Overview

overview

10

Static

static

3

41dcfef8aa...aN.dll

windows7-x64

10

41dcfef8aa...aN.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 06:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41dcfef8aa5c73b86e19d6a364a97f187026ee91ad2e5651fdd1bd02bc13d3daN.dll

  • Size

    272KB

  • MD5

    b8296554fab9c16346eb39fad1946170

  • SHA1

    a31007dd5221b9a1573b28185c45db00d6ca6fdb

  • SHA256

    41dcfef8aa5c73b86e19d6a364a97f187026ee91ad2e5651fdd1bd02bc13d3da

  • SHA512

    61a210c5399d4bf0d6f55b8a5561bdd753811c1d6fbb615e49aff8c95ed3d2936c6bcdbf42d1fb3aeb7c37f7db518acebc32e25705c8402f6871a63c7348aaea

  • SSDEEP

    3072:XAG3k/7fvPxnCi6IQCavh+tqZBosJ56GTuXHHetkqcqvnhzduT:QG3krP47IQd4tmZTuXHHel/VgT

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\41dcfef8aa5c73b86e19d6a364a97f187026ee91ad2e5651fdd1bd02bc13d3daN.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2096
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\41dcfef8aa5c73b86e19d6a364a97f187026ee91ad2e5651fdd1bd02bc13d3daN.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:720
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2224
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2576
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2576 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2724
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1864
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1864 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2756
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 720 -s 224
        3⤵
        • Program crash
        PID:2452

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a0786f084d866fb160b7c8a0163fba7b

    SHA1

    8825c83ad3825c85ab7804d055a34f6b2ac45669

    SHA256

    55965c9f87118c2b8433803ace4cfcc3396be4a8cd12590650766cd6475d59bb

    SHA512

    2760d6be1087416254df27220c9061764c18d919975fdbff35274bcc4abbd7526dd4213c53bc98f7e1a52a87b3093746cc35bd369b936c5f14bc9e3ab5cfe63b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    69865d2d2f21be5e4f606a9474af7a23

    SHA1

    554c8a36aedbf6c9855e1ad36a84421fd677edcd

    SHA256

    b7fc6e64c8c0229d1d209fca7dc66d28eb6f27880a484204ac316a4876b376e9

    SHA512

    1a463ed770b7e26d62c829f74de4d4f67ddd8c29d9395441d070cc56467c1618dfe915346aa0b0302ff63fed06b483a49ad7af87d4f23dcb5e47a6b4f5eeee03

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94004ca62bf8f476d98427aa61bc01bb

    SHA1

    6dcd3b5bd22e085134b777ef73215b9ee4840755

    SHA256

    3b811b91d0726eaf803642ea485724841d1fd3586b0e53ef60a8423dca08a69c

    SHA512

    d3b9670f3cb7345f58cc7d252a7bf82bb48923f798b31b499ac41da67f8428b6108d51d94199e28970afff9eb9bb1c8c0aaca9707efc0c4c59c2d6702c67bd4d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3c39309b77787607ee5b879c73fb4bd4

    SHA1

    22ba3270d5a30732380647a0b685b9b452ec59b0

    SHA256

    0423d2914bb6319723f337e7fd77d82b0aac9acea39ae612bfe7d749012d3f14

    SHA512

    a0370384edfc1b387a6f64e51ee65f401b6b3d2b6e7caaf25c35e2e7b20e8b9ea724c6a88eeb588f983c5f71b466aa92a15d359b7694116a1341d55e734fd189

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bbd11bef5dbf5f8819890853c3abde11

    SHA1

    502fa2dfeacecdf9e1177f26ba981dbc861f2326

    SHA256

    6814996f992a6bd329bcd31907fd712f0c8f55cc93d2cbd00c99f9995d86b72a

    SHA512

    24041d9e0f1a05190468fb474332d70e5a3fde299ae0ad3dfa1291ce52c1d50592bbb039a3f67568ac0e808483d671ec723b3f2911f8e81a5888748b00ef171d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94a68ea1c8521eded3773d7d9c49cf5f

    SHA1

    030a48d0424d3641bf61cffbd7fd7cf125e563f2

    SHA256

    9454e485f017533d70d87144a52a235306762f0082063e8c7237e64e736c89b4

    SHA512

    63c8c54f8e01a94e217fc1196ae1bc841cf6614deda616619dde5916f58fe5de27331070580751f72e81ae0c59cb3ce9da079a1bd8eb829c50ee3da09db31c28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c3fad89d673e95323694caa1223986f6

