Overview

overview

10

Static

static

3

65ccd55214...cN.dll

windows7-x64

10

65ccd55214...cN.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 06:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65ccd55214d04e7abc7a225a424740d61773c89b4640477086ec4b5fecfba9ccN.dll

  • Size

    256KB

  • MD5

    9dc6a986c4c097c9ff0b01c162b6bc50

  • SHA1

    74088cf3606d419d133fcecc884b3fc465ca37d2

  • SHA256

    65ccd55214d04e7abc7a225a424740d61773c89b4640477086ec4b5fecfba9cc

  • SHA512

    c2e6c2aad92965098c79fee6dae0eb12cc173955c485c79862a9889d7fef6c3b447a8c6954c4bda72c3e4b1d0784d79a718f4f3c59b00d647852ef30c34561fe

  • SSDEEP

    3072:cKomU8Ty/v/eSPZwozPixqI13GKkjPmIb8GTuXHHetkqcqvnhzduO:ToSTE4xqI+P5TuXHHel/VgO

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\65ccd55214d04e7abc7a225a424740d61773c89b4640477086ec4b5fecfba9ccN.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\65ccd55214d04e7abc7a225a424740d61773c89b4640477086ec4b5fecfba9ccN.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2644
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2888
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1060
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1060 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2980
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2892
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2892 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2164

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d32edcc850d0d006105e72d755638862

    SHA1

    efd4d0614744105cfcadaedab6810077fa48ec27

    SHA256

    2b0f629b8d9caace5ec1dcd620408ff31b3de28aef59b21b49ea0d7b16b06e9b

    SHA512

    82cc410e00120c9b1eb92c72877e94cb38911f82188a5b42ad025bc04c29137e76d1060acd2f1f07d566aac12a82684352d5f41d61c2392b1fcd7dad903b5652

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d97d5ff76341845fe21481ed7ecb3efd

    SHA1

    82b39fc204c4f3fd6a55acd39feb5f8d2671bc0c

    SHA256

    125efb90b9f99e13cee4319721c9761084c7c5ceb410dea678170b00982c441b

    SHA512

    d1f884f8ec926fff80a630b1a9bb0acee5bbb23687810fe9b754f3ea854dd5ee9c8960ba1b855566e14cfa80be1db2a086bb9edb691f6f501fdeae25ca3aeba5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6dab0952fe7693246e9d9c33c9fc8fe

    SHA1

    e2209a2012981f25d5fcb4c1e5b41dc8e497edfe

    SHA256

    a01de47184867bb562934fd0d05b76c1dd49efc13d5492faef87d7fdd783a3cd

    SHA512

    60441f60b0d74d3b22bc4fd5c9aa30371439ec543150c2b22538c1e92a9a0cc5daf9c18f4a7383ae04b241205407ac5728a91b50a683a1204608fb5e74ba0618

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    23dd4e7e0657b643ae3f7cafbdcf94f3

    SHA1

    fa86bcd2ab1441e663960d224bf566783ea4cfeb

    SHA256

    52f5f162290568979b4ece4f3cc091fd44c25afb230f778dd763ad7cc45b4cde

    SHA512

    c22311db036f57a016a6cb1c06b8d34798e02e3efdf3a99d3192ac8baa5c756e487335d27f586f707e9c7d24ad7619f33ed0ea2bce5f2628d58ddebc36962aa9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e46d62474e9f431b0154e2516ac83421

    SHA1

    aff41bf03476e4e59a43fdd9a16735b999794d62

    SHA256

    ab178afcd404dbca746e028fa15097247107fc23414bd8f26d9337dfb19d92f0

    SHA512

    59659ec4b754ff701dde73e27bce51075ecc257a8b52fd2b96ecdc7ec2994b9ecde21eb7eff40532e3edb5caa2562efe71121e701acd29c5a199e6973747d282

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92f7f9ecc332b3003c672b954299212c

