Overview

overview

10

Static

static

3

12e1dc4db6...bN.dll

windows7-x64

10

12e1dc4db6...bN.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    74s
  • max time network
    74s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 22:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    12e1dc4db670697f92719ccc698a787b20b6912ee4a79df72e794ef43c841d6bN.dll

  • Size

    136KB

  • MD5

    17a1ee02fc2cff0201adeba2756b3970

  • SHA1

    5aa5efc5cf0c7a8a8133e81b23c00f3e04bcd6a0

  • SHA256

    12e1dc4db670697f92719ccc698a787b20b6912ee4a79df72e794ef43c841d6b

  • SHA512

    fcd9b06e591835ba9be3927522355351ab615f49a97def78c9e953f2978c09b5ff9e9de47f7ce781dc9e929c4ab0f723c85ba656d544b1f45f230cbf284955d0

  • SSDEEP

    1536:1gmf5TfxYPfpoT/7ivK6Fr/E0odbbb2inHetkc5cqvnMg/WpRh70qQ4SDMTTtFVh:1rEnpofGTuXHHetkqcqvnhzdu7

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\12e1dc4db670697f92719ccc698a787b20b6912ee4a79df72e794ef43c841d6bN.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1656
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\12e1dc4db670697f92719ccc698a787b20b6912ee4a79df72e794ef43c841d6bN.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1704
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2744
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2380
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2380 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2848
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2892
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2892 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b95bfbe86ffe2bb1e64b8ce4c8e87531

    SHA1

    28a7cbac420d57cdc112ec3e1b7860216cfd0646

    SHA256

    5d72a0168a716966f04513ef03f8514d37831cdddc82757380a439b00b0b67b9

    SHA512

    7843359d70b7a9d6f8795088c88f661a3eac50549859596823a0f2d87ed1cd7b2cb3b7bfeb81c5a7547190b7e5c83a3a80c17490109730e646143208134200af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f8fb4e88aafaee91699b4f9a7b913953

    SHA1

    6616dc5e8c203611ec94338196e374bb8e8bd17c

    SHA256

    020b75eb57bfa94b2b658606be93f30abbf178872f24e9a11f90c99ba9058700

    SHA512

    5b27fc0888876698e39e5b9b49d725032bdfcbffee0990ca8d1a3a766452e7777da67036e6a5e2cfe23b98518fcc6aa5bbdac81855131dfa1fc000cd6611d603

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9cd0156038cb130412fb1dadea10810c

    SHA1

    2f6bbd7409dd87d2d6db3364869ad613b1aa50f2

    SHA256

    610abb66b23a7c682689a4a4e10b61c2cc422da0999f04ba410d807a43115435

    SHA512

    8ba2e02adad74d9f64be234852c5961a8aebeb289e1eab28008bf9c27db07345107c7cebfff84cc097aa6098b38767735595e7019675fc6f60d48e6207f9b6ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63ca7d015d09069649e40cbfa11d15cf

    SHA1

    725dd2c00394580806ff3ee825cb4a3c76b7a5e5

    SHA256

    e7b5bd0302f9a9fca07d65eb83e36496476c28a501c283a9f00d47a752c1526b

    SHA512

    98bee2860ecfcfcad84bb5a269c32f1cd8d03b5c374fb5e7bf68568a30093fe069338fb8fd9deefe655ceb1d454f948d73b8af0578e627cd12f273095c15cd91

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b4d9a98cbcf3e606a95aed15a47a9aa0

    SHA1

    6f15e1add8841b1ed49c26b14b24534b0012668f

    SHA256

    3d13e00d141cc12b8749490d8062c55ce09187a35e19a3bd7357eb255a4ec5a5

    SHA512

    5f557ec627e2e1085add33343ef102a1d77519cf83a9dcddfee56c8a18eca5861e4c2f92742f900402ac0ce2786014ad38fbe4c88672890a13abf29c1de40fdb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0dc05eefa0027c7a11988cfa799009d5

