Overview

overview

10

Static

static

3

23315a333d...93.dll

windows7-x64

10

23315a333d...93.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    67s
  • max time network
    68s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2024, 10:51 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    23315a333d0870f3afda57524ecc286b04905a59c54c3bf8673e964aeb446e93.dll

  • Size

    92KB

  • MD5

    b295b905a240e5ed1ecf784097770661

  • SHA1

    86da494e46938fb94c225e4d30bb329aa84b30d0

  • SHA256

    23315a333d0870f3afda57524ecc286b04905a59c54c3bf8673e964aeb446e93

  • SHA512

    f31d145049ae75383ed4f1dc69f0b8b50a422522c833c166f0761e96c875b34406653f304142961ccd2ae1875163764ed1cf8a4494f3af124ab5bd4c1eaa56bd

  • SSDEEP

    1536:w4+1pTaZPWXlMbBUILfnMBi3T5vNE/j19dbxIO1d5/Oo:tjulMbBUGPYgTPE/x9dbxIi5/Oo

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\23315a333d0870f3afda57524ecc286b04905a59c54c3bf8673e964aeb446e93.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2096
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\23315a333d0870f3afda57524ecc286b04905a59c54c3bf8673e964aeb446e93.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2592
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2368
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2444
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:492
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:492 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2896

Network

  • flag-us
    DNS
    api.bing.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    api.bing.com
    IN A
    Response
    api.bing.com
    IN CNAME
    api-bing-com.e-0001.e-msedge.net
    api-bing-com.e-0001.e-msedge.net
    IN CNAME
    e-0001.e-msedge.net
    e-0001.e-msedge.net
    IN A
    13.107.5.80
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.8kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
     7.9kB
     10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    831 B
     7.9kB
     10
    13
  • 8.8.8.8:53
    api.bing.com
    dns
    iexplore.exe
    58 B
     134 B
     1
    1

    DNS Request

    api.bing.com

    DNS Response

    13.107.5.80

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67606f4972e7e3e66047643b50e2f929

    SHA1

    def046248cc5e0e82db1300473f6313935ba43b0

    SHA256

    5f2c0c69b0297e8e453b75560f2a3f093f59a520a9756574eeaf55f8d754eb98

    SHA512

    905d5303573d8a644121f2426bf711c3a41b819e1c71d8427b99f6bab6b385491b94c79cfa3829addd6673b119d9bbdfbf0dd48e58a3250d4995e6d7c29457ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21c546c6c2425cd37e5aa67a30c70c0d

    SHA1

    fedea39514608c11caed06182b51d7c67c47731e

    SHA256

    a4d9c787be9eb941cdf617a5cfadb9b23f41e40f5715bf2f93cb0ce389d15319

    SHA512

    dc4b0599ab98aaf0e36ca83410dc4a4adb54ca19e174704f79fcdd1fa17cd6d0a872fab12a690a3c0e19bd6cb09d6159d2715308e883264fa2eae3280373b668

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    904666d938c3ffba132d93a653df5a10

    SHA1

    fa9c8f630521b1b6fb0d763f97809a045b2cabd6

    SHA256

    c92c030124d1e6f3e23a9807b2912e1a21e9c672e694a3e4844a60a0c7bad339

    SHA512

    935b517ae9f561fe4d5daa57b517c3b759f623bc2c55b216aee25dad26a36653a9e90badfe7198bc759a095d4de3399d2ba5b930dc19d47c093f63b94d3dbd13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f885d97bc11add33e11e139e0595eac2

    SHA1

    582ff744fa459cb20501e965c73878435e2ce18f

    SHA256

    44844eb0e41bf8f9016811e7fb842cb6b7722f9111cafaa1aba7ad373dd1af85

    SHA512

    8e38f9b4a563bae4841276beafa9b171483b308bad961c6c4aaaf5eda4a9bdcdbbaec461213abdecf038eb4307ba8de84c06f6da51124f9e8577407a1bccc9ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3c8ff0998b52bf6f6999711772f0d3e8

    SHA1

    e77d4add2af868a2c9df3bf4f20025458c5ddb70

    SHA256

    83e3f6ed0bb2110d6c98963a4fa88482a7ac3e06c7b1e486ba68a28e19ae4b61

    SHA512

    0b1b4f63c80d0c8ebe5fd424b369838f33bf8bbc5b3fc65a338e55345aa37f1103bfd9d8b303286770f3ec05842690ef0bc4b9344f4f14c9fee860c225e55e98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    565661573534ceb7a27cc0a14db7ce48

    SHA1

    26454ba92accc91ea9f4e56fc147f5f8987c7ff4

    SHA256

    0edd51cf048d743f5d13cfd925a2407e23f09728d0856cbc16973160f56f22f5

    SHA512

    5e6bd4ff678144e48c6c12354ba5bbe9ee2b816a562c2ecb4fe6b74ba5b21a98f8bec3435c7463e289c87c77946024cfd98007ae936d1bf74ea20f8967bc02d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b720a2290bc142c391713878ef52da52

    SHA1

    2823da9526cd9418639d3a0b01edca67bdbd2090

    SHA256

    c5d7016a6e725be04e01b3ae4994782453ec487ffe6e9760ed39b4e6096d4d6a

    SHA512

    ab13526a8bd50820b91743fc21e3703e04a2274b63d80bb4c49befd6718b9e38f817280a0d8ef611745af317d21fecabed91ab618baeeba040223ae2c66c00ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8678de253c1e2448deaff799179a39a1

    SHA1

    51d75876238125dee0a0f5e14df96c98d3bb1721

    SHA256

    b30910a8a42b5919bf631191ff663f36217ed74780d36ee724548e1942530a0b

    SHA512

    75904a05c2da09055117337f3638e75d707f7bfeef030e5655023f9fab1ec81d49d4c8b1a3ed7f39ceb0b0353975caa01f7faa47699b974cdea43e255ae619fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be6500ebf88416ce9e2877d1fed0e0e8

