Overview

overview

10

Static

static

3

7d30d5da78...aN.dll

windows7-x64

10

7d30d5da78...aN.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    67s
  • max time network
    70s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 04:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7d30d5da78a2f048bb0e37599fa48f25454e9aefb27048b2fc89636e2ba1016aN.dll

  • Size

    319KB

  • MD5

    db7742f24bd25fbe716ac0b850e15f90

  • SHA1

    3d8850ea96fea02e2fbf8e9f4ee3107cce9ae50c

  • SHA256

    7d30d5da78a2f048bb0e37599fa48f25454e9aefb27048b2fc89636e2ba1016a

  • SHA512

    74db47dfec60e38642b68f843596402cb83ccda6174cc9a2260ecdbab1ed6c2d2617e04f012d32eb1308eaa2edc6d287150bd383de195f8dbee1f420bb84088a

  • SSDEEP

    6144:EHs/3ZcqyeJVOtCJQWYONOQVdSPh17rCNWzfTq877Aaq8Pg:EHsPZcqyeJn3SPr7eNWz7q83AapPg

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7d30d5da78a2f048bb0e37599fa48f25454e9aefb27048b2fc89636e2ba1016aN.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2408
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\7d30d5da78a2f048bb0e37599fa48f25454e9aefb27048b2fc89636e2ba1016aN.dll
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2040
      • C:\Windows\SysWOW64\regsvr32mgr.exe
        C:\Windows\SysWOW64\regsvr32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2604
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2368
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2928
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1984
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1984 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c0af9fd79536c3314b5a846ab9d1c087

    SHA1

    48abd02933441b50d54b7be97950c28123dfa830

    SHA256

    bdcbe367c1ffcd1e686b93f95c8ea0b5d7a4982c2edacbba1f62785584a209e4

    SHA512

    d0494698e680ebb1eeb5cbab72c2a213171a908e3164f48b096094423f5b9ccbc165d17601a469f262b0f8714ee3836b6119a9af5f9e1e2ed330b556a5a1b12d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    58fd758c806595483d2c72796b7c17c7

    SHA1

    b2218bbeb9899619a1a232dff9daa02ac64d349c

    SHA256

    f9e1bf00f047150ee05c19561cd4194b42f0ce37e6a4e7a0237997134d6028cb

    SHA512

    a9b72bde1ab66ca8a4c8bbc92865d3b7be56e46b5801e4da017a6784188fb4bfab4d08d3993feb4ffd5c3ec2b95edf2fef6cb6d9abe077c74db038dc18a47346

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4a491604a110525143e1302b4b4f4fc1

    SHA1

    1f467e9cdf84925aa952180d75566e01688b17ce

    SHA256

    666c9dd897de93af2f1e5f3acff84e62433d04f18b80cf82c2cf174220d8ee85

    SHA512

    0f45f0872ac19d9eef7d33347d44d02572e4fb20e0c481598371eacb102daed4807b2e1a845ba9c8b7ead083b21d4650497433e5006cc1d89ccbed6e5b9e8037

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    410404b82b1bd66c6607460837bf898f

    SHA1

    98b4c523bd9f23349cb31a634e480009472d5fd0

    SHA256

    2733a9ba15f36f33b45c375dd29622548b542e622a57f7a46eefa9c29f90c187

    SHA512

    32ed7fb9f7010d79ddca20328a1a91fd82f62823311d28b73a956a19a0e2fc15a895f4b98fafde82ea2daec262dad0860fe6a1815e5794a2b89eaf4990c07336

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9a7454ca676fbffa39aa52ca9dedb84

    SHA1

    31803e974bf760347086e9d741a5ee0e1b70dec0

    SHA256

    05edf4349b90951146ec481772d182a0c915c48a73f64324412f13026620a3ee

    SHA512

    a5f23cfd666f127086a2e1499042190b226f5b77b7ec5946b8fd363dbd1e4a19bb8859ba5e4c919fc122bccc57694c162a68fabd10d86717c1f2298e76ddeeb6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b6d14de7e5c9f963a6564d636430537

