Overview

overview

10

Static

static

3

0d172b87f3...9N.dll

windows7-x64

10

0d172b87f3...9N.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 07:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0d172b87f34464d47c68dbf0bd0e140dfedcdd0446b4bebfa1e6e7ede2426329N.dll

  • Size

    184KB

  • MD5

    44a1d40e20626914640c84e285b5b430

  • SHA1

    3da60491545417d4f4af5115143069f91f7e9b1f

  • SHA256

    0d172b87f34464d47c68dbf0bd0e140dfedcdd0446b4bebfa1e6e7ede2426329

  • SHA512

    e937b0666dabf6d543cf5cddcc54aeeca97c461c9f37909beda22e438673d616d9dc1ec098ad00a0f02c48c55c5a645f5405afca75d3f9879593fd6f1e68de73

  • SSDEEP

    3072:l1EJoMg76wQHQwtq7EqFr4XwRCs0ZiMcGsMC5KbO1:IBgGwQJtsEqtrwZiMdsZr

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d172b87f34464d47c68dbf0bd0e140dfedcdd0446b4bebfa1e6e7ede2426329N.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2392
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d172b87f34464d47c68dbf0bd0e140dfedcdd0446b4bebfa1e6e7ede2426329N.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2400
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2228
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1712
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:320
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:320 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2912
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 248
        3⤵
        • Program crash
        PID:1444

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7055ed6e4eae8ffb15975f0ddf23281a

    SHA1

    a42de74e0971f3ff561ba212d874cc41ef5a6850

    SHA256

    9510b6a33f2fa24b771df24013b7331b68ee58eeec133d57f51c420b79f11e9c

    SHA512

    f4f4cb7fe5985f0428b00b39b6333d897e3f54a64f8e19145075901ca74ab7e7dabd95d290a66ef614ca72422a48f0a8b2a9482233260d500744e603684e87b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1845fdb1b01983d54a24ca7af4a56732

    SHA1

    e30fc5f6219421f35537485cdf7f58c9dccb91f7

    SHA256

    e76f29e8137e4edb801b24adc44bf33d86a7b8ca6238d087d8e9661d2aa90a32

    SHA512

    f508f9a2182f611cb13c39560f3bfa25408df92938b683cd2cce39f661ce159e6c0fb5a6e0ad2f7ecd3845c2b52ab836c4c96d2eb2141dfe5d17ed1d9646734d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5852534dd561962f50a53778bde9017b

    SHA1

    99b2633b1a9e5fb2c2953c5b318af4c474d1d535

    SHA256

    ba517f8c56d433187622bae4aafaadf4281aa5f09b9c35dd177ec450df91cb0e

    SHA512

    a642b3886a6f50aea82db593741fb856f48b5f008e62bd16575aabd032721b8cedbb83ac2ea7af81c825c600286e982921132b0d584cef1f9c466ae30d67c805

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2219717b27f867c7ecc1bbcc8d612f2e

    SHA1

    eb0a36fa81d417da8325ec05336b1f5a8658caf8

    SHA256

    e7f51e8921df631a87eefda875f76e10b6e951b4ad0773e573449af183cc8089

    SHA512

    2df87387170c5c59801a538a4c1dc87bf31ba7878894cdeb96622102563d1bbaca846ae4609145e5949cf1ac037e950268f18a2861e846df813f4ea88b16a0ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b4dd8ecba19b21b44b05b58754a2ef4f

    SHA1

    dbc97fd6dc9cff9c76b80a2e8d948494edf6c999

    SHA256

    3c47ee460e479d275e35836db043b98490027f897e82a344fd14e8112e5990dc

    SHA512

    ef5217a5252e49b4b6f5aebef99cd168de2a5240d7cbd55031ae555c1e38021eaf5e32ad10e7d3c85b1fc73a91f4ee800260789c22714b491521303df7d93968

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e56a844407941b7feb7741fcd5c2f471

    SHA1

    f2c891b4c10e80d593a74ccb99e33b71773d9e09

    SHA256

    c6cf9ae791f136fbb227e5b4bef74d41030d65aeadcc74a5ed6ed9d64a72fb37

    SHA512

    28ef3d6e6b8b869a3371501dbf3ad444cb5a6acb56d8165256d536c948b586be7d5ffa28e65ea7d24361925b9b488dde59fde68316065747e4d0fd0af07b4e54

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cea4efc43383b210207ef659d2fc0a90

    SHA1

    6682386fe2dab1e9d1dddd15556e3d231fc99be8

    SHA256

    eaa015b475c042815274780d06dac34f27ad3ca6203bd3a0bc124d544ab4481c

    SHA512

    bd3c88a8b50a82b5a26cc879b48af8bb4653e6fbf9414e8a2a1e31ee341a5d6b1a2aa3ffdfc32b7561a89bc52cf553febc11e3d232f6bc171dfcb23176f0a6fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a1878d7ee66b583c4060b52d55e544e

    SHA1

    127983e3205de8c59db0e515093a83dc6d98947a

    SHA256

    c6a09dbce885f56cd926f1361fefacd8cacdc6653379c90665c989b11f189fde

    SHA512

    b6ea6884d29e580ff1f5f2b7cb449174b6c7818dd7b0c14f30f23caba5953cd2ca0bfd5e81d6ca8e75e3af876c6836a35241924df444094faba06f873622d5c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0218ec554f115cdda35d14523d4097ba

    SHA1

    fd5657227e66905c765bfb8e167a7c4d99f9427d

    SHA256

    9c655a58e1fc2268b483e6c617cc446a0c153ba937175539187f6a935a44c435

    SHA512

    ae269bbf5de6a94f7820d4564781a33052f9072db4650942c1e6b77c7da15370a1c23213f59300ed9c2f67409bc60304a811a27deda95ea8e63837f3d42cc832

