Overview

overview

10

Static

static

3

eb42d640fd...eN.dll

windows7-x64

10

eb42d640fd...eN.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    75s
  • max time network
    68s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-12-2024 10:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eb42d640fd9705235e742c0f81f14065aefdaae8217639ba14486d6ab8eb6feeN.dll

  • Size

    200KB

  • MD5

    f79006ba2a3876ab9305195cc8d0c2f0

  • SHA1

    9d21ff94924ade4cfa131191a9a7024027e9beb1

  • SHA256

    eb42d640fd9705235e742c0f81f14065aefdaae8217639ba14486d6ab8eb6fee

  • SHA512

    daea132cf93e5e6ba419bb413613c35e24f324abb4ce5f403adbfe4a03d0deaa32db3848e2acc00b980d134c1cf9354fb151bfc4d713abe5066f55bb0f4fcde2

  • SSDEEP

    3072:DOBOLWXivHYMzv2HvP5YeBTEEP2831Vr/rF8QOSta7Wefkka+4BCLUIXCjtmVlGJ:DOp8HpzdQOStKIdSUIXCYGcDlTVE

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\eb42d640fd9705235e742c0f81f14065aefdaae8217639ba14486d6ab8eb6feeN.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1764
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\eb42d640fd9705235e742c0f81f14065aefdaae8217639ba14486d6ab8eb6feeN.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1732
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2128
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1424
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1424 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2748
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3036
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3036 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2596

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    68761092062cdfe33598f59352d5625b

    SHA1

    2a2d8eb8b00e024d7635538db7ed2161b29fa273

    SHA256

    c88f31fa7a4f374d2daf06b935222e02fce257a5bbacbaf36a3b918c2a4a32f8

    SHA512

    4db482c855fb2d8602496b6f28b7795a3ffa8e1e9c32f967443cc8deaed73c4de61370a1a2de65cf2af3b66f10afd1542b4949d206e42108bb44ed92c49ccbd8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06eca9d13ee12e94e7c02ecbb793b01f

    SHA1

    4f982f2fa842261fdf166abcf1c5872fb23bf645

    SHA256

    e39876464a34b643b5b19c16566a9b83f700cc3bbb500c11df061d25b8d7e75a

    SHA512

    2d1e3e25f560b7d5bbab8211661a9e047bfc491a19a5f1cf9a2c82f82f392ed7868c837f23c5cd334966731ffae829f5a130c98efb7320a44dcc618860404199

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d721f037fd84d5c84c1af953d917384

    SHA1

    bf07511fbd59e56fa6d67c4b5950bd72306dc3ca

    SHA256

    42a8ddf70a4f0bf9fff1782d7995558457b9ddf98a66377068450718002021b0

    SHA512

    4e1631c19346abef58137a151ca2ece0c2960ce500b9cbebe575e56a7edab91272a3e3f8800d9630bb4397d4801cefd9558283ba56be0af33c2a379877dbaed4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    40026d9f6b44e313df81fe24d7b92f1c

    SHA1

    0bcce95e2f316c0ce74351293f32b687299c92e9

    SHA256

    1051ba1f64d501e52bc5c7ff8adccabb57c040c1e31db7ad396336ad10ef6591

    SHA512

    d9e58ca31aad2041299f186050025a304b8b8dafe10e9195c010f41966425aedcec27743227f1666d7c23f44bf122cf1a949ece6f18e1d893012f2a5b7a7c52a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b1ad2b82824064cf8e5fe9496c358f8

    SHA1

    7c31a0b25e4435ce1b280f5c3183bba56bfaf6ed

    SHA256

    c933e6be4413bac0a8d9046c05e6c984ebad11583712ce6ae68ed98c8a784be8

    SHA512

    d11f419e2b3b7a4a44d6c5118a7609be214012d0de6279b8667662e76b28ebf2ce47baf965dd042de9889cf67af0a7c916b1d50d1f0d0f39b3b7a5295efd016b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6de3a67394270ecd9f3a23ba7fc4d766