    SHA1

    a1291e5e1cc5119ec3e8b4333a16ffd0b55ac456

    SHA256

    852b9cb05cd3233b3ab0879b9edf44b17d4bdbf753fd7b5e44b6a84b28c67eee

    SHA512

    8d1be0be8a9938d8161ca70e74e005268eb3acada744a770cac80405fd7aea28df592b923a8011c6bdac8e92b2d48621431bd679cccc365632cee14d83e14ca8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f4b71799c7ea55e9fcfeb96438c7c08d

    SHA1

    b40e57865194b03727c965f1c295c095bad18fc0

    SHA256

    7bfdcd220d64738b27dbe7c727a263898e3529053780b88a79945d4a04ab7962

    SHA512

    46b2846f4e48a16f1339c03c7a6f5b1319ef741e4c2965257217094b0615830d2c632c093704ced19b65a42e62211a215baea76215e02cd7a1fb706a80a2cccf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d658007d724de322b966f00521d3bf30

    SHA1

    65a5b8fcc9621b7084d650bee744389ef583de32

    SHA256

    64573565547a38284fe8fd4a784c59b0ab3955b20458b1382da57a29f0792c72

    SHA512

    ee4e754b11900fa3f100a61fa5cd69e7f6b86972f093d0d25d75014d78e85927956fd5c2b1c3ddb7978870e9e9c706428f49f64a7a013e4cba3e73aae9619344

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    995bfc4dcb12201e5b71592bde8bdf49

    SHA1

    91fd1d7d1b1cd1af428a1110df2937e33faba82f

    SHA256

    069623a7cdc4612af3f59b283cf44dbdf22c59d61493d0037d12a4fc490d23af

    SHA512

    c8c0b70d3eb3dba1d05f2ebd5c95063a9437048df8253c648d80780eeb9bc38e0bd245d73916ec97f029493ec296479255215cf8c28fa7210f05fdebbe9d718c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    736b75745413a4360d861152c0c0d420

    SHA1

    190f128bc6b06a714d8ac40686a415e49bd9dcdd

    SHA256

    d608474d20da0f63d2a8a999fb537f2679f6e464f348ad54e6604fd30377d385

    SHA512

    0c42cfa4713a6689454f90adf429c2deda98c61ccc933cfb83f8297f1ee793e57aa2fc73e310674744ce39c1d80ba43eee37022ceba74c7e5ff6c495107a1e8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    49ca27ad776d80aba1f4a57845a43e6c

    SHA1

    ff32f770b3316de948dc0447fe114691e9fe67e1

    SHA256

    c145071f67fb77121c340e907640df8c6b763eec3457afcf1639046d2161daf6

    SHA512

    adf15f07808f7ea319985b7b1fdc5717906b9d24844ffbd64de91eecffe436a787101f083de52c5e6c6538f4320ee63e3e95049b298f5cfb93bae4b066a7cbd9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    763fef5faf2fd037380bebec9f7d1d54

    SHA1

    88b24a4ee0a4c73a34af5fb981b4bcb4a0bb3df4

    SHA256

    a882dc2056498edc2f09e188cd7fda3168c42efe48ad056968f99c5f29024b82

    SHA512

    6c09f967bf2f6605839fb8866961420d01857b8beb666c0424ea34552573d1402684997b048f8ab339f5479f62d6d8b053e2178114321ef092b821f818103d9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c887d0b9e6dc49f92c4e8dab176a76ec

    SHA1

    159bc424e81c4f1a9df0f3a2656c5785a5437fec

    SHA256

    6c01ebbf7e107fb5c2916ef4360ede3065e088a1e41a4ace48cf93e6ecf2fcde

    SHA512

    0569a13e5d6eb37e5215befa17b9189934534429554416041b7ceef670b806aebc167f82985a2c6d09002b2da4c2ab49b07f3ba467040d879f0c019b2caf4a1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f1d33b3582c6adae27e48c09f88c02f

    SHA1

    d8830408f56973a9d521c6150fe1a875532005f2

    SHA256

    1f27048b990ae761f40d82e91c17191e3356f5617705c710928e8c97507c3848

    SHA512

    fa6570670cd5ff42776860596d135e2fa7197ae1b3f723ba0c008b4d2a648b4ff99cdde1a8fb87210b529f52cbabda8bddad9e7ef8b484c7cf46d891cb15527c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a1a8170f38547b821640822e0ce17e45

