Overview

overview

10

Static

static

3

98352bc3a2...16.dll

windows7-x64

10

98352bc3a2...16.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    68s
  • max time network
    73s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    19-12-2024 00:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    98352bc3a259746bff4093419f57427e918f19fa05e041175ae10b1592a28716.dll

  • Size

    200KB

  • MD5

    b015568522540ea68ff777e6e63d6c5c

  • SHA1

    0a32e61bf2eb3215bd121328ddea254d725e0a6e

  • SHA256

    98352bc3a259746bff4093419f57427e918f19fa05e041175ae10b1592a28716

  • SHA512

    f83461ce57d1a02e3043a4e45770b25f588209531b54936823f22f1f630b8084712a186cb4b6721f8585c860bbc2da504438d0b96cd33547baf89bc465e700b2

  • SSDEEP

    3072:DOBOLWXivHYMzv2HvP5YeBTEEP2831Vr/rF8QOSta7Wefkka+4BCLUIXCjtmVlG7:DOp8HpzdQOStKIdSUIXCYGcDlTVc

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\98352bc3a259746bff4093419f57427e918f19fa05e041175ae10b1592a28716.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1236
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\98352bc3a259746bff4093419f57427e918f19fa05e041175ae10b1592a28716.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:432
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2028
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2528
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2528 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2560
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2408
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d24c1455b072ee8d03af75750fcae401

    SHA1

    5a68328a9e0c1f933be1017cae4fbded92efbadb

    SHA256

    0ab5355044c018c4b027076afa03fe46f440f941233d1648a088fdb82587a0f7

    SHA512

    8ebfe978585af3c5343888d3ac3747f2c009e00c57a17b24f0f96993c211de5665e1edd39a1ead23f58e316f68dd05c35fce04de9237e7722f57573154b9137d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    177f478e540052cf9900482dc216a316

    SHA1

    6a3b8b35970e8417a2c5f6475b0cb8a4d1de4b62

    SHA256

    11527d06d48c2841d3fff65332f784a180f19c90a5c1b012bd410b96b790024b

    SHA512

    4e209c1e69383fb3dc87aff9eba6fafaee74666ddf6dd00bb5a57241704f3f6d0fcd4c8a09faf8b06e13e0dcf79f710a8777f55282114c4b6973f7bda4de1da8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b0d871d8f24989a740f1e7d55f1395e

    SHA1

    cfe8fb0029e97ccdf7bb238be5d195fd55eaea66

    SHA256

    0409912b442d0add95982808b5879945cd5acdce4016aeb45791759a9bf1ed0e

    SHA512

    9ceb89ccf5009518a6f6e2e34b86f8ab9555d5fd6b2ad8e080784f412f0f6f04b3d07fd226866c4eac8227cf79dbfd35f943d7c7224a710fb7cffb521df6e464

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    162911f3deb6de6cc7f30aadbfb5da98

    SHA1

    df509df97f60de07f0b1f65e542140c140283e79

    SHA256

    aa19cf00a38880f6170b0c3e1b01d2146bb9218fe7b269df573500757300ab22

    SHA512

    7b09634afc3ad49a08964fb37a07dbf1f34156bbd4d0bdee5c26c9f27e2b03ae0f97441ef0063601a4fc4603bf29de610856381862d198e15b63ca405237baff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a646d83089155f8e7633f2d4eb23864

    SHA1

    d386b01ad2535a81b65d61e4dbd3cadcefd892f4

    SHA256

    08569e73714506097f8449949989c5cdc95c0f867b7e09e9081bc4ab5385ac81

    SHA512

    a8f41cbbec7e1701766d18087811d4adbb358060fe643c2248e83ffc7a4f401cad6a5a9ade371c26d2f38d85720dffdfb9fc515acb60f5c965e228c73fb195ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    53a2ffc07ad71cc5306fb8969bebc15d

    SHA1

    2c0954146af1f9a8549cc6a44fad3bb851c7f2ba

    SHA256

    ae4662e0d7a848a595eb4d22795fd8d0f2ed28cf8aa3e21fe6b7e43bf86f5b39

    SHA512

    ad578f35027d93534e0b66552d6e6bbc6200d9a698e3e25a9f1a8a8bba4637a0f2b104f97661cae5ef5f0e529d26686427699099e70a6198af3b58e2465bc4e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    403e9ca580ce97f444834334b1d2b06a