    SHA1

    6e510fabe5248bff831eb1ee21139aa62ab80534

    SHA256

    9d9f66f94793498d08b82bb921981f97dbbea40dc97ac7832a225dd8d7ed0c2f

    SHA512

    193a7d713f296fc8e6b13fa7d6f8fa4124f066918e01f081d61772ec8c52c6c3817db3df0bf75c8e5dcc6db3b3751f6140a8292b57a1978e934ad3de295fd64a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b7d266f2b5c5e6c28ce5eeacbadac37b

    SHA1

    e9f30e478bf18f968c9039161ce7ca04a6654b87

    SHA256

    0bcb997c72796c23dfe1b2f1e95f872b309dc769b44fc5f986f473fe0b1852d0

    SHA512

    9fceda7e5cf7e05a90f497626703ce3488280d1f4a23499927f2d69ba9be1e2bd272ea04f310fd0a01ff67b2e2fb5c53efaca584327ba69d123f8bc789dd65d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ec3d20046203f64c657a12fecf7c574

    SHA1

    bfc6cd2fd6f5c0cbb805a4dcd88f33d3c999d91b

    SHA256

    3d63c4b1b40f32fdf9e5ae66c037c150e048bd35542a0aa3a6f3ef685ec22065

    SHA512

    cb70cf068519e143f30a96956e3ad6cb5e154e4d893ab39ce1cc4df196ed0a61d9d2ef0f9a4f618b528d3f4de8f6ddeae2462f30dbf09ab40b115ed6b844c894

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dda1378b833c7efe33c907bf2eacea47

    SHA1

    dd9f5af7c00d4fdb87837c045e99ae665a8967f4

    SHA256

    585551755feec69a8c710c1e2c9482dc1ad2c2d4c9035a76d0c24d108f702da9

    SHA512

    057901d93c43110cc20b8ec41db66539953afdd6b913a28fbc72a1a5c56e344b848f40d99df00dc38e897ab0eba3bf872cbb13c44c143d76be7d3b0f7783c8fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b9b6afe0e4f1200e05262c3d068cbd1

    SHA1

    067564be58c7028794e7a0eb87ad3a5910c4b4a8

    SHA256

    473c441d4ea54aec1ecefe0d3a4c9513147a14687dfa8dcec628cdaf2b14583b

    SHA512

    001ed48d23f1c432c8ee4b706797ad41eb571db1237c1f1567c61b22d5b9d42590791c3032d4aa9e81dcc28c919f50ed56aaaa9363d0518e78c9cf4eb148abaa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    acc0cbf1c377a4393f4235c21d228065

    SHA1

    f9e46e8054032c67373826d31aa28e06e5889640

    SHA256

    386c9ce8479869154603a492df9ce9dcb105a988576c90a1a4f13a108065f96c

    SHA512

    c61dfe5b77d310e14fee1ac9b9695a8dd3c647c77caa9d765ef0b5d0031d92d065af8ba1bdfcb68c976625042765cdffe9c1cb39fe4caf4ae40e821859a37299

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a799219f8dcf0c58de98defdf477951a

    SHA1

    937ffe21b02c948ef895ec6e4c864d927a93a93c

    SHA256

    912dae1aaa58c98ad124d300f8081e61cad2c27737e105baed5969c763ad444e

    SHA512

    4e31795f3e7c7066d9a3481b0a9ee9edd29ad5aba607246fe7d740166f011ffb4671484bb330cc7600aa847d708c6bd8744098715af90a776cc504da1e7e80db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    96227335cf24b99c58a8d602cb69c39c

    SHA1

    5183ab67016ec4976c93212acae435fe684cc1b8

    SHA256

    5ff74248e18493f299dc45b85a756113b2b9747d7e1e65ebe5d9b2096c8af36b

    SHA512

    689e905c96b3fbcd4896219d3d5c57f54edf55bc5abb312ffc98ae31ebd5035ecfbc8c2acfd5df761b047fedc6bc2955a708cd7e10c1f583cfcd07e257c558d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f1695160e664c4ce2d0c777a987bacc

    SHA1

    025b2a66300f68a4cba336298f501d83aa92c14f

    SHA256

    525156bee47a55ab4ea3ddf5bc1b6c30e3bc26a329b4eb240f951266adff7366

    SHA512

    38b146461ae6d7de0eaac562fee39c24fe903c1d7271634e1d32d2df3ea746be203b65a12c36cd9fb359ce22bfc527c3c46ad40528d1f31ee51e486dd8a1caa9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d26abe32d4e18a2c9070e2ab499e592e

