Overview

overview

10

Static

static

3

c3d4def311...ea.dll

windows7-x64

10

c3d4def311...ea.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    69s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 21:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c3d4def3111024b83ebf1bbc39e43fc92eda5d2a9877f501c1b5026d7abd9eea.dll

  • Size

    272KB

  • MD5

    d321c97d7afa07802e1250c9137a99d9

  • SHA1

    0e87272e99809ca10cdd0c348327d9f9529ccf2d

  • SHA256

    c3d4def3111024b83ebf1bbc39e43fc92eda5d2a9877f501c1b5026d7abd9eea

  • SHA512

    4f352c27e65be37bd4c8023947fe9e07e324fc480af7a4270725b531eb835bbf54c022d5fbeaecda0a7114dd13cd805a8a9e8dcc99871ee9fdb2c059a9c74aec

  • SSDEEP

    3072:zMB3+g9CoIvLZi/443ooMBhXdkQ3gGlxG8:+9YvLZh4YoMB3gG28

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c3d4def3111024b83ebf1bbc39e43fc92eda5d2a9877f501c1b5026d7abd9eea.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:572
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\c3d4def3111024b83ebf1bbc39e43fc92eda5d2a9877f501c1b5026d7abd9eea.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1428
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2744
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2540
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2104
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2104 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2848
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 228
        3⤵
        • Program crash
        PID:1636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91160cec9af533c2c098e38d02c694e8

    SHA1

    2b2135fedb4c6cd3133edf392404c8acbe55d2cf

    SHA256

    af1558cf86af85d76f1a061fb6db4606cabb3eec1b8435b514cb9750723c9aa6

    SHA512

    43ae089fbf4a825e468b7fe97640a392912de2afe7cdcfadb037fdc52c07741ade361ec165bc0e8eea4de962874eba87c1b7c91e0d9f9b8cab5217dc7e55a04e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bd298195db200fb24d824ba285781bd5

    SHA1

    cacb71a9cdb025a7ce8d7255be111e1a56cec4f0

    SHA256

    ea986bf6d506ce8366ede5fa2def333bd05411664cf30abcc481a2e1a7e94da6

    SHA512

    3e950e43b619b5565d5f2c9d326e98aa2f32beb0918c9e9ec84893372b287397b73a86fc86ae648251cb149f3a17514cfa310899a4fed1c7c4ce40a182170474

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6538fe2f248bead4f81c961a88c0aaac

    SHA1

    0daa3b49c153b62475f233168ad9316c6a625b64

    SHA256

    2afb62549c2d4037bce8b8d41166b8c5795a69d0b5cbbcb75f2372d0f375c0d9

    SHA512

    5a30702d1ab8b3cde8db15a87dc65706d8b0fffe94cf36fccb0bacf6a5923dea92645d476ce2010fb9267be509d36181d86ec16f770c88773cac2ca0437020ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c4f5801f4f7c180ed50d429ba024d60b

    SHA1

    2e717d965fed28cd2f533d925f7a83a3cfb89c95

    SHA256

    309a25c1050549824438503d894969acbf040ede2011e6c260a46907d6622973

    SHA512

    7e56bf94707a1c782d2e24d8c5252fd2bf9a59f7e052777c459739ad808ccdd85af8f980db8322248878ae322d35617cd5735851bcda7e2200a1192eb3bd5d9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    10e1a3326e9b72cdba8dbcdbbd1b0c8d

    SHA1

    f9d55544d8c0c89ae629e8325969240c1b788b4a

    SHA256

    898773a0304befe6e41b3c060da9aef3780c9e8fe773978f5f5a1b3cc48300c9

    SHA512

    ab6518499ce4718699adc1d482c981063f29964199446b80624398e45ac221d542a00d2c724732e44da1616fbf24e0fbcc301f5a2284c7b41b859fb70020ea22

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e9f5fd8825b7939b119853d4e0a0c43

    SHA1

    e003696761e3b51669ae09fbb6bdac79ae03a023

    SHA256

    c83f139a34877fcc77f3370928bdedfa4a1a08014cc748b17f2c1e51b8f03a43

    SHA512

    4bdff099a5680f8194947db6f168dd6a8a088ea419667609a89e429b9eb1b65f336fcf052fed9dca45bb8cb04e2fcddbd59850979f9eb92b947aa419f589b6c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2275a17869b2c6d545c660dc1864ed1

    SHA1

    f38334cea21c1ece98ef917709a81dd5f9d14cb7

    SHA256

    4aec6dc990331cd686081b07b5735d04500497ac70d0947d6d161b34ca5c48b4

    SHA512

    8172b17ca083cfdee267eaef1fc9b69857377b9e6aac944924b7a4ab38281e780d91e1125b8c1e9c5ae91a547e6c9fb8801b71591aade79d990c57067c7a90bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a308de5d872763d55717c2e664e09eba

    SHA1

    f31fa9886c9b776e50e2cd99aad81afdc21d9f9b

    SHA256

    87a2e9e7a8641c244b19e89295a8091395874b70a84ca2cbb22fa1b367949329

    SHA512

    2729f36680b3826beeeb92275d4fbe6cf108ef7594256d6d0fa3512a6ffac0ac6e2f373b7e51009ef7bdc41dc2fbcc067a121fb174d33432b57bacf8ff955613

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fcfe220bad995bcee51b48937ccce50a

