Overview

overview

10

Static

static

3

b164e643c2...4N.dll

windows7-x64

10

b164e643c2...4N.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 03:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b164e643c2d8fdb91002dbc3cb445d39e54246e2373a9756f2280ad5ff585b74N.dll

  • Size

    256KB

  • MD5

    b838ca54e54cd92aaeaed413b57a43c0

  • SHA1

    75910bf07c400d133168de2e529ae17495addcae

  • SHA256

    b164e643c2d8fdb91002dbc3cb445d39e54246e2373a9756f2280ad5ff585b74

  • SHA512

    dc1c604a162e0a6ddbb28f65d461fb45d421c25378aedc2af6881ac77b5a000e87680acaaa0c08aa035101bf9054b232d6b1c48130fe5869fa73ae9194900bb4

  • SSDEEP

    3072:QKomU8Ty/v/eSPZwozPixqI13GKkjPmIb8GTuXHHetkqcqvnhzduNC:foSTE4xqI+P5TuXHHel/VgNC

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b164e643c2d8fdb91002dbc3cb445d39e54246e2373a9756f2280ad5ff585b74N.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2684
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\b164e643c2d8fdb91002dbc3cb445d39e54246e2373a9756f2280ad5ff585b74N.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2108
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2508
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2556
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2556 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2732
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:316
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:316 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6d78c91c184d1f04da836c9fb3a2494

    SHA1

    778a00e2cbd95a00b5343acb11065a21367b732c

    SHA256

    5cb1cc8f9f744a639e4bf1b866c3f3ca5d9e744f579c45f574fddf462c0be75a

    SHA512

    62a7d7ca3aa3f2841cff728e6e79f97a422ed3af5eb1c869cf9a76034a32f33d60bf6acecede7aee3120e282e42489c0c58fec8641c033f786c981c251e550ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    62d42f53fc31cdc5abe18cb0564c757c

    SHA1

    bcde5424d36d6c2ba26853010da574969798a9eb

    SHA256

    0fede71b0ae2c7b0d9ebe00e098bfd63a040ad7ab6f5db9d5958236c570f3c74

    SHA512

    fe33e64f0591034cdd2b1b4c18225ec708ab788fc3a14f69190e702e2e7d78cec609ab6a7fda480609632209f86c475d170cc4b742806ac0dd1b36de6bbfc547

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c5d54593655abf1e0e607b859d47c57

    SHA1

    b40d64ad744855a5f670d29a823e7856aabaac31

    SHA256

    8dc54fb8eea1c7701cf1692f3c857718bb56681983e663f2fc0dd42bc65a9390

    SHA512

    45ea51625d319765b20abed6fae819c1adedb60d532829d8a5a4dc3c0da7c2bedd0d8b1c676866398f580ebf729d2ff6e492f477061c7644271b1e78820c1ff0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    40a6fa47b9a8de987294540ba8438e18

    SHA1

    b8efd5059727384a5b030a74f8528eabfe7a33b6

    SHA256

    c89be709fed6934d348e572ae94787042fd8a12758c3d20187e230cebe0d097e

    SHA512

    84fde57dd26d9c6690b55b2166afb763ace4edd0e082df1bb4bf77f3550dd7846cf35e503be30d46f06d3f824f2847ce8fee2a30ca20126cc374c7261e5f7d38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b8e471cf85b33eac090d850d3d8b8a2

    SHA1

    af02e3504b3eb1249ac40fb7dc4e29a15744275c

    SHA256

    a14ee6549461eda2637f0f6c92cac1e87349996c9c2f87e5aadad0cc8d87c20e

    SHA512

    348d4849837cf8906b414118d474eb0f5aec16061b2073d5caaf9cce25b2dbf99498f3147bed8bbe07cc91d69e326e85ceb948c84264c3d3242a0e5b8476ffdf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d268f053791bb7fb1e046c355465297a

    SHA1

    73674c2fc1717180e62f723fc96e81693b9a7a45

    SHA256

    2326830894d283107ac35a7cba72618991be734214e98c81c6ac0376cdaa77df

    SHA512

    2364722f6586a1387c38e114c8389b4f5ba6e2d684ac0df01053e069dd7a5523269de255e9cab702bb4bf4d51452e303f944b22493a42eaf9ead3d402cee5381

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    247c1243b4e4045ce87443361208a69e