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    384138516c2bea2e6c031b06d517c1ff

    SHA1

    99983a976a30f599eaf9a5082486ba94216ea84a

    SHA256

    aa75f16b587e75bd20fd5dd32ad4a421b6591aec4019c78a87d7ffced4d3c8b9

    SHA512

    2cc3fb506fc154299d417b1e631ea4a967427f78b573ad30b3e252285d50dcf7330b0880673b22e695d47f915b21b6951d013acecd4201e892af86fb70e3cdca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2f249602d888efd39c2396181c03475

    SHA1

    b5e10d837a79bda10d618f3d627fdb9f43e5950a

    SHA256

    98d2dc5df8961f393f5013a64f7df44848933ebd1998932b7aecb20bfa1b8894

    SHA512

    94549ae67ef0644c94363aecae4869f1677b765c4e520cadd614ae67f26a85cb0618790d236fc780efedad1dac6f841edb00c824a33e4555c75f7871337edc05

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a91ea218f439f103f5a61e475c470bfa

    SHA1

    ed3cf2c76501dc5a2d7dce4f5a603f0a80d27887

    SHA256

    f21c617e3ad6350081431c47fb42fd5d0762f238850934297f37b7010a464cdc

    SHA512

    481f0e381d6a6101146acec51b5feddfc1e1411f09593515765b093548771a495f58c42bd2ba3298e7b578cd7a277d3ec6e1596e6557ca582b9dab9683ea25ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a1edf953ab6877c597b9f4434aa585f

    SHA1

    adde9e096067fa506885b1eb8f2e9d0e99883f05

    SHA256

    e31f54313ebbef8290a5daa4cbd293b7e5cbf1fcb0ee70c2aca0db7e14027aa7

    SHA512

    9209b693b5d58123a301d0d72925d815597cae6b98781a8cbed70d4a652faf2173cd77ceccc07b9b5b57c835dd457d8f7ddc6e85ce25f3d5e6c45159655bce65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a508afced7505e9aaa21d94ee84018ad

    SHA1

    0df06b703c29fec5a8392bb62533fd5183bceed7

    SHA256

    6169502e4eab7f2af2e04f86679ad3b8eefdea7d01f0f9cdc7d07625d1d3635f

    SHA512

    763a8500c8e2c092ca6e715efc3a55c0eaaa42260bb1413179abce626f759b9e9c27782aa0c7882841c4d1bc48a02bae7d92336a0fac82febd662311bcb6af55

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b34225a4f2700b6eba14375a759c4ba6

    SHA1

    1d0f24d5ba59ac67b30ad6104094ca2adce104ec

    SHA256

    9e70399631ad5935e0379fceff1d2005630661e60f4383853a8c463d6f99d1be

    SHA512

    7e4497731a68381441d2f17fd23d3daee213fb9ad800b2c6feedd6f16cfca0301210f3e43da860f6b14d5f3919e7afe11c2ef1ba09d04b94e20d1ad5573f0858

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ae4e187d30625af83273cf8edb98a95

    SHA1

    1aaa9f022ec8236bed1ea4e69990f4fe33f850fb

    SHA256

    86dca70070c95b5fa1ffa6fcb0dbb31a790f0bb52a4130e065c43866434002b8

    SHA512

    4ca65b252dfc9ad6818686f6a11c8f5fe1c9cedcc17e7cf5805d2fab70636cf469d2b1a8654db6e871f07b39250847ed6dae3d5622f68c19c1fdb7f2519b1f5a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91efb2319452032b53ad5813ba1ef00a

    SHA1

    3e34372482197a2833acb31ffe3004a37a5d1fa3

    SHA256

    f5818d316b8f70f2b265bbba66507c7dda576282df7b3be7fe9749bc54c06389

    SHA512

    b466715c14103755d00b48c85b9ef709b9f88530ba9802b39f92efd73ec59572dcf6e857defd2cc2874a98c58d4a45361a6fcd21ad0c530f7a4b3d70a8fc4c6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    994bd81183f1faf31181bb24ace21490

    SHA1

    cdbe9c8ee3b7c18673c77859c2c692f790350478

    SHA256

    fedd626b40813a69d80c2454cdc3c4cafbf9fd4d56bf0d3bfdebcef16db8a470

    SHA512

    665374c739bc3ae3eeec27da6a8af40f5abd55c9ef7003c4593023af772d165720d44d5022385daf8c85ce50bb6a15393015a1c97c14594ece29d05a5ca9d353

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    52db7d4ed65b44324e9c4d9086b1a8d6

    SHA1

    dbdbc10c40a41fa934c60e91e40d884cae909062

    SHA256

    8098966ac040503a44881683c60002c54c9e9ce4a8d99a246e8e87035762b57f

    SHA512

    4b0881f0ed67d20e4886ed3d4cb6ffde58148b01cf8feb8fb28e269f195435be68b4e59ab270662811d62ea5bcc5ca6aa07d4d76bce8bec068a67830c4b7f538

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE6F8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE7A7.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1712-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1712-24-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1712-22-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1712-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2228-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2228-11-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2400-0-0x0000000010000000-0x000000001002F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2400-1-0x0000000010000000-0x000000001002F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2400-4-0x0000000010000000-0x000000001002F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2400-9-0x0000000000160000-0x000000000018E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2400-25-0x0000000010000000-0x000000001002F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2400-2-0x0000000010000000-0x000000001002F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2400-26-0x0000000010000000-0x000000001002F000-memory.dmp

    Filesize

    188KB

    Download