    SHA1

    5911fc987489dae4bb1ecc1ec53122c7364d870c

    SHA256

    d9054f4585456b9ae7cc799ac086c197d638571359e4a2309638433e4f7c0dec

    SHA512

    a66d3a652e79c17c00a0d8eea022a03e01bfb6e2245c03e6a98064b53c60eb532e6c3b2088d6c057670916d7c7367234d14c8b60e459fe8f6f32266e3feaeab7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d1cbf9674299404aa4a4ad92ff7b09a5

    SHA1

    fee0c77f0287277dbed4fd49b9327602265275af

    SHA256

    2ad226f9d9109f2567501e497fce6069fbb19d6a834cd92b1c23c6ec212de54b

    SHA512

    76b928cac4f7556787e8d3ce241aeabbe83d9514c90518af4eda61250485db5811426993da7f184c3a9c639e904c504d5632c7a368e0872878cca63ba1e5520d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b0c479f28f340258c029ce535ab618d

    SHA1

    e9819808a5f7ae707280f17a296abcfd373de5dd

    SHA256

    950feadf406c861a9c53633150a7bd655f26ce8e9e5f2f5f36be7c816c15c579

    SHA512

    b1c7beaf6e43715d893775e6fdb82a9c2ade67e9aa37565e7c720765b55f9f90726fa6cba81c34c0199d6ef6c8807107837b7ce0ed34d6cba49be714ad8114ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91ba47eaf41054d04812e69b8df7711d

    SHA1

    3efc5cf2623cca5b3d5ac4a7e06f5c2b0a8eb846

    SHA256

    b423555cc0d83bc4e6a12ac5506fa6aa5c60bf70ae7a2ced9d6ec555733912a2

    SHA512

    e737dcdeff5df6c1966b6edc98dcec5d44797041cc394b2c58d814941fc14b5a0127cc828cb47ee797d9b8538e922af190cc29f83c96bfc9f5059d56325d4513

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c1231a3bc48163ccbb206c5758b535d9

    SHA1

    3c30bc2da4b8b2c674adeaafda2f773bd4a55288

    SHA256

    765093cdbea9f43ca608c1a89459e2aca4bfe0040a191d54ed53216e6eebc7e1

    SHA512

    a3000f99a1714e531d5ac6ad152fc8bdcb09acba9b7fae82d088557ee6d0ca52329651a1374f84f2ef5edbad45a1c651d70c325ba4ff6abfe4d82611fc5633cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46c3f60bdb347e5bbeda63c71b3d51f1

    SHA1

    6a1864b24d121d0842666213cde02803456ee1f8

    SHA256

    88f0cffe7325c73dd13f6b8bfbf5c64ad4829c96332c956ba16350f833176259

    SHA512

    9097459e9dc4059cf9d60a4d1f8c8d46049f2b00d82cac337e1dd36ae3f0059579e3eee5d47ddadad4fc39f6fc742fafd5711cd5678e8b5316905e013283ab25

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bc522a2cda1ebc200c97a8024b612ad9

    SHA1

    b14a8fbdc2cd17bbdab0adf49eb06c72e822ea10

    SHA256

    b2aacbdf0ac357830f480e44c2370d43a73b89698a828bf451064cff88997a8e

    SHA512

    cbe96a4b8c7386c85ffc8d32e4f60d41b816a3108be33508ae7f7de6be7b1bebd17f17a2b354124b131598eecadd4010e632ff9957ed8fdb1d52750ff8278cc3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    514c8a2792b6e9aa266b74c46ce85dc8

    SHA1

    d16ceae1e6af9d4b05a6003a104d8e59a74e3414

    SHA256

    76151b5177b6cf635decad1205d6e59c13f01159a498b31cb7789ff100f2c389

    SHA512

    b57e495d508cc58ab55c9e86c48543c1c3bcf24c2f1ef4c4886269a4f7a2916856a636b9ca96f92da1214b79e56ffc5ab9dcf3f0f6faf4011014b9ed99e75a4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3e1ec6ed7ab0d7f14f4c0a8c47aae578