    SHA1

    2d91858c84be78959a7f246dd927a54e205bb7df

    SHA256

    5c307d66a261786d471d81644db0a3702a3235e25bf61375f6dd66b30117042f

    SHA512

    cab63a1787b6568daaa2b80bb9c840ea95144638e596b68b5ba3b95e2219ec7647e26a10e14f80dc19a0aaa9d77926e396d9ae04fe8d0e4821cce508ca36aece

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ea761c0cc3823ecbfa1e23a3159ccac

    SHA1

    4613d9c3bc5a6423ae7291086a84648279a5a057

    SHA256

    36526029b22877cd3efa47456c85c957987c1686f4ebd15f57f3107057237e50

    SHA512

    60813ff1c1edea4c29484118c0b9a1709014fb86c5384fe2c0dc76a75e8724e77a3263b568ef4aed3ebe4a171839735f2d298af6da95f56241d814c7b6dbcb7f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be9edd996509e973039f1e9c4a6721d6

    SHA1

    213318eacd92e5ec21f6191727fc9468cb5c411d

    SHA256

    a9e5168d1db8869963d6668d899754b7eb9e8b0d12bad40a1f1be0b2d0514890

    SHA512

    4878b9016ad863a8f9c43017db275e597cacd0d4d1666ca63101176273472aed1117c27f0c9f4287cd88d7dea3e55f7d158e874e2bd351c9df631d3345f90565

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    227a21093bf3fd8bf7aaae4bbd27ca42

    SHA1

    d860ee866b83cda72d99c2a2a9970baf428464ee

    SHA256

    8b95f2e87b6241f618ce3bd353ccdaa05286ce2d1915079ef27b859a844b2ae4

    SHA512

    12ae0bebef2f9fc79defe864ad04c5b14b5bbf035fee41329464c80888ed322b95ba1e98de1fee8dfff3dffaa49870a8887e280f6c8fafd8fc21047b14d21387

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    982b9ea212b68023f4918ae0ef9315a8

    SHA1

    f9d7699e497865c7e979a8c8369ebd3fc1ad1b15

    SHA256

    2baac47cae528a41f702f8b3262809066414acff4fd835e5421bd8bdcf0dec76

    SHA512

    0b9d983fcb81a7f122e8e1bcd670733eccc0f2a0d875eeebd7ff4d647d943d22ac054aae87fe85877cd71b34d51ae899ff1675223c87acd0375902f043dcc0d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cbec1ee6fc5be41ea1329acfd3591866

    SHA1

    e1edf921583632a7176b0cfb1f8d8f94e4b21910

    SHA256

    7c30bf4f9e421ed8b4369fa0f2620056756f2b351ca72a8a049ecc258bc8e679

    SHA512

    39869c71e8a4f03b54df1708c197d15ae3553ee734a0aef93792c57fe967a7de18073b46781f9dbc8a3cc89b1bbb0caf40dcb4583f5c234b558b350a80cef19b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    33a828851bd1dee157a03c9a7f5da72d

    SHA1

    d0c8c4c061d0a97e90fd52807327d8e5023a8241

    SHA256

    34c125d0423e18a9918ee8572a72badc13c190c05a51afbda9f211e1ab5bae4f

    SHA512

    fbf68d27f377004da844f4d62847f135d911ee2242cfd17e51d153ad62df3f315cd751867a07d263131b49b71b2c4681e8ad103d8490bc7a316a29d98e590494

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e560bcc4abf48605f40bf5dab2c9b00

    SHA1

    856304fc9292a4821ce79d6f11b7195f0ac42921

    SHA256

    d84450a29580c6efe241dcc2e7dadc95857fec4fca2b866d1a977fd0c3b5ab8e

    SHA512

    40396e2d6f2647c15aa3429fae3aae54f41dd089359b11b471685c8b3573b5c7e7469e1e62ebab0522d5fd7fd56dcbfeff080a6e919ad33fd4fccd731bd7f308

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2b35e8592d27f2d55e3803768d9783f

    SHA1

    c72cd4ec8f33896dc0e9bcd720347d8ade7c878d

    SHA256

    027534adba3443cf4a3b3138cc12b3c1cbb7684d1e9232fd423da1b549c81e09

    SHA512

    dff5bb6a9dd85e738ddc90ee1964b111688f2a2e149af4875c20460df824d5fb1d69f429963e17e402c977e89889a8c6498d26ad5a3ae6073d7aa435d08bfd49

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0cd1e11d1b7ce2c6ec76c9b81b001c7f