    SHA1

    ce1d532ac4fcce72a72ca0a44b0b2e2cfc7f238e

    SHA256

    f263ea6b649ce8149bdfd1ca58493e7cdc1ec2a0aa37a230271662cb2e0f85c9

    SHA512

    4368796dacff5762b664fa3eab81b25072f40d4f1fca1f0cd08bebd93cfb0afd7571354fa11a4eefd17b3729e1a5314b63e42f112eb8292e6655feecf14da216

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94c4bbd52ecae94cb563989680e34a70

    SHA1

    be8e0ca02c3332bfffc569a5a9d98529d48283ed

    SHA256

    75e4b3277a5398cd10bd4b9cd0541e07ef85fa35a109987994bc653bf1225ca5

    SHA512

    852c2772e9021a02022f3a7a4e155e9ba2cf3a735ec506e8e89bb5e7ff37fe811d27ec2f79dea8523b6e17e640de2913e985b8a725f0bf1c744c4806015b6ee1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eaa3938334f0e4d9fb26b3a8754d8deb

    SHA1

    2fea3c313320f30db455252c35ed343a4497f9b0

    SHA256

    cf9c212e3d5f9695d4f6cd43f1fad82782fc0822cd97ff33a627a5099e377bfb

    SHA512

    cddedbb1f511e95a7bcae7671a963086a436a73e61dbc1c7f4b00d8c383f64f4cb1ed7801f3ce4f2fc53b78f0d8a531206f483c263d7d89587ca027b51362d96

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1241143733b8b4d1518a56e5aaee6cf7

    SHA1

    9a1c1a6f38a2dcf77668be017a6abbe3cd903812

    SHA256

    a1b6c33c23d3d43bd4a85b3af544960d8fdd5bc9a2875abf68c13c680f0306b5

    SHA512

    5520b295e2dd9d532acb82d4ea0d23d0114d0cec87ba2c8067d611930486cc0a4f8d04034dfc11c191df5d1ae00a123b43ecd5da69318b66165c242115a5cc9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3eb5d26c840b58fbcf7d483bf3287744

    SHA1

    008ba3fa4a945a84aff15f5aa05248c74f815e3d

    SHA256

    3aaf3237e419e985128da9cb78b595b97d4a08e6fde07d11fb0ef002834ebcea

    SHA512

    a3190fe9731f5aa7853dfefb73973bcd5ad501e4bc42da810a6d5cc79e21e6764558832e65bca93e15e06e269c52de0c9af4ee07686a5d22e5c77e13e771a396

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    15db3ffb3addbc9dd70971b609f28a49

    SHA1

    8105c7a32f94af5b947f2b9e8f4f2ebd91695244

    SHA256

    d37a2d41e079f58eadcfaa9bebff39040e728bdcd14d0caddd2e1099a1658fe6

    SHA512

    73a2b38b5193e442e3cfa63753b5a1886b3870612124d6c91d0ad2db8e813e3622c2c7bfe99280c04146a099e35358faa64893d6e777768c88648359b41824eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    62ed4436cc0641727112c357f8caa88d

    SHA1

    0e3e86ce35b3a810f0e330c5ec88fa8eec91710c

    SHA256

    eadd08372e99546ba55c3649ba7894bc47e0b8696faa2f8a85bb9496c5d0d595

    SHA512

    b3f572613007157cc9b9f197d2b9398f81cd9b9c0a789a30939636cd3ec7a588ecedb31bd621446a55acffd7f065d0218a33719a9d4d8bfeef20d937e5ffb063

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    96249a746234781c4497fec5122a611f

    SHA1

    e38176499e28d9a98851eab95b644f077043cf13

    SHA256

    97bf31d1e2b40fd150391fd698f791f1bf50b481a6fbd982f44c20a2777c2e01

    SHA512

    289e90d8e151e8e91e0806519bb063a7f8e38d2d5069015241bc2d31933877b75d616b24d78353b5c236535015645d49a2e2eafa87b777d770bde4878da2ab28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2988464a60c5aee13a28c345b0932f2

    SHA1

    ef523ab20d962c478caed97c948d145f0452d5a8

    SHA256

    cb26915735499f7203eff46fb7d74635bae6f86ba21168cb23257952a2404e59

    SHA512

    c3863ddab0bdec0bfd04e75eb301b23bffa2f2234183bc2d2160eea0aef2067bc20c82ae8161a939a3e39ca128042f91b7df5e63d9e56a6b97910f810c4d4ad2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bef47d395b8797527d3c1e0479cadc29

