Overview

overview

10

Static

static

7

89ab03c259...5N.dll

windows7-x64

10

89ab03c259...5N.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 19:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    89ab03c259222ee0348360a6d6670d5db5d95da04778747b2ef8563c3bacfdf5N.dll

  • Size

    187KB

  • MD5

    6c601b488da0c9055c185ee67d81ae10

  • SHA1

    d4e564ae5c4d899bd52c880c4fbec32642e273a2

  • SHA256

    89ab03c259222ee0348360a6d6670d5db5d95da04778747b2ef8563c3bacfdf5

  • SHA512

    3f2f3907fdb0ef2de08bd8ce774115305639af63afe0f663c196b4bb6afa42b8e54f0d9eef426149b8b1b8b79a603fa708f59d2bd4e7d9ebf01f09f96464bc8b

  • SSDEEP

    3072:jKuoYY+RoatpaNj+FIlYGTuXHHetkqcqvnhzduz:+OY+cjuQTuXHHel/Vgz

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\89ab03c259222ee0348360a6d6670d5db5d95da04778747b2ef8563c3bacfdf5N.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\89ab03c259222ee0348360a6d6670d5db5d95da04778747b2ef8563c3bacfdf5N.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:796
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2228
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1612
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1612 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2420
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1572
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1572 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2d405c73f54406b8f3f053fec353a1ee

    SHA1

    d623fbf2681ab21c221fec6c86db32db456cc9ff

    SHA256

    b45250846c994f31f852acec6b277b489e0eb694eabc834198f9ece0a981e3ba

    SHA512

    b4782e9a87dd819faa67ee616ff73ca0488fe7ddab8a840379be8fbe3e1ab627e9c03328167d9563acb155e2039c07db4d215a58e7daf4d5745fd2ab3a5acf6f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    464c25591d61565b1b6984471b8204c6

    SHA1

    bae9d2b203de5c1496b8b8bdaec384183b76ea2a

    SHA256

    9756c34fdff0a275184bfaa5991abb3115c6834a9193f93bb2189f83cd668152

    SHA512

    188dcbce498647bd97a86c566f2c3b26e0685f20fe4feb602ab7b1b69f5734bc14a924bef836ab7b7916e46c155a855cd8c4ac22caaaa04a825126cb48726cbb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72f3729de149b6cf09e57b1bbfc1c04f

    SHA1

    101dbfcb2ffdda9f072ffbd66e4ac201bfda6f8d

    SHA256

    e5124f7156fb9d02d16ea8d151251684b320fb158bc0eef60a1880a3848a740f

    SHA512

    bfcdabd22c9208b7384a3500ea9a6802de81fd58b31c620f5edcd599a596db466401a47f23c89df50c03c39d8ba6230acd5c688593aba2c13d70705ac70df22c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9888160f069ced7e8173a8fc1cfa9b8

    SHA1

    94ddbb53c85f0be4aa4ee1a935b5de7d1cef83bf

    SHA256

    ac3810e929513845fa67117b453422915d1d3feff237d9c037006a5ce2f966fd

    SHA512

    5a8f754cbe8af6f401b22f126dcf685222f67dac3a0a532ef3aa639356d1615de84c15c70102d6d1502f5f4d41343447c980b6a1ebb3bbb141d88e560f944ced

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de811780164a3e0fe0623032f73033f9

    SHA1

    6bc0e979eeb3a00cfe9aeab5c783079bec9599fb

    SHA256

    ef05391a5b98f19b3edd42cc4931c6c609c9b4b4dfd584b3b851db33e0b37c5f

    SHA512

    4dbf88feac6afb0017c434aff329f90b4dc0ebea7c3e108646697bb099b5f1eb458de49d6d4cd242ffc6e752f7544c89df76f455f732586658a949ec4a95f09b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f815313e493b123d9c868d666de15fc7

    SHA1

    a565661ca9e42da0e49a3a4df2a634926b2d73fb

    SHA256

    be9387f3fd659f4b4c2f9fdd6ae6a9f5abf1790b76709466e58e572b3d6bd18b

    SHA512

    1e7d44087f8f339411e072479b797fb9da76b4234582b682da41f1d8177025a59aa15e41df36caab63b69eac4d5585f0f918207a3e003087e51284b84c1f26c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    66b425c9f32976242823dccb56ba6ada

    SHA1

    de45215eec1b91f4d6aed62f5bc6a8151e9d5ff1

    SHA256

    2dbfd93b65a2da3eb61d9c9654d28db1ef8efe1ec9be5f81f3b097b80bd8bd47

    SHA512

    035a46bdb8915128ac116c7430d54aca1f36b9559102709441e1509ce382e6fa987d47c5cdb8d588b0884585f964e0f52689d21716b63306673ead94af1c99bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff97ce5247ccc800dd38281ec13a8e50

    SHA1

    0f90369a11237333f26594677e9efe48e0a8a077

    SHA256

    340ab429bf507a2c58ad8d95318454b23725565dccfcbf3561c8a5530e28b7c6

    SHA512

    fb96c73454a1439721ed9c68f9cb7b04381e42e290498290a105f7a7bf284eee31733e5e72173f8860fa662974240dd75924c73d0f777a9fd2115094986b6390