    SHA1

    33466b0f2caa155738968d15ad5a6f37fd66e55b

    SHA256

    04791929fb0613b700ed6fc45fcf910eb61ec3f3e24e2f7e166ff1af34d3428a

    SHA512

    a5dde009a7a0e808de34b78b936ab7371c8b0c73e902ab2f215062b3b1d8f17016509ea4e14bc54678b13e07cd220cd182e7ee5b28a35b97aeac280f754a233e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d68527fdbcc6ebcd6bd542ff0f1429f

    SHA1

    bc96acad61838a91e0230b5f100940ba24abf38e

    SHA256

    dd3c27498001e2e6eb0c1fd62f3104e5ef72c891ec2f20b917c91175dc5a3eed

    SHA512

    13ba52d25f69ef34441dedd4e0d495bf7718076cf251ca2c351ea173a187bc440fab72f856e4314dfde6bf72ec3a0baf8fb7fc062886bb17793a1505720b6faa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d7d52329d4590a346ecacb02316d11f5

    SHA1

    9c497acdca3481472f3332b06f427749daeac6ca

    SHA256

    11f33bc941fb7b5363f326ac4f5080c1284195a83543a30b5ed65fedc4824c52

    SHA512

    a5801d8a99c4c0c98df5fd3a2b1cace3600278b62eb85c50e010b3875e2a276a039a94a15d7ca4ec97e20b14e01309a451f9055b7b1be2aae5305c91a55bea1a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4de16de1ea03b5577c904637693cc454

    SHA1

    c138e41675a2d1ff5c546ba7d310bd9080978679

    SHA256

    4fdf83322cc8e82d14da29e06247dfb469ad7c668bf0e35cb8023661ced52b60

    SHA512

    eeab575cd1fc65df865bd44f18ecacee37bd07de030b43a6366f0e40353055e9761a9f75ebc3f81d8073b3ef69eb6dc7b52183f3c91f2219c6fe3afe454a7626

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3B710AB1-BB5F-11EF-A58E-EA7747D117E6}.dat
    Filesize

    5KB

    MD5

    a52ca8595e2fe3d15281ff2375eed7bc

    SHA1

    bb64c52c4c2fbc01ad93b3f23f8a3da07d1cc228

    SHA256

    9917abb4ef5ccfbce286e3991c03a7212422db5d32f93c331c917aa84298961a

    SHA512

    2f136654f5ca9354d99234feddc2e609b6ee1d56e78b753b3a8b9830a1ba57baa0ad44eb117de601d473af0935f4f1a1ff640fc307fdd945a69ba02e188f8ce2

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3B736C11-BB5F-11EF-A58E-EA7747D117E6}.dat
    Filesize

    4KB

    MD5

    fbefc7d60bceda4ed1acce2d36080818

    SHA1

    af7096f113e2c139ef087b3914c433d0c38f0f55

    SHA256

    a1749f9cfd10d0e435bcfaabc4489f0ce3ec12b9decacb6bef46c844a51f96fa

    SHA512

    7e2c3fdfcd3f5db49ea22ace665a35a1aa99c60e3433ea5214e3eb1296894c1f2586ad3a6728159dcdee1d17b4a5d3bfa3d4dc2a6b133c29d9a005daab8c60e5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE006.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE076.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    105KB

    MD5

    dfb5daabb95dcfad1a5faf9ab1437076

    SHA1

    4a199569a9b52911bee7fb19ab80570cc5ff9ed1

    SHA256

    54282ec29d4993ed6e9972122cfbb70bba4898a21d527bd9e72a166d7ec2fdc0

    SHA512

    5d31c34403ab5f8db4a6d84f2b5579d4ea18673914b626d78e458a648ac20ddd8e342818e807331036d7bb064f596a02b9737acac42fbead29260343a30717e8

    Download Submit

  • memory/2108-4-0x0000000010000000-0x0000000010043000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2108-1-0x0000000010000000-0x0000000010043000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2108-3-0x0000000010000000-0x0000000010043000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2108-13-0x0000000000760000-0x00000000007BB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2108-12-0x0000000000760000-0x00000000007BB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2108-0-0x0000000010000000-0x0000000010043000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2508-17-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2508-16-0x0000000000320000-0x0000000000321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2508-19-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2508-15-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2508-14-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2508-23-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2508-18-0x0000000000340000-0x0000000000341000-memory.dmp

    Filesize

    4KB

    Download