    SHA1

    49e154a7b595f6225d55b1d5f10470824b0e1ee3

    SHA256

    7f6dd7ce314af73fffdb60208675c4c3ad2e8905474caba0b8f2f20313a1b031

    SHA512

    aef3697be953db8a853cf91ebd7a2172d07516f279c6a20694ee1fc6c101b7938235183074c5643bf87b7cd80918aa71694bd533da734d149ae664d47bd764fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3fbfc207ae76d90180c18f4d1d7f1296

    SHA1

    f7e70e926359e7af0ab1e064df17910d1cf15b58

    SHA256

    8f3690b5722fe9d883cf94486dc1c297c42c63a51dd7b6acd36ad5698168762b

    SHA512

    3f6e1cb0e7b748503b51d5d94f6e74903f01510730aedb3b2515f717c50c5b32bd3f3ff29c9e5df5198be820a4efbc17c505b5c16b4ba23cf5dd6d8002f37909

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dcf756ccf49b1e6a00677f6cb657537d

    SHA1

    76c4e0d66592cc905fae8df191dfea770c192f4e

    SHA256

    fe289241e3115d9c136325801ea6373b5626528bec79fb4502f228e9afe7e675

    SHA512

    4eff95466f22a6cb0473e800fa46ae89c30aeab59a190e1d4276f492bb9984297bff4ea99055deca2b821e3902384a9fdc3f042687ce92846b3331858cbffb89

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e5022e9cba775f61d0839782b0cf81e

    SHA1

    8d1e3463fd7548a4c6e39ef8256831f52e9a578c

    SHA256

    341842a871ac8449049018fea744304e67b46556f0bcb6ea6079eee16388fa50

    SHA512

    cf017ce7421e188220301db14e626b2f0390d814f3e40622c9e2b4a34bdc6d03e1680a250fdb2dce11ac1328e0f49fc82467a7950b25802a609e60a6769cb3a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d873461462bc0d081c738f7ff875a4eb

    SHA1

    e8fa763c9d7544fc73e32e45c242eb53a02d26cd

    SHA256

    b89e3692001dd64f0a2b3da1a29106751cbefabc9ff49c08befeddeb262f10f2

    SHA512

    26fbf4a0ba068cc45ded71d8edfaaeadb99fcf1795133f6efbad5bbee65c2c4eaf21f17fafd56dd0f9ac93478d2840cae416dd214b82e9df1789972688cd39a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73c7a7ae7ada9858c5d524430ed3919d

    SHA1

    dba32515c117912871ed59a6b7829a3d556e5d90

    SHA256

    d8882b6f1a3e998aaf49ee51728d934f72c4ac4e95434549f8b19552af77a08c

    SHA512

    6541a2757d0cb1d1b5050ab6c6461235e2af33d09021744a9c9b8f17a18eaf26de5f4a628931a57ee32f9f88f9e1a49d5f133040d47dedc057c95685a9592add

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    80a82f18d153ad6f3384e7f5fc3189c2

    SHA1

    e328a139ab0fb2c8cf80d2e748e03e411323e8d1

    SHA256

    7fb8d262d66ed5e64e492e37deb5a99fa012c7cd9a62a816ab1c39e93dae111a

    SHA512

    00703d75c26890f24b98e0c3ad8b8eb169a1629bbc9c7c91f2bf9b883bde30f6012779edd998e6e1ffbc7ff3481ba61baa7077b2a4e4e1f6d9a1d8fc2ef3a865

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    273d3b47f988f4d597ba361832d17187