    SHA1

    0df9e995cc400842c7cec83deb2cc59dfaf6727e

    SHA256

    f3c9ebdfb08e5c352f792848d5dbd7ffd10436f7c06cae353642f80f7a1eddc7

    SHA512

    84bccc3bbaf4011b1c3afde4f57f857ad834852757afef4259ad67dd3ec2276eb31d3e732f0d3881e91dce93cba0c684e26c058f451c41cc263f2a57ae40979d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8751d18bb328a57873e74d5833c99490

    SHA1

    3ddef07f1b2a10a333a5e4f464695c1153972d42

    SHA256

    3d7bb73a1d8122f69c0c07cf56dfd8615fd7008d39bedc1c318758d44f30878c

    SHA512

    4ad07cfbcaffdbb7b63832f5eb31b062636fc42967e7071089d104143ee2734eac1ccf9b30b812d00aa7eec5e0c37deb87df19b5d0e93c411891a9fdf6cfd80b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a145d5b58df58bc608d23838fe04ed6

    SHA1

    015bbca6183018418f4cf4ed93baa431ed795f47

    SHA256

    3001c36d04badbe5d2164ebc5b18d2c16505ae26d687feb6bda7c5f126e52477

    SHA512

    e16f70dfc3cd01a081314dee23916e9c4c44ebd39f2558c33a45eea4302fc8d487f82efeb6cde30dfba2621c074802a18a4079ff3e05b6c7afa6eb7d148bbe41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    98bb45cfb2dc6813caf772875307735b

    SHA1

    a3b164fb1d2723cf5d04175b5c57d1dd8f1f17e4

    SHA256

    86ac35d35f98c7cc86ed943c377bd510442de396ae3e251372d5201f4c223ef6

    SHA512

    3a314b76f1ee813690169b08e112628e0cdef5bb925823291b611c09dbb5432c7e5050e66235012ce44436ae4dc630c54eb2bcd01dd931086d9b4ff7e4fcb717

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cab477d48de48f1321cda94e5dcac915

    SHA1

    0d824f06efb2b7ae8bb841d934b2ebe5f9b8a1fd

    SHA256

    f9ff8ee559e31e5bc94fcaeeb487d32c435979d71726cbb2507b0056205ad5f5

    SHA512

    4efe85c7feb30bed75ac657b7b591a417ba60c28228a7b99696756f56d5bef24e55e2de2b1fe7a2e532e64f2d236900687a91fdc24d818130b9e5f716c971095

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{19CA9A71-BDF8-11EF-949F-EAF933E40231}.dat
    Filesize

    5KB

    MD5

    6dff7e46cba0af0e4328833c59dd8564

    SHA1

    0a69a14292f5c6ddd679ba80d40bd590f045dd10

    SHA256

    36a345c277f3ee7ff778deab2ba37480af46d02b403d13a5303ac2de647031dd

    SHA512

    aa3bd33ce1a5dffef49687f24d9eedc2a2697daca59af72b7175da08b588ad54cf7b0aa56c5a659d079ad6b2b1f72fecdaff55e019edb1e51569acde022ea7fc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFA59.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFA7B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    101KB

    MD5

    1f92a7cf627f4c7d554d28326f1da954

    SHA1

    b7befe20fd68856539347f0650473b6dad504863

    SHA256

    fee6b0318f0ba98b8df448017226ad900167f9d7cb1d21d603f5da3022f29e00

    SHA512

    07c8d54b2b68f11b9a05fd652f0dc5b3bc30de58eb20537846763bc011e64496c0636a8e37abbc96d07a6ff9c304141e38e8f0453760d48f753343eaa319fec5

    Download Submit

  • memory/1732-10-0x00000000006F0000-0x000000000075A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/1732-11-0x00000000006F0000-0x000000000075A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/1732-20-0x00000000006F0000-0x000000000075A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/1732-2-0x0000000007000000-0x0000000007034000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1732-1-0x0000000007000000-0x0000000007034000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1732-0-0x0000000007000000-0x0000000007034000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2128-18-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2128-17-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2128-13-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2128-14-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2128-15-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2128-16-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2128-21-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download