    SHA1

    4a464c8a48e6c7cc52d0b0f6575e1506431b19cd

    SHA256

    85a7fe6d979b0d36a7714e5a10554610b7ce1a1d26b918e274de340d30273692

    SHA512

    efbc85960e5daa184898bfa706f8bba7d43ea150fc0e0ea819547a6505654bc2029155d02ff039f0e74f8c94e82223148f1c81a6b891239c48e0dd6c0d0b4d37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5c5419cc3cc7e2d09cead5b847d8164

    SHA1

    0555a3cc8969e74b16cd24941e3616489abc4d4f

    SHA256

    1b4a43b7ac7f9c9dcb6aa85230de8dc4f71602fd0714fa118e671be3c3d6c67d

    SHA512

    0aac3b2bf0eb6333f95b5724989eac81d96970228a0986fc610d4338b08ce56265b46e8ae4f9ac84f8d93475909dc9b248a42e0c808d29aae7b711db2f3cd1db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    062140d9729045dcd3fce7ff85731523

    SHA1

    ca0aac5baeb438843c19fdfb61be249b1ebcc404

    SHA256

    b5c34e1f4f0c0e8cf0fd3c6e76275f49fe95e85ff8bdb575e7abbfb361dd03de

    SHA512

    6feb6839f0978dad1b2687bef9f0325a726a786997789b1fec01721fda52ab359841403335691379dc658a9f44fc98e9abd28c6eef3e2183589cc3b2a143909c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    597f24013e2be55d0b3e156c63ac8375

    SHA1

    365d95f2168b33e66418e9363fabbb91421dec46

    SHA256

    154dea121d1d7da92c99825abcb999e834e574fdd093ce93b943d91724508bf9

    SHA512

    16b2ecf1dcfe17868a60c6432d72202118f371c425ebbe09dcc38a3825eb90b09489ad499292ebd362af00ec41408bb97e5a973d8b2bfe21b26803b17410b0d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d8409eb25a3a9208bc8ef46a0de97a4e

    SHA1

    ca4dcacee74e60224d5597c8e243f86f10034e8b

    SHA256

    018e1ae73bab9314e2632b064328474bc58e4530236e5146330a9f461498a17e

    SHA512

    133cebf54b63f17e64ffbbbf3b7b5990570edfa7d08fa7a685bcb0e31184e35d575af9a4bf08fbcde758d2b10c0be1348d4b5d05d2e17cff7459ea9b2db21394

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4471ee5c6e2f1f3def37a4246581cc8a

    SHA1

    92f240aa4f61725b5dc2ecb64d4e87fc0a84b869

    SHA256

    e1bac0b039e32c8b6a3f8aa61f58e8bd65f93750d28997e18e39a66f183ab17f

    SHA512

    ec9d40da6fb0ccc0479a4c21c03592f2299643a6e41fb9552d70fa69e9b7e02e43ed85ae788b88c7bbad71a901faaf34ff8ba4da88c3db738698633cb859e247

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0bd83c903b2c168d1b961c53a813c259

    SHA1

    48c0328b19117bf0ec3d6267c49c7d8b4945ecae

    SHA256

    836549546dabbbb7a523c5ee9ce5287c6069c7303791e5459b29a76775549308

    SHA512

    d43f95698cac7ff8ce2c3852914b5750f25d2f6af59ee0cb30305a1d4af2fef30c0dd35d4bd6e9b3ee5968af19df8623d87452621b947432a8b9458e08ea8082

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e207f12790b2802ed49b74d1deb19ae

    SHA1

    44858f07196e954794411b6c8e0f8d0374772ca8

    SHA256

    0fa3d54d4d8cb5d2b33260aa8a1185a34a1a9cd888710ca489cebfd9b75f3a1c

    SHA512

    3803791aa47a2beb2ceb7d168026abc720126e0d23d2fa05673135156b096f3de742056e148b34f86d8c746015cf17c57e8ca46dd93c78e7256236d80bccfe22

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bef43ef5cb01671d9dce512ae01b3d1d

    SHA1

    576c68be92d4e68517508178d97b55497fc99669

    SHA256

    09fa236c9bb742a6da065bd104386d45ab9840d1089e33c6a01bbe857ee83767

    SHA512

    13928cebd34a0837a322bd63c5208a8988bec0daa5b4425a5b193582094ae8f35a58c49b431d80080c97c68361b8c40f5dc7f57db44c992d0620703ad3ab39c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    96e3d151e2cd2656701166b1501d7ad1

    SHA1

    40bf2f122b096df82966ae41ad90df583a6a5a30

    SHA256

    9e7902d1f9e66fc1acbc5407c8ebbdc5cc384143c095f78eb7cb2b6dd9e63bcb

    SHA512

    91de466713de4d69bd9fd42ee2940d7e9562adf9a96eaa7dbe9dce5e9111b4968c4b4fb48fdda54ae9f1ea9c2d6edf813e1080ed4fea8b4d7204943b72f6ac7a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6FD5.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar70B3.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1428-3-0x00000000000C0000-0x00000000000EE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1428-2-0x0000000010000000-0x0000000010045000-memory.dmp

    Filesize

    276KB

    Download

  • memory/1428-23-0x0000000010000000-0x0000000010045000-memory.dmp

    Filesize

    276KB

    Download

  • memory/2540-20-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2540-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2540-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2540-17-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2540-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2744-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2744-8-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2744-15-0x0000000000240000-0x000000000026E000-memory.dmp

    Filesize

    184KB

    Download