Overview

overview

10

Static

static

5

7817baf1a1...c7.dll

windows7-x64

10

7817baf1a1...c7.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    15-12-2024 20:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7817baf1a1804ba59f14a2ef3ece224613e11e5a54bdae907d4994fc9c8c9dc7.dll

  • Size

    1.4MB

  • MD5

    576449185aa93b0686a91f61ab460784

  • SHA1

    69032e4ad70d4c19b4844dede0806b30ec1eefb3

  • SHA256

    7817baf1a1804ba59f14a2ef3ece224613e11e5a54bdae907d4994fc9c8c9dc7

  • SHA512

    d5de0c71680c713a73dee3861a65db3f4cef35f36e1f475658f25f8498021cbf994b1e85ab88f091976b33be99a8b134842e17ed37a3baf14f5a842eef779e6f

  • SSDEEP

    24576:UhpM2TZS9QeQ6pmECoqNNuwV3CDpHc2IF8hJ8BqxV0RCfLwsjrDxG8p8Fdbm71v/:Uhm2yvrtG3ypHzIM2sV0RCcs/fpmdQv/

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Modifies registry class 62 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7817baf1a1804ba59f14a2ef3ece224613e11e5a54bdae907d4994fc9c8c9dc7.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\7817baf1a1804ba59f14a2ef3ece224613e11e5a54bdae907d4994fc9c8c9dc7.dll
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2124
      • C:\Windows\SysWOW64\regsvr32mgr.exe
        C:\Windows\SysWOW64\regsvr32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2348
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1652
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1652 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2868
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2364
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2364 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    429cec612488ecf94e5ab264b30f171c

    SHA1

    bb6bf7d75e4396735450eb87c6ab939281d84ac7

    SHA256

    355c2cbc49cdff8c1cde6325dff1bd9b64f87b03357bba62359ea699a42cbe27

    SHA512

    89723a7ead1dbe45c7d3e532d409cba95f1574021c3a33a95d11ff49a25e57231e5d945eebacbf30b61c5ff0afc630b2d70a615a3515c9023c311630f0cdb7a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    828da9eeca58d20d64fa0bfa28f97b56

    SHA1

    0a750096f883284ded8cf8a2f277d20cf35c00b6

    SHA256

    085529324ae3eda0bfb34c1c36467133960346d888d881645add2d364d887e5d

    SHA512

    5e632db3c6aaa3855503e3924598648e5bd5b7b3d2c19768932b87a65307e724e6e09b9f031f9c6da0282d7c16c8bdbbc596dcbcd574392ddd3dfd3b2e4a75f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8729b6fef0ff0e2f6d66fb70d0962082

    SHA1

    d351f9ac86186b7725884f7a98a733be08029387

    SHA256

    275707433c119339c762ead7bd2d367de4f65afe8816f374e96902fab710d6d2

    SHA512

    52a086a8b39c2ab6bc2277099971a71e3b45b1a350c97de00fcb4068e89049b27723786311ca7ef2e9baf61fffa731b60697bac32f754fb8798d11369986cb08

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff8e68879ff065fd726a92215670569c

    SHA1

    d7e0a21a8aa15743f81096cb5c437bf22e26819b

    SHA256

    2356aa55254a7aa6aa6b5e024bc1480d7c80f6770a26d8db1a7fa9e4c0d84645

    SHA512

    3ad624b2d2b11d6f7d56a9cdfb08cbfa08fb8a649ade894efeae3774f20ae28a4dd2840882cc42bc0b4a81fb3e46673624b4a6217968e986b443adaca3613cd2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f35a5142f41eb3b2ac0ade6cc11276c6

    SHA1

    15b4e011672d11710c90f0ce8430040969c7c0cd

    SHA256

    536f32deebba2e4a0dd5f26c111c7483e6bf8af78dec33295b2800155f8e05cb

    SHA512

    21db15df4a3189225dbc9a6f8b5e62c6b7936a56c6050556fa683f8433209e5750b27b41d9968ab5d188ff425614f74c81f9467311d4c50f04e3e0383f6c64a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1ac59767e48b0d72277d76a61e2d92a6

