Overview

overview

10

Static

static

3

eb5b30e2ea...3N.dll

windows7-x64

10

eb5b30e2ea...3N.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    17-12-2024 11:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eb5b30e2ea10adb6b2ae9cacf69f4a1638e508cff9b434ae679997f2c8501953N.dll

  • Size

    165KB

  • MD5

    dca6f758c8516f58798fe5dd8db34800

  • SHA1

    3d9f9977b58f44da49aaf9d01694194ce81f924f

  • SHA256

    eb5b30e2ea10adb6b2ae9cacf69f4a1638e508cff9b434ae679997f2c8501953

  • SHA512

    273c1866a09df4c112219af2025294a7e8be9de5b93fdfb0038427b2cc1150238500e846445d765a54ecee9338a5e5d697b8f3bd61d574f532da6c3acbc9c117

  • SSDEEP

    3072:BsLXHHf0z4o++2dLy2aOtusyu/T3EcdDZBzgdPrNO/BQGmWsdgGal4:BUPy3Ot7br0cdXgBNO/Cjva+

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\eb5b30e2ea10adb6b2ae9cacf69f4a1638e508cff9b434ae679997f2c8501953N.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2720
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\eb5b30e2ea10adb6b2ae9cacf69f4a1638e508cff9b434ae679997f2c8501953N.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2732
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2792
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2832
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2832 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:808
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2844
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    912692066003b3bbf04230c9f592ed8c

    SHA1

    1b7c81aceb2877d20eb21906ff45b0d98d09a10e

    SHA256

    fea111e55f99bb54971d4a1547b3302dbfda198c007d0df73a9cdab3e5d7238e

    SHA512

    bddb96a9de238ba87b08e1fc1b8c484f50f67caf229088b5d94675615ebcbef642c05c61bc014701286ac96080fe703b09f546ea3c9b8ebba0d51d2ca1519485

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a028d0c0b747f0bf3c8e801f0a2789d

    SHA1

    68b9b409b6d12b6a0e6c8a15af2ba069aa1ae55f

    SHA256

    45c6a3485afa418b86d7ebe2c1ab357a3044398e69fb14ff63195f1a13031991

    SHA512

    90439341171f8e2e4d9912bbdd23e5d3b73b9c779158ca70d1f85e950774d0733244f4e0b9ce8203172afd70b5e3e39eefe0194482029e05d6d945d420384520

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    30594480c75d8ddc56f6cbd16ba4f4da

    SHA1

    e1b377575bec64e94db86fa919d1c4de82ff8ca0

    SHA256

    4d4f9063779b5f763105277f675cd8cfbe7bb43913cae2ac53b88e7459db6f0c

    SHA512

    8db28471a2997a6ab4f2b729f0218eb972ec6527da766b58a6fbae76a7f38e2b4d94d0c801fa41f02c19490934abd954976918a12e11cdfe10e5ebcb54031657

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aef488ad3937e2c0a10582c298f59bb2

    SHA1

    6a106aa0dbdcb43d3cb1ce72fa99cacd0b872c4d

    SHA256

    b10e7a827d0e5901531ad889d41e34f8aa9b09e44ab2be3263be1eea69a684c9

    SHA512

    0401aac987e55953c03513f9cadeded133ab17e7bb8e96944ba3b146cd6f6eefae420b1722a41bd5fca721a14621efd14902c22cbe4c7e6e077aed29dc262761

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    afe830b8629d91d89f2c948de742fdf0

    SHA1

    cf6ad270ce36f4c96a61f119557ce1f2d051767e

    SHA256

    285aac43ac5920ef9dba2391c93b421b049af30f81e77f7a53e3f9d202cf3ff1

    SHA512

    2538c6bae8603902019ac5b178406f47c9d8e17593e1743f8567f8b8aa0dbbfb3cd2e25b57778a1e21ad5ba4e14e5aa6f954c93b0ccbfe0334e7a87515529498