    SHA1

    85144c42354c93ebc1a53cd79f06d1b25d2ebc03

    SHA256

    0d1f8214acba65c1f85118de9fb640d9a5d15b7e1e7fcd9b542ed289d6420a2e

    SHA512

    84586dd25f384e706d6c8cd7db55343ae9f8e9bf6db6438bcd4f3e67be3a6731f58630933a74099a0acf0754e13aea4924fabd7bafa5da3f05dbb5e6862ba0ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a0c2fd3807511fd6375869723d90bc2

    SHA1

    273c033a7a602cf97b4bca78c18f13ab0522da24

    SHA256

    51496e729054bcbd8a8694b8d3fe1a3352c221326bf7ad2dbae0d771362f1aee

    SHA512

    0b5b4c686738e529c30575641453674a0bf314c87d4c3d174b56290ca9f4c2296540ea815875306fcda5efcbe9b6281e7d170cb0827f9a076c99e24d6c1af2ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ba2c66c2c1c649d300690e449be9fa2b

    SHA1

    0fc5d8433e696e617ee83379f24ded78cada87df

    SHA256

    8032496f026216b7894a34b9f56cd1868e769883c7d0613d3d04ca1828d98017

    SHA512

    9deb1c516a43873c1ee5e5dc84dd84961b709b54372f2726c51f112d8f6207bed36daffc34d4c4f075e04af128e9a8127b495ffec9d714e6629f99c9d6b28df1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    02a5980b469dbbf90eddefa3e681f7a1

    SHA1

    515b4f306322867f9334af103e2816d9f6923c78

    SHA256

    217b169925ddb3cbbfeeb1e9a756c5daabc4e9eb98ed0ae806043acac3d878de

    SHA512

    77c477c0b93bf1ca4ad80a899574bc5e294d5cff47b32b977efe070659dae3bf93264e4696ad060d561a41d42b587fb202ce9efdbef902863e9a8d24008f002c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    14a5a035c3af67a0c9f175bc1e7ad5df

    SHA1

    173aa415639a592779811b9e481ecca48fc89081

    SHA256

    44d0264c0bacd3681d0bb1316b80fbf2976171f644118b395e99784fdbe1afc9

    SHA512

    d76de05b3b4178ae9c7f6e716b01e32c2bcc2bc3689e046d7103bfe5092e22215936df9f697f9e03ca1e3dd73ce402e0c6e6a28a6c49db9efa476f49ae22fc4d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6671aadd324ed017cb3609adebe548fd

    SHA1

    c17753bac019237ef1f507d6de38bcd41d582bee

    SHA256

    8085662b9453dc65d13836a277e637a66264379037d9e979df5d8f396bf3330f

    SHA512

    a9f71a1461f9c68772acce804ffd6598d59b0729dab095b7f2a64ce5c31b5e7de9bb80495b44bf3c465f8f6e3bf5ecb3bcd80f3b567ba11cdd2339b96831850f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    14910a65dc21ebdf414c9627fb0ae99a

    SHA1

    1d4e59a494b2fede1a55da4bf2c0f42ca6deea7b

    SHA256

    5394b93ca4a200cae9af0b0445e3a2d6aacc3728b48edf707a8cb7e2f1bfa5c1

    SHA512

    7891d356a7650cadda509a58dcae4b5b93914c30338e170950672ecd2e809d6f26fc149c3550f15e0fb404d4c3c521bac1a8e8031cff35856eb5a07fd6a4c61c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ac1525972342045fdbbfbe4e24ff5039

    SHA1

    33db30a1d3fee62c1587efe8a9378552019cc1a5

    SHA256

    5cd646780b40e3d93b35ec9f3ecf8b862d97122956ef220fbafcc023d2220835

    SHA512

    695cfd11d51d08f76f5b9db81ea2f709e69565ea21a7c10220d8e2ce104566484d9d80389586040a81ed9dcb875d820bc3670d8cb3135824797c095efe97136b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d26f71456745342fa8418acc81355b44

