbead29260343a30717e8

    Download Submit

  • memory/1820-14-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1820-13-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1820-12-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1820-18-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1820-10-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1820-15-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1820-16-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2728-8-0x0000000000220000-0x000000000027B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2728-11-0x0000000000220000-0x000000000027B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2728-7-0x0000000073FB0000-0x000000007436A000-memory.dmp

    Filesize

    3.7MB

    Download