Overview

overview

10

Static

static

3

23315a333d...93.dll

windows7-x64

10

23315a333d...93.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    67s
  • max time network
    68s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2024, 10:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    23315a333d0870f3afda57524ecc286b04905a59c54c3bf8673e964aeb446e93.dll

  • Size

    92KB

  • MD5

    b295b905a240e5ed1ecf784097770661

  • SHA1

    86da494e46938fb94c225e4d30bb329aa84b30d0

  • SHA256

    23315a333d0870f3afda57524ecc286b04905a59c54c3bf8673e964aeb446e93

  • SHA512

    f31d145049ae75383ed4f1dc69f0b8b50a422522c833c166f0761e96c875b34406653f304142961ccd2ae1875163764ed1cf8a4494f3af124ab5bd4c1eaa56bd

  • SSDEEP

    1536:w4+1pTaZPWXlMbBUILfnMBi3T5vNE/j19dbxIO1d5/Oo:tjulMbBUGPYgTPE/x9dbxIi5/Oo

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\23315a333d0870f3afda57524ecc286b04905a59c54c3bf8673e964aeb446e93.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2096
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\23315a333d0870f3afda57524ecc286b04905a59c54c3bf8673e964aeb446e93.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2592
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2368
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2444
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:492
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:492 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2896

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          67606f4972e7e3e66047643b50e2f929

          SHA1

          def046248cc5e0e82db1300473f6313935ba43b0

          SHA256

          5f2c0c69b0297e8e453b75560f2a3f093f59a520a9756574eeaf55f8d754eb98

          SHA512

          905d5303573d8a644121f2426bf711c3a41b819e1c71d8427b99f6bab6b385491b94c79cfa3829addd6673b119d9bbdfbf0dd48e58a3250d4995e6d7c29457ea

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          21c546c6c2425cd37e5aa67a30c70c0d

          SHA1

          fedea39514608c11caed06182b51d7c67c47731e

          SHA256

          a4d9c787be9eb941cdf617a5cfadb9b23f41e40f5715bf2f93cb0ce389d15319

          SHA512

          dc4b0599ab98aaf0e36ca83410dc4a4adb54ca19e174704f79fcdd1fa17cd6d0a872fab12a690a3c0e19bd6cb09d6159d2715308e883264fa2eae3280373b668

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          904666d938c3ffba132d93a653df5a10

          SHA1

          fa9c8f630521b1b6fb0d763f97809a045b2cabd6

          SHA256

          c92c030124d1e6f3e23a9807b2912e1a21e9c672e694a3e4844a60a0c7bad339

          SHA512

          935b517ae9f561fe4d5daa57b517c3b759f623bc2c55b216aee25dad26a36653a9e90badfe7198bc759a095d4de3399d2ba5b930dc19d47c093f63b94d3dbd13

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f885d97bc11add33e11e139e0595eac2

          SHA1

          582ff744fa459cb20501e965c73878435e2ce18f

          SHA256

          44844eb0e41bf8f9016811e7fb842cb6b7722f9111cafaa1aba7ad373dd1af85

          SHA512

          8e38f9b4a563bae4841276beafa9b171483b308bad961c6c4aaaf5eda4a9bdcdbbaec461213abdecf038eb4307ba8de84c06f6da51124f9e8577407a1bccc9ec

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3c8ff0998b52bf6f6999711772f0d3e8

          SHA1

          e77d4add2af868a2c9df3bf4f20025458c5ddb70

          SHA256

          83e3f6ed0bb2110d6c98963a4fa88482a7ac3e06c7b1e486ba68a28e19ae4b61

          SHA512

          0b1b4f63c80d0c8ebe5fd424b369838f33bf8bbc5b3fc65a338e55345aa37f1103bfd9d8b303286770f3ec05842690ef0bc4b9344f4f14c9fee860c225e55e98

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          565661573534ceb7a27cc0a14db7ce48

          SHA1

          26454ba92accc91ea9f4e56fc147f5f8987c7ff4

          SHA256

          0edd51cf048d743f5d13cfd925a2407e23f09728d0856cbc16973160f56f22f5

          SHA512

          5e6bd4ff678144e48c6c12354ba5bbe9ee2b816a562c2ecb4fe6b74ba5b21a98f8bec3435c7463e289c87c77946024cfd98007ae936d1bf74ea20f8967bc02d1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b720a2290bc142c391713878ef52da52

          SHA1

          2823da9526cd9418639d3a0b01edca67bdbd2090

          SHA256

          c5d7016a6e725be04e01b3ae4994782453ec487ffe6e9760ed39b4e6096d4d6a

          SHA512

          ab13526a8bd50820b91743fc21e3703e04a2274b63d80bb4c49befd6718b9e38f817280a0d8ef611745af317d21fecabed91ab618baeeba040223ae2c66c00ae

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8678de253c1e2448deaff799179a39a1

          SHA1

          51d75876238125dee0a0f5e14df96c98d3bb1721

          SHA256

          b30910a8a42b5919bf631191ff663f36217ed74780d36ee724548e1942530a0b

          SHA512

          75904a05c2da09055117337f3638e75d707f7bfeef030e5655023f9fab1ec81d49d4c8b1a3ed7f39ceb0b0353975caa01f7faa47699b974cdea43e255ae619fe

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          be6500ebf88416ce9e2877d1fed0e0e8

          SHA1

          c88d76bf4c40a0b2552c7136a36749e16925d2d1

          SHA256

          52ad16b6859dcf1595d9cf5c6491722c26b9b8305788f777e81543f04e289837

          SHA512

          b98f710fd7467a4829be4128e48d18a67e4a2226ea32dbb20047097b0d0b04e7cab0187a8b84cdb49283868e5513aa817d77d17f8af42fa54243002ad6a28808