    SHA1

    638a0095a855bc719ce5740de2ad08e08d9a3a45

    SHA256

    98061c5acc700259a2abc8dc54e3a9f9987e50830dd46e5db3fc8b210e90a429

    SHA512

    4b15b8d27d40a68dc64bc634281345bf99d5d761caa8a33298c94c84f216795426a32e9be2e6a09b0658ff1a427988a010caf68efa9defc93507e3d224d07e87

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3fed70c51191bca6906bc45b2e1d9fe3

    SHA1

    fdb6b3214bb84ca0edb16a6653e848c884e1ac6c

    SHA256

    90a6cce41f25f2a453a4baf9fa1d828f7ccd3a19e1aa66beb21d954a241fc228

    SHA512

    42a0de10762caace9f1ecf62ef31862d1e7aacde7266c26c0f17e07e687b2adc51675a84effd5f32f669549d0c05b4493d787b6b75ede55bbd09766d0ad72742

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c16daac823d64eac2f889a88434c5d69

    SHA1

    105a6d261326e5b596126f1629426d92a749d6ab

    SHA256

    04d131c9385f6768f71dbb667af579049e2f4b147c20d94fdfd14aeb16f123e3

    SHA512

    bf5c1d48a0851224d31c7ae7984781e04a4a60c78cf1f9ae5fb64236a7ea53c8775a6b2f3fd8cad00e4b4e0a6771ea67ca8e98486d8d709d8632127675e714fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8f753bb9a6cb83705b5bc73251dcded

    SHA1

    3fb46aa2ac6ee7f52839859c38b7e98e1fe401ae

    SHA256

    44daff3a0f1cedc0cd44806a6f740e15cf5448f2bae4fb908012d0b20bf48d33

    SHA512

    9489576df077c46b7bb98fb8cfcdd40fe9c094f2202923e36e4f847c741c218678da2d7e42adc8473bea1e3e38298f1e61e90d1866d47acacff6478698edf70c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FC4B1781-BB78-11EF-AA3C-F2BBDB1F0DCB}.dat
    Filesize

    5KB

    MD5

    a8670ae486695694830fbf2720ce9a3d

    SHA1

    004bcdaeaf38d2eb27d6bf2da53efc73bd75e345

    SHA256

    1e8ed29c20bc2580c2e8d4253453496ce9c60bbb4c19f333508475a7f45ce6e4

    SHA512

    1441c03f0e94229a6d36036cdc23462fb720255c7029b0cd77829a8208fc54e99606e1d8676bb62060e343c0b89f17ae71144b031feb2d27e95276fe931c1ec1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FC4D78E1-BB78-11EF-AA3C-F2BBDB1F0DCB}.dat
    Filesize

    4KB

    MD5

    239001b6f2cfc289a02640442e769c1c

    SHA1

    ec52a107518bb87df89dbd47f0fad96916b6b701

    SHA256

    36826ef5130814951fdd4ed8bfd6e46e285a697ac8fd27ad6934dd429689a945

    SHA512

    f57d602a9a61eb8d8e680d2b34f8cad2d9b70c135824711768f582f0f84281fe83329054f2570f05f91df29e1baa3119d37ba53dc022715348e4b000e3239f13

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFE5F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFEBF.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32mgr.exe
    Filesize

    105KB

    MD5

    dfb5daabb95dcfad1a5faf9ab1437076

    SHA1

    4a199569a9b52911bee7fb19ab80570cc5ff9ed1

    SHA256

    54282ec29d4993ed6e9972122cfbb70bba4898a21d527bd9e72a166d7ec2fdc0

    SHA512

    5d31c34403ab5f8db4a6d84f2b5579d4ea18673914b626d78e458a648ac20ddd8e342818e807331036d7bb064f596a02b9737acac42fbead29260343a30717e8

    Download Submit

  • memory/2644-8-0x0000000010000000-0x0000000010043000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2644-1-0x0000000010000000-0x0000000010043000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2644-9-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2888-14-0x0000000000630000-0x0000000000631000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2888-12-0x00000000003B0000-0x00000000003B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2888-11-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2888-13-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2888-15-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2888-17-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2888-16-0x0000000000640000-0x0000000000641000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2888-20-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download