    SHA1

    34ce37f80fa1b0833bf28302c27a05535cf4fd69

    SHA256

    a3fdfdbe5544adeacd0486ce9394bdfa40d198bc11423f9a21c37413c4a4e431

    SHA512

    99cd01355d9bae6a9f9308849ed52d182b9a65f88afaba39971d0bee790a1d16abc52e38d5706d3195853d899d478e2217b933025064478feba6844f7f78cb45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8209e3b0e02602bda9a067ceb66d1494

    SHA1

    70df94cfb9e3445df866045c1f43f688b7605a0b

    SHA256

    217f26b0a5114f71714dd4637c0f0e7114ec89b2afd3a20384326415001778a8

    SHA512

    d3a0359ddc19be99071ba5656a89ea1b70fab721dd1a888026111d6a4cb571c62e8a40b4ec1a4173c7e0a5a168aabfe273bccfe82f141edecd75fd7a035a077a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1288d7de2c3774ff80d72371fa898446

    SHA1

    6da0a247f410d5755a30c91bb4af6eda69de63b5

    SHA256

    3c5721c3fed000ce4bf8a31ebbc4342db9b1711c24e6a7085dc68ddebd7069a8

    SHA512

    7a183ae0f6d0a80588de91c1a14c8bb51ba701f1307ae72e1f94f99791facc00c9d0635da0530212ed85bd1bdfcf7101d60ccdc27b16db8fd0648e4c6ea187c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca32af2151fff853bcd7b486ef78160a

    SHA1

    b25591982fdb76eaff213670956a17d4570a0aa4

    SHA256

    ed74a53ceab6d0f97dac247af5ac654b9224dcf3c750650ee1be79b18f52c09a

    SHA512

    cbb46378a977c8d87bc1e6d1b79ad39cf7384c2008555f4d06661671fda5c96cba13f284d36237cff0dad8f8f363fecdb2c7a0867861f50ee7b397f2a7ddb843

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    599023ce0a6f8b2ddd8ebddd644faa0b

    SHA1

    911ae7f9eacb2cee1680d42c2bd564a0c2794385

    SHA256

    a0d9ad6d7eefeec5298fd7bdcd58588472de111f72ccc0420a6cde0968b8b070

    SHA512

    c4904679b7e05d70b0c3754f5a351b85ebe2cd32cf467acb19ac61e5707aa991f8477633f44588ded84b5a728af5858d18d2c7935831b5d49c6b7f5991513117

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    37d2173e78b5a745635575a19017d485

    SHA1

    1c8c4657928437c563664a583fcbdb749ce43e16

    SHA256

    f504005dcea2a85b4543d15aee3c5cf8c87768db1eed807f1ffb3dff91061604

    SHA512

    a6e85f23ef7bb24bf24b67189a8f9a414d00fbdff8292e1c001313a83993cf0492225784e4dc43bb4ab6ed89fd142b0ea92aa925ea2fb7444e427c7dba61fef3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f64e0244dc7b1e2cc747fc1be815ca7

    SHA1

    0bcc944c82063aeb9d7b45df8c1e40d328068f24

    SHA256

    c52c1d612fd1b447d8de6b1b92c2e8351ded37d50d2211ce0a23563d1749f043

    SHA512

    c2f498090ac7c46df2acfc3b48354993167105954bc4fa22b70c8aa3b5894b01a7e45b5a35a61d5dd88fe5c90904169e541efbfea0e79409accc8a1013b843de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e013655b99ab5a7f2de65e1a0fd3ebe5

    SHA1

    2013883d3ea9390a02a06ea2dde4537b1fbc8557

    SHA256

    e00522917c2d8ea84f0e61c07b2fad5475a80de410476212df3fb7d0b2a6693c

    SHA512

    61545e5bdc35a197e54d8e350ae461592fbda4f09dc908a1e2a8cce9a0db3579a3c9d88ba765f3aab27c17807f22e21467714325cf58eba0e288710203b8ae2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1bebbe36a9e6a4ac83b5bca9a0fe2c7f

