Overview

overview

10

Static

static

3

9dd52cc07a...dN.dll

windows7-x64

10

9dd52cc07a...dN.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    67s
  • max time network
    68s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 12:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9dd52cc07a1533cf026cb5cc09cd2a2a9f80755b38a822773c1538437a9ff1cdN.dll

  • Size

    307KB

  • MD5

    ae4f22db8a6bc09277f8980661b8c290

  • SHA1

    fa4b527332be684a247adbc274a30b6452ef4e21

  • SHA256

    9dd52cc07a1533cf026cb5cc09cd2a2a9f80755b38a822773c1538437a9ff1cd

  • SHA512

    674de422e52b2383784f2530741d1e1119d22e1840f6e590c76d78d40aab67042a16d5719d283297b056f10c6f9f0705ed8e7c221a46419f798a53b950f512f6

  • SSDEEP

    6144:SRMepwYi+zAKbHwm5y5QgvyTuXHHel/Vgd:0PpdbHwmmQHTWy/Ve

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\9dd52cc07a1533cf026cb5cc09cd2a2a9f80755b38a822773c1538437a9ff1cdN.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\9dd52cc07a1533cf026cb5cc09cd2a2a9f80755b38a822773c1538437a9ff1cdN.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2012
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1556
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2028
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2816
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2544
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2544 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2812

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ecd83e94c166a0cdeb2633cb2e937055

    SHA1

    7fb4cbd24f216273c13e6399094358f4a4ef457d

    SHA256

    363134de373cb310a0e0d8e3e0942598ad73ff9d1f7f8ad33b158f59200a038a

    SHA512

    5d571214b8775e8a89976e504a99278bc0fdef6fb40beeab37946933faa9b1e6c6377d95eb069a6943b1c5a6f4b06d214386aaba55cb60c6343d88c45551508d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb2c152121047f06d5d06f8b73dbdc3b

    SHA1

    3ec16dfcae8f23d7ebe4ea9e369480271852e9df

    SHA256

    ba5e455152bcbc38a9b3739f169588f9d86c7afaf618da2fc80e63d5d0b0edeb

    SHA512

    2ce7f44071a0bffcb73c158831fec7f7b954d5642e9360f282affa23954658485e223eaa93535d81d69d623afc64c0fcb1f106908dfefb067843de9db9cc0384

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ca996cbc5e1c733d42a4943a6c27efb

    SHA1

    4843beeb408c9bff01eb2c66612e210dcadb4d01

    SHA256

    d68b2514923417a036d2d0485d6177d5f7bb4479eb7d6c0fab4d855a149c601d

    SHA512

    120ded7724bef55476331da158f5661afaeb4a46957af7e878be4fb3eaa79435afc83f894d5a2981fef15ea6a1fd2b68804c457887bc0941f2cdb583a6f1d2ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f0c87713586ab894ac322e10059e8ae4

    SHA1

    dc60cd770027bd8e0ad5a2c7add33ce789c4f7f3

    SHA256

    c11d05582cd142001505547f61ac771f1de4d8dd646dc113619dc45c48695e9e

    SHA512

    2f52b972b85a5cda054e39b525b2958d060f2f1f6185cdbbaa06c39b92cdbff673766300bec50db87b41534a665364e2e6445d17e7a2be89f084846f73ef0220

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3c82ee1f8ef0a9a74003ed0aa063714c

    SHA1

    4598496324f3ca5885a670c35b08187fc89a5bdd

    SHA256

    2e93cb87a5d4cedab17ce04c86c1e25e85b1b7b82c2593806bb520f862a39999

    SHA512

    5abd940bfab42cd8882e91d5693ac7e5664a394eccaa65107a0a14154ff94a42368cc5fc87c77288543ec0cd834a0ee0cd2a849d4fbfe2501086b9471bba439c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db2d877cb46fe9b87a9775204cb27825

    SHA1

    413035074546054c52c117129e791b3c20ea24b2

    SHA256

    07932b82951c50def68bc3e5112ca5e6d9c92d99c2eb2c03302d6167f15023cd

    SHA512

    f0ee9821be80559bfd3c3d84515b34f9006a8fb6cf8de5c5e00982fa036942fd048ea3a89b3b381817c22af1efe479d04292f7f6a4dec036781b78a00494c100

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0dc3e5a4e1cdd4084e69ba6ca2c71155

    SHA1

    8599ee6f720c0024d35c191c816c2ff95d5e1526

    SHA256

    7d09f3355d2e923eef5de9ddac37fe935abbfeafd4e8fd37bdf69c309118f586

    SHA512

    27e0317f3863a1e8d665299f236c423ccb9eee59795f7ba5338dc4a1449c8e1bc0c45dd33e93d74179fff7c8cbe1f2dfa4d51e4a813c79f9b2bdda0ef55e9667

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    674d67bc9e67b5b543e77d4f67ed654d

    SHA1

    8ddaa8f4e943c56b64655408c406d92aa90c533a

    SHA256

    c380e166cb2d111491f8e14ac1c552643bbdab00916723d8bd0c97608836e517

    SHA512

    0f9ddb42cee0e008bc20f258ad04630ef7511101349dfa1dc1772508a6f0385bdf0b04d9f42b8952ea6014fbebc3cefb5fd42a8e3a49b513335564e5078b1c8d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    13fce4fa81b63d39f9060c4d18e4eea6