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1788a17d5939aa561f807a725fe2a866

    SHA1

    4ad3e4fa9a7dd5a1a80e95991bd7236fbaf60e29

    SHA256

    5c7121c371f0d3443ed7866ae8cd782b1f0cd3697c110273fde779ea5a6fe320

    SHA512

    eac08e6237c39304eb415b8df831475a93fd9afc7b53187f99d2c3c519974be3c18fa8b29d96db5eb82e6f02dd3d032b8824d8ad6fa19be9162e2382f08951e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    30c291136614a6ee29fc4065d25c5094

    SHA1

    a0f6d934c73f1b335d089d862effcc725fad0001

    SHA256

    54ebdb563b9f93924cf6ed629d293c2918c6913f83c6033a2cd674f901195af2

    SHA512

    225ae4d8a245c8a8846ea4330dd29ab4eeafb4ad7d18e6f2470a86731868b36c6f84e07c3dec33008d6a1cc074f71774c2548590433db336dc73410a938356a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7743b5bf078b53e6c2c98f28ffd38ae2

    SHA1

    e0b9f2ebb78cb976a88744d8dbcc0d95f9daa123

    SHA256

    d6fe126f18629da1e7c585e0a0947c5dd516a58b4515e294863945e07795e33d

    SHA512

    05c30a9177f907cac02c9e15ab600d6dedcfcd631cb75550f162344eaa417e15c098bc2e5f4a18c9bafc24679e85f24d5af6f444e43c21e7c021ffc7adc6f9e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c1cc5e057425db0256d7b4a8680dde6

    SHA1

    50a18c442c8d6cec74d101edb0f89039cc02702c

    SHA256

    56fc8a7aca3019a6446a44f360dfaeae5b9b6286098d4568296659f129e1b260

    SHA512

    a2d7c4fad960ace662d81498efa2e59ff691d73e2e2eb3199acce8d61c4c4d78d9842280c4154f22a5601d9297f924a6d2eadcb9f9fdf94d12b483b97d7446b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    09b70e28895c150b532b75f9ed821617

    SHA1

    9184bc4daaa78fcc87255082e4bd1b9991932f73

    SHA256

    d009005fab399c899a4d830e67a47f5858308cbfc330e4b788e65357d075db3d

    SHA512

    1ded0882d49002bfceda5c938ee039c157766ce4536cf2cb1a9923a702c48b5f8e0ebb70fbff6619bd8a70fc37dbeb1a993047a85462d82f4a764ba25a818faa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a05ea1dcfd7f6d3bb8dc7833f4bcd733

    SHA1

    89ae9cc5252697cdcb5d95c68dff91c9d0be473a

    SHA256

    f7ed058ba3469feeaac1721a53800f7bd4abc50aafe9f31b492bf3d937bca5e0

    SHA512

    cb4091ce54bbb2aea9caa2156c343f3778a3ef2af5dcbd11b1fb1f261a732fffbecff1645228b2d0c3bac1b977e9eaf655e46d8d5c4116c20d9a51ea7736604d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    edf16c4f16e97dd68d6732ea688a9bd5

    SHA1

    ab2c4105c64a9713fd27c22842cf43bbd34e98e1

    SHA256

    4c38958fcf2bce5551cccf68d921fc854b6404bc8bd8a23b2e4aef022fee4238

    SHA512

    ba0f0003b36d048c6c5d32962fc9cacc08c237c851df792420a299fc94c0534137022bcbbea39662ed95457bcfb93f67a6a63fb68c06a22346318a48ceb0c574

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a941975ba63d08678ec2bea6dd351c7

    SHA1

    1d27acbecd866a203f08d06bc040a0c05bc001e3

    SHA256

    f72764b7a684b4b367092d652111f21f1424273aa8f08c0990bc189c01bf5510

    SHA512

    7174321db85b0f73b324b5e2a611a75f3cbc377be05a287d33dd67c7be8601e362f00bdad4f688792fe51109339c8caacfc40e6769276b9a09baf2394821844a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    366f9d448302f98fc470bcb9e827adc2