    SHA1

    a6ed760fc2866af758ba51e96e7b3ec28c3b3b0b

    SHA256

    131e0028af1865d97c5f16a3833d99800c67a58e56d1403810e2acdbe1f6004f

    SHA512

    a9f8a5a339e935816e99303dc0e6961b0f1737a474e86a6fd0726349a572f19a22bc4a4d6b4585824995be556f95be7a9718c0cb7ecc288da3176465c340baf9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d749de127df70b034bc82ecb34cffc0

    SHA1

    963291913ceaa47365ed0898ddcb41a8d8b1c395

    SHA256

    33b4bc8f9d8284f172e648aa75873550af198703fef710ab1f42fc0bd1501dea

    SHA512

    b91ec6c513280f225aabebcfc9fe12f65d0759f8447df2e084bc7dc3ebd93c3532d17e77e8846c771ff02214966ae4a69b7771eb08a6da09225510995755a8e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3564ab7caa5f433ca730a5ae74462678

    SHA1

    5f5f6387cbb5107c37dde9942dbeee074c87fffc

    SHA256

    03542135dff2d4d8222a3b6b1cf1cb63691c6add73eefe0f33a2ad1784a34ff1

    SHA512

    23c215e395708ebcf576a97e507e3c945fbf2496fc000c91b96f3948b847ef0b16942d2602ff78e3ba1367001cbdf788a392e9c607aaa22080b4c41c2f298bc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b3584f7cd13a8d395dd0732bf60ff87b

    SHA1

    f86c8254f76ccfd7bd113459977c3425f42a5cd5

    SHA256

    9c13f4c3fb7d3f7d9a77758a0435221adcf8222f295c68d1a8e344bab8d8a607

    SHA512

    5aff93a66dc39f903ed4aba91b459a3cb88c4c74b5aaa47621b62c44f4322dbb863614e485b06704c9dede4932e33a45d3c916b973b7b71aff8e2aed40a01d37

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{24DCDA21-BB75-11EF-98DB-E29800E22076}.dat
    Filesize

    4KB

    MD5

    8bb2f962c0b8a9683717fedc6c3da986

    SHA1

    655d0a15c35a6490d759f7aa5378ca5c219bb485

    SHA256

    644dde6833cc530cf84def23a778d86904583fe1e1eff34039e88653de881fef

    SHA512

    7a05b7df9b7a358c0337c0fecef49043285987428275ef3de2aa0a8d0579cca69dcdbcd0e1358e32b1ab4a58ddd2ccd7b8f28458c5498fa2bb8c3f3c8bbcf0de

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{24E19CE1-BB75-11EF-98DB-E29800E22076}.dat
    Filesize

    5KB

    MD5

    d59bfecce7196d8cc9594e55d3d8c701

    SHA1

    2a7e9dac62d3e11a78ac8b6578c152df62dcb3be

    SHA256

    88695e1918cf3d000d64a3aada3388b415594193f689977026152acf0bf9d072

    SHA512

    44ce8dc0f957ae27ae5cf98007307c410e9e67e1370156b61e6c15832f4008aeaa86804499c54ee9d7858c2a9450bf31cc8beaa118b447469d5182142ba4123f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD378.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD427.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    105KB

    MD5

    dfb5daabb95dcfad1a5faf9ab1437076

    SHA1

    4a199569a9b52911bee7fb19ab80570cc5ff9ed1

    SHA256

    54282ec29d4993ed6e9972122cfbb70bba4898a21d527bd9e72a166d7ec2fdc0

    SHA512

    5d31c34403ab5f8db4a6d84f2b5579d4ea18673914b626d78e458a648ac20ddd8e342818e807331036d7bb064f596a02b9737acac42fbead29260343a30717e8

    Download Submit

  • memory/720-21-0x0000000010000000-0x0000000010045000-memory.dmp

    Filesize

    276KB

    Download

  • memory/720-2-0x0000000010000000-0x0000000010045000-memory.dmp

    Filesize

    276KB

    Download

  • memory/720-3-0x0000000010000000-0x0000000010045000-memory.dmp

    Filesize

    276KB

    Download

  • memory/720-0-0x0000000010000000-0x0000000010045000-memory.dmp

    Filesize

    276KB

    Download

  • memory/720-11-0x00000000001E0000-0x000000000023B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2224-16-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2224-14-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2224-12-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2224-13-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2224-15-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2224-17-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2224-20-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download