    SHA1

    0ccd227a58421e5fd6223d65567c00bb7bf9f9fc

    SHA256

    4cf2d272a0bb05683242d21aadd3dcbb69a7ca5cf0bf6d74d195312e22a8c1b6

    SHA512

    4d99a089e792346ba04192c4c27afd40a2baf7633b7a860f5ce9d52987e70e5cd52147c5010439e55321f4d5f20163c0a6d209e99c76f1dbf95072010539af60

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2276f9580e9a86ae23912f8b137744b8

    SHA1

    5194242ecf2b87026dc51222b7ece5444c05c0d2

    SHA256

    7beae3edb8073b9b5b639aa56a2b7fe30ced268d55918588ca2ec2874ebdeef0

    SHA512

    1b61bc6ec379bc0f28cac51318370c9793fe803dd8a5c51b2069490160bf011a8a32e006371d6a6d565a47c53629542547fb48e25260f1719b3cfd23218d8db5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b87ee10c01a8f63a57d3817b5214c48a

    SHA1

    b484cf57965e4cecf28cb240338413b11b6cb758

    SHA256

    49d3c0f2cab7aad15145233500521354b8fa3e8f027532c9389ff12d4ebabf62

    SHA512

    a845afc522a680ea2112d16b6992e31526d6deccb7a1361991afec953aa7d22df962d7da6265a6aec7d5eac1bbbb13a605b8c0d414e58619f66886f5622f7e97

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ae9c03743bb6a6cdf4f38630f196d76

    SHA1

    92d0cef409e6ead118eb698f3ff1ce5fd5dee261

    SHA256

    8ae8deb0033be581632edd3efcab2afe0d184abaab3cb6de5c720c762f499706

    SHA512

    00c4c52b7989cd85e41cc090cfc5326024d92dcc96cf79719fe3eaf133949d1b2614cb9451ee3e016c906af62c7ce36da273362ac5815efa8921f7dbb5448128

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{922441C1-BDA2-11EF-AF7A-C23FE47451C3}.dat
    Filesize

    4KB

    MD5

    57a2bec02767b4c5932cc879c9c79046

    SHA1

    f179fb6b82b2c061e930f51f93be8ee7a3749f88

    SHA256

    a754482da65774904aeb17f47a314be89f0291ba2f311f95702b406a009bad36

    SHA512

    fadb6ac1da5400f58e94b5b17892fd02dde7bdc6dbcd2a773ea8a4515ed9700e20fd99297abae9f13ee7b14d66fd614d82da16e6b56768b21eb7e53116396c5e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{922B65E1-BDA2-11EF-AF7A-C23FE47451C3}.dat
    Filesize

    5KB

    MD5

    50e84003fbe5710006b98dc17501b1dc

    SHA1

    a6019f2ff787bca94336f477774e8ebc2f24b889

    SHA256

    d49d03c5b336574a1861cbe4c46dbbaeac5ede91ea9cbdc13f1ca64a6f179219

    SHA512

    53f94fb1fd24ffe07bcbcf190d28bf7049946ab490e38d52e09c4a87f68ca8c8f52769eaa4a5954bf9b20878630bc2c09627b51f5fa07621dc8cf2f7ad760ff9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3CE2.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3DC4.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32mgr.exe
    Filesize

    101KB

    MD5

    1f92a7cf627f4c7d554d28326f1da954

    SHA1

    b7befe20fd68856539347f0650473b6dad504863

    SHA256

    fee6b0318f0ba98b8df448017226ad900167f9d7cb1d21d603f5da3022f29e00

    SHA512

    07c8d54b2b68f11b9a05fd652f0dc5b3bc30de58eb20537846763bc011e64496c0636a8e37abbc96d07a6ff9c304141e38e8f0453760d48f753343eaa319fec5

    Download Submit

  • memory/432-2-0x0000000007000000-0x0000000007034000-memory.dmp

    Filesize

    208KB

    Download

  • memory/432-10-0x0000000000270000-0x00000000002DA000-memory.dmp

    Filesize

    424KB

    Download

  • memory/432-11-0x0000000000270000-0x00000000002DA000-memory.dmp

    Filesize

    424KB

    Download

  • memory/432-0-0x0000000007000000-0x0000000007034000-memory.dmp

    Filesize

    208KB

    Download

  • memory/432-1-0x0000000007000000-0x0000000007034000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2028-14-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2028-16-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2028-13-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2028-15-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2028-17-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2028-23-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2028-19-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2028-18-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

    Download