    SHA1

    ac641a9bdf8ef1f67c34460bd8fb62c90ff82abc

    SHA256

    3a60902a8eb058d3b6affb472abf454e1f55cfc55419738641553a54142dd4b5

    SHA512

    daa4466e0f79143715f0aec4bb6b042301e59de0be83f598fbf018a022686931e249a0f7fa95930e54a39c66ede72f1aee1602f62bda4f3bebcccbf7a135537c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0de42251c8d51e238465ea6134d6cff0

    SHA1

    6a42909970497a6cd690d7bd48e112134211023c

    SHA256

    0f8568e761d1c7c1bc04023240dd7efaa5180a47c9d62fc540576c7d4a676728

    SHA512

    d12b6141741c2e378ef38488ba03aa79b89f321e9deacbec1eebd243f1097812bb4eacc2e5ca296e82458c95ac57ee43f2e4aa074df6a80371c53e3d026232ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    654e093815beb872b4cb8c5d0202870b

    SHA1

    8ba7c20c2d65b98142a67caa3f59dc9e8fb04322

    SHA256

    0a747599918fdbd912c83298ed66f3b9a50d1de0af6eaa0503c397904c5f2d2b

    SHA512

    cfddcda6b4dfc3554d8b5916e404c0d57cec5328c4b3742b473f657c6149ca35cbf280ff7ae901d2ad4d177cbde5816a7b1f9e658ccc042e440d1c83aace923b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    57476d12e5bacfb1addf45700c1ab956

    SHA1

    720db1b208bd881f0424c3b66ecac9112a3e5f74

    SHA256

    86d3a60202dff9bc7a00e02c0b0984257e41544639e50e6c111a5813cb523921

    SHA512

    ee287387e85e11a0e12f0902f779b9d4990d0b8425942f01a8f194267b936d168410c400df2d333c86d4c210c16f318b1f55932c548701fe3e143b113cc14fa2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9165ebbea166b8e9a4d0b245fe4c36a

    SHA1

    bb8e3486319207123e3ad679334659809b30c754

    SHA256

    096c1241d7b13b09e9bb435c08d076317cfc134210efa8fb82dfaa41552bb068

    SHA512

    e20cc8026c2863d7ab18763c414a3e2fc3bdb7ddff2b99ccb070b4e40e191bb0ef722e02105f767c44511b2c059e7a087683e7d6beb1561e55542c7e3129761c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e4b20af9f1ffb63ae34007a92bf0e13

    SHA1

    07d21f65178b3ef873ea722f3201435d830ab012

    SHA256

    13fbd5f8265cf9076012515b2d12fdc74f865c7a90d973882eacc54381fbaa80

    SHA512

    a1f790afd83dd6732b0b47f5701dd10f89ae7072e697c10f47f8ad9b3e6f8c9f409c5545628d8dd4d15d855c339f441f7b34c9513f7fca91f3e913f5ac8dee50

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1C4D09E1-BBAA-11EF-A97E-EE9D5ADBD8E3}.dat
    Filesize

    5KB

    MD5

    4e045607577f5f1ef4f76d11c10a9cc6

    SHA1

    c6ac6b0f4cb33aaeb24079eec6021de762691f56

    SHA256

    d80f0c4ced14afa052facdce4797c70762e1ffedb37a7688e20c47cba90eb5a8

    SHA512

    64e66727d458d20c22e96fc37b56cd0074adb0d70cb2a50ff66a62976b921d06989cb569711fade1c7948fca91b412f285f799713aaa1dd913ed87b75c5d8e0a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1C4D30F1-BBAA-11EF-A97E-EE9D5ADBD8E3}.dat
    Filesize

    4KB

    MD5

    75ace4f28d0fdd882bab0cd33979ca78

    SHA1

    8ab3d19b31789fadbdd451ea37919313628fbbcb

    SHA256

    3d1c35a207d7da22db9afc08ca22b34a68b60b18054572992adfa9d257a8eee2

    SHA512

    a2d8ee45cf6ca22e6b237ed91f12e2870bb2d1f3fa28af6bc7c1c3401e9b4192ca510111df698da7121054244b25b5f0c131d6767f262a0bb383b5d10af3db64

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCBD8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCC89.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    105KB

    MD5

    dfb5daabb95dcfad1a5faf9ab1437076

    SHA1

    4a199569a9b52911bee7fb19ab80570cc5ff9ed1

    SHA256

    54282ec29d4993ed6e9972122cfbb70bba4898a21d527bd9e72a166d7ec2fdc0

    SHA512

    5d31c34403ab5f8db4a6d84f2b5579d4ea18673914b626d78e458a648ac20ddd8e342818e807331036d7bb064f596a02b9737acac42fbead29260343a30717e8

    Download Submit

  • memory/1556-17-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1556-19-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1556-18-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1556-16-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1556-22-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1556-15-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1556-13-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1556-14-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2012-8-0x0000000074B00000-0x0000000074B53000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2012-9-0x0000000074B10000-0x0000000074B63000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2012-12-0x00000000006D0000-0x000000000072B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2012-10-0x0000000074AB0000-0x0000000074B03000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2012-1-0x0000000074B10000-0x0000000074B63000-memory.dmp

    Filesize

    332KB

    Download