    SHA1

    3ee00c193edf2be7eeb8bfc9b680f72c34bcde18

    SHA256

    b495b8b5a21e961bc1645244ee0f2644898525ee81b39284e791f192f7b076ba

    SHA512

    b9e3ae16c6767ffd15fd783cd0a6580bc1c26dfcedd76cfaa89cb8a7d8fbdb3ed43aaae7ddedbbc96fc861028e950dd22d587728932816a0c6bcb09e47095514

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5ff2d42f148c0fb1413cce690f1f01df

    SHA1

    a840b4a8cdc84528bfadfe1756b1949fd3af7edb

    SHA256

    0bc2b8cb3334ebe6ffbb32a4399089f7ff30c6f5906ef8aaa15878b694980711

    SHA512

    1dc4ff9cd7bb8c27d9a974a705faf2303cddbd1f81dfb84085a157ae04372032e7f35ebbc10fd116018c11025e5642f062890a513c051c801d4b58e0529e9b6f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c888c84f6996e9368a292275a659fd65

    SHA1

    a90867b2ee4b83d0eb4a2675101fe004938cbf43

    SHA256

    5afcd9b256c4a0033e044b7b689451d2de5c0ed15b26690c1d65e7dfad06c773

    SHA512

    ef2f784276c243c609d1e1b6efb547d35615cbdb1266bc13fa82d0cc10a1e0ab5fb04580e6c1ac236db793f78facf1bbad405d594f03db011a7e5455efe6f961

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    25ce6e430dd6be1dafbb2f0c2b2aff5a

    SHA1

    46ad5ad2b69bcd9599eb442b15e387eaa5a84101

    SHA256

    feed86181b92fb83e1c854108c7dcb20fbf082d22329dc21048e96956d08f792

    SHA512

    c8868ce7045a1782948ae8e3e805f96dfc54c707a7f086d831cfce14b7c0c46cfe8b256e6bd86fdf1d9971bbdfabef1f8e3f6a5e3b97ddc50bab82b969885075

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8274AE41-BB63-11EF-AF8F-6EC443A7582C}.dat
    Filesize

    4KB

    MD5

    6836b28b304702eb6d4bab04e7c52faa

    SHA1

    8e3283210f4c4952e333b3f816c1dc34e60ccbed

    SHA256

    a2556e0e429f9ed29e36b1b2fcec1bec946b55264235f136d5a7d46dc16beb80

    SHA512

    87ca14971acb88ccaa90deaeeaa19eef68a7f5f42674e1dee69395c2ab0e04e59e8f84eecc174cd201413f9ff6a3e513705e7016f7d9d2f09f6be7ecf5e9c76d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8274D551-BB63-11EF-AF8F-6EC443A7582C}.dat
    Filesize

    5KB

    MD5

    3a142e5d87ccb67759b93c46e28706a0

    SHA1

    daa08cc6b42a615bf584fee0489b0fcb91dd49d6

    SHA256

    4fb5dba8b5dfe6b6150b76d9af5fcff7748567640bc6bc3dd34cc89637d60ad6

    SHA512

    eb069ea46a4a6e1af03854528c06dfd967187516a2b396422771513eade42f1f69417524c45b961c9b46edf211487e2d3c5893c5dc18fd8dc5183d116871c488

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDCDA.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDD99.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\regsvr32mgr.exe
    Filesize

    105KB

    MD5

    1713dcea0892955ae4ad238bf4b9a34d

    SHA1

    172c10720153e717402654f97ad56516f43705bf

    SHA256

    e4cbc03a8bea10728e756b7187435b3675af2d45ace12e6b6641e44b25d54b23

    SHA512

    e0a0a1ec9e9380bcc1692016dcadb6b794ef13e3a49b9709799c8b281401cd0faa0b63b0aa0fa750820cdec674f7c6e02e259e66cf843975fcbd49e9c1be021c

    Download Submit

  • memory/2040-3-0x0000000000370000-0x00000000003CB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2040-0-0x0000000010000000-0x0000000010054000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2604-11-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2604-12-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2604-13-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2604-10-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2604-14-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2604-18-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2604-15-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download