    SHA1

    9f079fad98600a5132845a2d9482a34cdb900923

    SHA256

    d9a86d040a6e271c4ac5fd7e63b2b707fd7fa89464d7137a77b45f10b780d30a

    SHA512

    23e0b6f93edd04abf1f1662426d4aa68122bde91745421e3ca2cfdde538acf90b88f0d105a80d6c8f81625c75dc66c3f19ac8b0fbdbd8c5cdeedb4ef2f7b4c09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bd5f322608d1491a6fba62bb61a51f11

    SHA1

    ee07066175cf7089982381af8d503c4a18803a1f

    SHA256

    6471290d41caa8ed21771ff13117e96afba6d14d5bb0d6f9e6612718b8fdb17a

    SHA512

    38ace8d2c81533dcad34e5e5bfb72044cef693241059baf82e1e81492dc52b177b4891267d090d576a03a4aaa4227416ad11fae011948280aa84c0ef223d6ad6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    edfc54599403287fc2e51b20a6f78a0e

    SHA1

    c6622d31babc7abc5998c2ef8775be2228857657

    SHA256

    d20dbca0ed8dc3a740a70510102e544f0083966b59d94a9dead08d99ddab9717

    SHA512

    3e531519da40aed90b467f8483cd717f3a9a58d9e56b1beebc0a4954dee034da6ea2df7ad68a026ea8123d8cde786d67ce8995c5a37415305046ea2d72be084d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7d0041d74d41ab8edc24d10bb558d79f

    SHA1

    7da6c3f19bcea437353367fbb8159e432beede7a

    SHA256

    2a2eeed6f915181766d237438103e427a7f21e600809bbde08d63cbb9bd1f424

    SHA512

    6c55d17261e615c33ba15c99ecea98de8fcc7acdefb60ec56a1be72740d734da3de30e126c9a64a0429b2e0db4fd7304ffd054fc9e509d968f9b32b670678e7e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EF00A3A1-BB24-11EF-BCD1-4A40AE81C88C}.dat
    Filesize

    5KB

    MD5

    2627e0b56cf83bd86f98441b84f7041c

    SHA1

    1d8a45958467933c2f01660f861b7a12b9e12cf5

    SHA256

    6f67ce617737bac74c8b60e636bc0f98ef5c12a29c0354ac803fcf3a3da8f739

    SHA512

    a85b775cdd7b6da4c20f5df88dbb2471175ce1f220d77d8e546112e9786c5964ca5d923ac2a3d598f297e3dfe89004a83e908053222f1b02c0d4a15a5d5797fd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EF00CAB1-BB24-11EF-BCD1-4A40AE81C88C}.dat
    Filesize

    4KB

    MD5

    390a1bdf4fc815f8ba6a084f072ed443

    SHA1

    b64a9fca0519e46a98bf4825ad49b61c700d2363

    SHA256

    e1f7ce3d4a9f59d2ddf773077573d159b5dca01f99581981a5bfa93e697a1d40

    SHA512

    7508478da4b3e51f9ab7a91f7e84d8505cd332b86a01eab7bc1e1b3574720b2b7509d14a9a900fc06cc0f3cbfb12550d264869405c25d04fc3873e7dce099de8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabBC10.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarBD1E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\regsvr32mgr.exe
    Filesize

    105KB

    MD5

    dfb5daabb95dcfad1a5faf9ab1437076

    SHA1

    4a199569a9b52911bee7fb19ab80570cc5ff9ed1

    SHA256

    54282ec29d4993ed6e9972122cfbb70bba4898a21d527bd9e72a166d7ec2fdc0

    SHA512

    5d31c34403ab5f8db4a6d84f2b5579d4ea18673914b626d78e458a648ac20ddd8e342818e807331036d7bb064f596a02b9737acac42fbead29260343a30717e8

    Download Submit

  • memory/2124-10-0x00000000002F0000-0x000000000034B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2124-8-0x00000000002F0000-0x000000000034B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2124-7-0x0000000074D50000-0x0000000075109000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2348-12-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-13-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2348-17-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2348-15-0x0000000000340000-0x0000000000341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-16-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2348-14-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-11-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2348-20-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download