    SHA1

    af6a3494ba3334e568601d5eacb7e1e3a38cb509

    SHA256

    062a5427ddfc2d584b27ba30fcffc8fe0d9a16a4d0a55d2c160e3d738989e5e2

    SHA512

    184aa437eb0c945da4e3878aeba030de6c7db98094fd3f0539a047b495ad999b182feaca3359f9c2842cb9ec3f843902799c9edc3e81f31c36f3ba87c42cd1cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    16387b3fa6631ef9c4ab3a3142b4a8bb

    SHA1

    9099e736f36d6f67fac7e3e1a81fa1e45796fb43

    SHA256

    4a0c9c204596f6b40edb11be018640e0196c8f89a262ca1e12a12ede33991226

    SHA512

    9eb5715e9a40babd71fe89738b6a03a2c6d1f03dd2a2f6b0084c8d46e8d21be6dcb8413a8f3831341851bc33c4f0fcd7fb35f74ecf40177712ddee5938cb849a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5170f84ef9f1589bf48f968e23ef39e4

    SHA1

    2e88d26d4e91efb0e78944f359d40d81a0b7404f

    SHA256

    2ec730bceb8c44d72d5ce4bcbf05b91bef1534220265051c40a24b72388f79f3

    SHA512

    fb5286062a0a9c3eaefd2b451c0a887a1a2e6deacf794720864a162fd1149f03d5880d251646ede5043651d090e0f1b2609791334973c46c692fa7fe2c758fe1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A4E0CFF1-BC6B-11EF-9188-62D153EDECD4}.dat
    Filesize

    5KB

    MD5

    e045a82f37f1a7d08e2081c0bfcba845

    SHA1

    d4bfcb868509fcaaef7bf2c3dbd3aa7e3df8b81a

    SHA256

    d79ebce95121106a48039f4faa765135e17b27fe0c97c0f118c1fb99d3968964

    SHA512

    1e5f1d478096b6c94e951543959fbc447166bfdc0c7a067f9f082b7d1f8e531fe6fa3d94101ed58c8b06fbb9fa3e9642e46553a044a9c5862be821ef0b2e4468

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A4E33151-BC6B-11EF-9188-62D153EDECD4}.dat
    Filesize

    4KB

    MD5

    d6465a70e7c970947ac3f111652fcdbf

    SHA1

    889b4cf176176354d23b1c5b09a25ab4185c4184

    SHA256

    da45d2365c5d862532c4da2696a8bc70ab9e36cf790b4d75819937ef22bf97a4

    SHA512

    2bddcfa5585cc510ff33c000005a7e7300612e53c6b1ff1d274ec6fe49fb636ae9cd285c453c29e0887a9eb0079a79e2a1acc9ecf4fc853f7fb1dfc07e1b2d22

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3C18.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3C99.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    122KB

    MD5

    b8e6f2753e6d6063d2ddbe2d0646da3a

    SHA1

    5ea3ef8fe2bde63b4489417a38985adaf2598ae2

    SHA256

    a2857d0f4628b42aa99a81cc1aeb7c9c14c5913c9c18f180aaae06a9ea979c12

    SHA512

    2a9069f8e2925ebc275f09c374b916d3917d6224f55345feb07a2424fc9764b49b5ef3d6ea4558e81d657dbe625c1622fd34041102ad1171901378548513a060

    Download Submit

  • memory/2732-8-0x0000000010000000-0x000000001002D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/2732-1-0x0000000010000000-0x000000001002D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/2732-10-0x00000000002C0000-0x000000000032A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2732-9-0x00000000002C0000-0x000000000032A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2792-17-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2792-14-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2792-13-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2792-15-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2792-16-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2792-18-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2792-12-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2792-21-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download