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          637cba513a389a445e80d1a10ba8e289

          SHA1

          7125291468d0c048aeae0b2fb90219602c734af2

          SHA256

          c06eaf31af382098733ffbbe92444d74550f9ff7b49acb214d27a0cb3d1b447a

          SHA512

          29b25e09c147dd29bbcdc9d37b5818b6b61853f9a6ee561bcbfc94f0ccb26a5d60a878385f01cd5351d006bdf102125c20106d8bf009f1fd838dec74bfef3940

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b7b3d9addf81bdada7df64b9159c6fbb

          SHA1

          06038741935b723a1187f5d276275c3bedcecbe4

          SHA256

          1b06d1b72cd8fff3c8b0e729abd1c30111f50a153cc0a119c81c6eccc5f3dd4a

          SHA512

          219ef1df06097b3d764b00585e1e63a6b8f1edd6545fc7e561bd09fc4f9425c4d7a23d337d06b4039283c9b2d58ee839dc63bed2246ac9343458a9532c117380

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ce12319a4d0a0cddede44ac34a5e951d

          SHA1

          dede27cd5ffbd46c7c5614a8f6c6bb30748da3c2

          SHA256

          817de250366e0ad6afd5bd6272d71dc46dc765e2dc59f178afa8b76c4c3208ab

          SHA512

          77df6b1c3aef55797ea0a8807da7f7c22283079e2d98c26a140cc284c3efa8d55e54c2cb1924057ce0bb22560cd8af53cd0e91ce85658e8d4d44dc41dd8c92c9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          730a7bfa0bdd2c94d02af95625ff8fad

          SHA1

          7188494e18a5c32529a138f4a8ae89b7f4b80d58

          SHA256

          435c19b0ec817f7d9c112d9546b357bea109d5d21f1554db8b501c6cf0dc8714

          SHA512

          5c422e638069b39324eaa5bbecacd04a657c86210b44ec16ec8bd7f6394dabf00229d65ddc622944c9f779096d3ed14ae2ac83c6fb248e5f9e06db1969601875

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          569d128b2ccacdda0cf21fc9b00a07ca

          SHA1

          06768a323df8b63e8229deae7967ab706b69e3b9

          SHA256

          eb23974035d0850b7caae4081054a1c9f1314298e2832038db10592a77cc7ba3

          SHA512

          7887d946790dbb09861116da8a88abced4a76feeaa2ce04c57c8477e5e61e43916e4c59a0a13714b0689609ec7a05a4e42da65dafe6192081143d35e6b7f6f1d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          0fb07464d4192449ad636d98d194cc1d

          SHA1

          1fc84d88edf3d3a4a5bb5f74212e36e15d39fbf5

          SHA256

          e807c6c33d66fec1ac511a945e9960214eea3ffe9dcceed273109eb9715181bd

          SHA512

          d6ae4e2576f9bf626910a95d75e6e9835e04b480a202d2cde7a57f81238d61c2b58166af980826ef6ab03592bcd486d78a92fbceff8ea0aaa4626d2b767a832a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          95ee1754ac0112a7e95ad40003917914

          SHA1

          94c5b88e44152dabf3c25464ecab3eb1b94ea599

          SHA256

          c721fca94d92f2af28590283f744cfccdfb03b3c547a1307089e9829f53c0cc1

          SHA512

          3de908debdea4382242b3a406370ef5c9c41386f3376ccb090ae9585d48585b71b82b466493232e39b1d782173f38bd5928b3352502602d5a8dd379f8afe4a08

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8f98cb8621375a7342a74ae52501f367

          SHA1

          1cdb00da010dd765afab25a2e0048e6c81d23120

          SHA256

          10d25bf6275b4e77152068752fcf04d286a5288f41a61da44d26d95a24f83589

          SHA512

          c2583e149a43874026fb31a1feb57cc4f999ffb4863ccb583260a45f5c94e929218f6d5af3a11e7c11094ad15f5c3f86a85b730515228d8abbc5c140c457585b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          609139786c495a6b48a36aa07ca19ada

          SHA1

          04c3c935776693408159e512b51d69abe9223173

          SHA256

          f0a0ff06e99a136d6ebc4381759fd6ce5eb41301c1e3daf8e7dc776e168ea31d

          SHA512

          1594cf3dc1836a30b7608fefbbec56c4dbc308d2cd8fb70d225f445acaff6b8d70236857021bb1e2f40c479a46a15ced5a20a4bb52757d208e410fdc714cb9a7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d5de0d1a1f1ecbb25568b00f1e5e551b

          SHA1

          83a090fa6bfdc3915a3eb377368f37db20939732

          SHA256

          e5c7665e2c59d39a6ec98ff8384e80960d72af340d20ae7bd8661314c718efee

          SHA512

          44070a270a788369953c5d0303607bd198323a6e144e29059e5a4800f4f3621e0d4ff8c5ecbca36782d89b5eaa97b56b6da72b1225ae1c33da11fc0653b898f6

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabD2AD.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarD36B.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • \Windows\SysWOW64\rundll32Srv.exe
          Filesize

          55KB

          MD5

          ff5e1f27193ce51eec318714ef038bef

          SHA1

          b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

          SHA256

          fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

          SHA512

          c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          Download Submit

        • memory/2368-9-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2368-10-0x0000000000230000-0x000000000023F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2444-20-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2444-19-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2444-18-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2444-17-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2592-3-0x0000000000710000-0x000000000073E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2592-1-0x0000000010000000-0x0000000010017000-memory.dmp

          Filesize

          92KB

          Download

        • memory/2592-22-0x0000000010000000-0x0000000010017000-memory.dmp

          Filesize

          92KB

          Download