    SHA1

    93a4d59f99249edee8d0599a9777c3707d796442

    SHA256

    c12cb1316f492c5dd3380c2bf1ea2856b192488fed6254c1cf477e4577f0d4d5

    SHA512

    08a138355bec9c7f4b488dc87f6a53482c165f2fc7ab80727da05678fc21b6b9f0e2f322be4bc098789ea2360fb832a89df99eb9345dea20df96f81c83b59757

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6fd251598aac209957235db1c4b5a41d

    SHA1

    c84a6d802773ea92fa5ed84754d3b7b7b18cfc65

    SHA256

    61143215a45053827ee1b432b2fc4df98fd4a8bb21d0dda59dee2e35b463a539

    SHA512

    4d18825baecbbbbaddf2319b57ddc1c1d36d444c53df637ba22f9aa7c5059e8d06ade0532928681d481270849ac6a6c2d01c5f133d13b45c6fe2b91c84f4b750

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca3cdf92da2cc5f90ae1d949a6d99bd1

    SHA1

    025a410412e79379af3a15084bd6a393c4d88be3

    SHA256

    de09c751f28ab98c3ac9ffdfa1f1e2111343c50ca1b8cde7072f2705b288e4f6

    SHA512

    c425f7185b8ed413b3937b05451ada817bec2ea09fb5f8822334aefe3d047c3cab3c32b206191b4bfff7c29e68c070440dfa4f56f1a9706664a985724b6d6f57

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    caef44505778bfd0f620a750f891f1f9

    SHA1

    00e645daf40a82924e9e2a4bff15bbc35f6223a9

    SHA256

    22f9d52a110d640d064e05d74829ef66cd14e6e299061ab9b5fdd50a5c2cd088

    SHA512

    cfc4ebc8998e0117723886d29a03a0701c1245a9618e014043a5a619630f17f1eb64b49baa6eb94463a724ea383ede7e1389f984cc94bf3fcec9cf2ed0441635

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0FE933D1-BC00-11EF-B232-FE373C151053}.dat
    Filesize

    5KB

    MD5

    faa0fd0cda6eba05e2f64b93f0bb43f6

    SHA1

    cd9baebeea303ef7d9ec2ecf184981a38305b517

    SHA256

    edeb5803f05e203c3830fb0d4e1f8b4f1f3013910e9b346b68d25e189bf28a2e

    SHA512

    973a4f2d5c14f8284192288482ba320685e05489d71d4ee9e31f79ab540a17f62b12b138e2437ba60e909c116dfdf31db2cd0074b3a742580f7ae78a8f14e28f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0FEB9531-BC00-11EF-B232-FE373C151053}.dat
    Filesize

    3KB

    MD5

    62169eacde9e701f00ae3f801c5c8201

    SHA1

    c8707b2c68cab22a82ee9b2d372550bebe9b0057

    SHA256

    099dce0e88e6e17fe27c8b0785451e2dfd5ac0634d45031f2c7c9dbff6877e75

    SHA512

    04cdc23ab884bdc54e7e8fe3de2e7e708bc670c60056c2abf8823c88ea1608d8afa25a9cb6d58fe3b693a27ab1907ec027d49c5e6cfbb70ab4f30449dac851e4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7082.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar719D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    105KB

    MD5

    dfb5daabb95dcfad1a5faf9ab1437076

    SHA1

    4a199569a9b52911bee7fb19ab80570cc5ff9ed1

    SHA256

    54282ec29d4993ed6e9972122cfbb70bba4898a21d527bd9e72a166d7ec2fdc0

    SHA512

    5d31c34403ab5f8db4a6d84f2b5579d4ea18673914b626d78e458a648ac20ddd8e342818e807331036d7bb064f596a02b9737acac42fbead29260343a30717e8

    Download Submit

  • memory/1704-1-0x0000000010000000-0x0000000010022000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1704-880-0x0000000010000000-0x0000000010022000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1704-8-0x0000000000260000-0x00000000002BB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2744-13-0x00000000003B0000-0x00000000003B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2744-14-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2744-12-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2744-15-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2744-11-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2744-10-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2744-16-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2744-19-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download