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec70327e836cd65a09ce5f64b55e6d79

    SHA1

    128ba3caf698808715f4a620d2288b526d02aceb

    SHA256

    59d55776860629fd30d1d8ccc1930ac27e377f6f90fdd8b40b66d03c3efd31d6

    SHA512

    fabb8fe2fd5de01d923af625d4b24db474de16e023894fc766f846253ae5a8e793af6f41a6b60c67f89a882e5e05c0f6ed00083fee59db3501aac1fa7eaf87be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    586ab72234894ec7347c406a8110c812

    SHA1

    e79e0451c645b6674ce6b2deaf79fb13d3086cf2

    SHA256

    bcabee4cbe883c74318123775bf6dcc765315b934924a5c6d098479bbe4d3f87

    SHA512

    cbff09bec491d272018dd0864cace7e3de2b9e6988472906a6defd650595086bb1b2205bce8895cc7181ffc7e8294674b6e264d7dedb4453bdc8365e64582694

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8982522497de36f063d10c1648185353

    SHA1

    5a4646f8b398e60ce8e6be2f65be79a64fa1048c

    SHA256

    b73825e3fe7783abcaed3efe6d081c53f4152150cd95a4d4deae3d81de5e6c82

    SHA512

    98787f982cd1418cc0962b261ee892b67ebe87b3851f4eb3f13d2a2961c5fcef130c2a9aac35cc1898ab48d884b6ce64839faaa7086731986655e0cebde54290

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    07a94343bb595e10bf1a75606c2d3166

    SHA1

    b7d80ab486cd3d84c6aaf8ed836b8ce33f0afdcb

    SHA256

    63e6bb48ce0e0857ac856326308679a59e2621e30d42431685ca7c0f94446953

    SHA512

    ff8c2bfa90ad6999e2c257dde40c51e241bd81442aeb01ca6ed6b0ed9987da5f693943badf773d88973363dabeca93ab28ddf0011da941384cdbbec523ac3e8e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d0cea5324fe49153d509971ec6cfd8b

    SHA1

    60e52e912cc834e0ccbc08dc025490c162847a5f

    SHA256

    31479f0eaa9fd653523d9db239a8f2d7b560c2d4294fb7f9c20b1b9475aced51

    SHA512

    5b4ef10a255c109780af376e8f5685c371a50aa5d7091b2b5ca6d5cf36da06ab843d89df4907d94a69b99a5ce6c81e0430faa9a8e390d70f96bec30aa6aca874

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3c5836d1fb9582d5ccbcfaa8f7f73614

    SHA1

    0cb2c20c399d11f8837ed6dc6aa58b561f2c636d

    SHA256

    9301cfa3419fc9e183c215504c8f79709e1d541945f804dc0f3e9a144d0cf918

    SHA512

    e842ebf18502e44fbe9f479a25a983ff25eda8f5831133ff25e5210664482b06d02b3fb010ba76262544c61ead4acdfb3450136b890d992e958f3f0922d20b6b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{870FE6C1-BBE2-11EF-A3C4-46BBF83CD43C}.dat
    Filesize

    4KB

    MD5

    c7b17daf5223d1128070a3ccb67982c7

    SHA1

    006bb1855e1bd659faada599c4c16277d1c4eaa9

    SHA256

    cf41efaee80a1b96366eaa43e7517bebf9937b066874f1e6f06f36f2b83e3a88

    SHA512

    9728c24216fe3d98f5e2b98c2398231dea014d4bc00a3e6d8b5a56eca8bd96fee2a83cbd2b4aa083d8a00250fc599894e5e76d13c1382624214aaf63666c54d0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{87100DD1-BBE2-11EF-A3C4-46BBF83CD43C}.dat
    Filesize

    5KB

    MD5

    7afaf261ba623694d11c948173887e15

    SHA1

    473920229fd84775b2f839a073ddd524c2c02a46

    SHA256

    7cd5e1503be578d06ad4c4ed675b0d21969a175f072dad6658a6749070650d16

    SHA512

    428c582285af72ea499dd6669d970a10a4ccb2c345a916a2027ed8b4d05202067da5d2c2103e078cf5e663f6876ec4cd90a370622190bda445a3480d6b4de891

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA6CD.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA72E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    105KB

    MD5

    dfb5daabb95dcfad1a5faf9ab1437076

    SHA1

    4a199569a9b52911bee7fb19ab80570cc5ff9ed1

    SHA256

    54282ec29d4993ed6e9972122cfbb70bba4898a21d527bd9e72a166d7ec2fdc0

    SHA512

    5d31c34403ab5f8db4a6d84f2b5579d4ea18673914b626d78e458a648ac20ddd8e342818e807331036d7bb064f596a02b9737acac42fbead29260343a30717e8

    Download Submit

  • memory/796-9-0x0000000010000000-0x0000000010034000-memory.dmp

    Filesize

    208KB

    Download

  • memory/796-10-0x0000000000310000-0x000000000036B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/796-8-0x0000000010000000-0x0000000010034000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2228-14-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2228-15-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2228-13-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2228-12-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2228-11-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2228-18-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download