    SHA1

    c88d76bf4c40a0b2552c7136a36749e16925d2d1

    SHA256

    52ad16b6859dcf1595d9cf5c6491722c26b9b8305788f777e81543f04e289837

    SHA512

    b98f710fd7467a4829be4128e48d18a67e4a2226ea32dbb20047097b0d0b04e7cab0187a8b84cdb49283868e5513aa817d77d17f8af42fa54243002ad6a28808

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    637cba513a389a445e80d1a10ba8e289

    SHA1

    7125291468d0c048aeae0b2fb90219602c734af2

    SHA256

    c06eaf31af382098733ffbbe92444d74550f9ff7b49acb214d27a0cb3d1b447a

    SHA512

    29b25e09c147dd29bbcdc9d37b5818b6b61853f9a6ee561bcbfc94f0ccb26a5d60a878385f01cd5351d006bdf102125c20106d8bf009f1fd838dec74bfef3940

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b7b3d9addf81bdada7df64b9159c6fbb

    SHA1

    06038741935b723a1187f5d276275c3bedcecbe4

    SHA256

    1b06d1b72cd8fff3c8b0e729abd1c30111f50a153cc0a119c81c6eccc5f3dd4a

    SHA512

    219ef1df06097b3d764b00585e1e63a6b8f1edd6545fc7e561bd09fc4f9425c4d7a23d337d06b4039283c9b2d58ee839dc63bed2246ac9343458a9532c117380

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce12319a4d0a0cddede44ac34a5e951d

    SHA1

    dede27cd5ffbd46c7c5614a8f6c6bb30748da3c2

    SHA256

    817de250366e0ad6afd5bd6272d71dc46dc765e2dc59f178afa8b76c4c3208ab

    SHA512

    77df6b1c3aef55797ea0a8807da7f7c22283079e2d98c26a140cc284c3efa8d55e54c2cb1924057ce0bb22560cd8af53cd0e91ce85658e8d4d44dc41dd8c92c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    730a7bfa0bdd2c94d02af95625ff8fad

    SHA1

    7188494e18a5c32529a138f4a8ae89b7f4b80d58

    SHA256

    435c19b0ec817f7d9c112d9546b357bea109d5d21f1554db8b501c6cf0dc8714

    SHA512

    5c422e638069b39324eaa5bbecacd04a657c86210b44ec16ec8bd7f6394dabf00229d65ddc622944c9f779096d3ed14ae2ac83c6fb248e5f9e06db1969601875

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    569d128b2ccacdda0cf21fc9b00a07ca

    SHA1

    06768a323df8b63e8229deae7967ab706b69e3b9

    SHA256

    eb23974035d0850b7caae4081054a1c9f1314298e2832038db10592a77cc7ba3

    SHA512

    7887d946790dbb09861116da8a88abced4a76feeaa2ce04c57c8477e5e61e43916e4c59a0a13714b0689609ec7a05a4e42da65dafe6192081143d35e6b7f6f1d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0fb07464d4192449ad636d98d194cc1d

    SHA1

    1fc84d88edf3d3a4a5bb5f74212e36e15d39fbf5

    SHA256

    e807c6c33d66fec1ac511a945e9960214eea3ffe9dcceed273109eb9715181bd

    SHA512

    d6ae4e2576f9bf626910a95d75e6e9835e04b480a202d2cde7a57f81238d61c2b58166af980826ef6ab03592bcd486d78a92fbceff8ea0aaa4626d2b767a832a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95ee1754ac0112a7e95ad40003917914

    SHA1

    94c5b88e44152dabf3c25464ecab3eb1b94ea599

    SHA256

    c721fca94d92f2af28590283f744cfccdfb03b3c547a1307089e9829f53c0cc1

    SHA512

    3de908debdea4382242b3a406370ef5c9c41386f3376ccb090ae9585d48585b71b82b466493232e39b1d782173f38bd5928b3352502602d5a8dd379f8afe4a08

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f98cb8621375a7342a74ae52501f367

    SHA1

    1cdb00da010dd765afab25a2e0048e6c81d23120

    SHA256

    10d25bf6275b4e77152068752fcf04d286a5288f41a61da44d26d95a24f83589

    SHA512

    c2583e149a43874026fb31a1feb57cc4f999ffb4863ccb583260a45f5c94e929218f6d5af3a11e7c11094ad15f5c3f86a85b730515228d8abbc5c140c457585b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    609139786c495a6b48a36aa07ca19ada

    SHA1

    04c3c935776693408159e512b51d69abe9223173

    SHA256

    f0a0ff06e99a136d6ebc4381759fd6ce5eb41301c1e3daf8e7dc776e168ea31d

    SHA512

    1594cf3dc1836a30b7608fefbbec56c4dbc308d2cd8fb70d225f445acaff6b8d70236857021bb1e2f40c479a46a15ced5a20a4bb52757d208e410fdc714cb9a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d5de0d1a1f1ecbb25568b00f1e5e551b

    SHA1

    83a090fa6bfdc3915a3eb377368f37db20939732

    SHA256

    e5c7665e2c59d39a6ec98ff8384e80960d72af340d20ae7bd8661314c718efee

    SHA512

    44070a270a788369953c5d0303607bd198323a6e144e29059e5a4800f4f3621e0d4ff8c5ecbca36782d89b5eaa97b56b6da72b1225ae1c33da11fc0653b898f6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD2AD.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD36B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2368-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2368-10-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2444-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2444-19-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2444-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2444-17-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2592-3-0x0000000000710000-0x000000000073E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2592-1-0x0000000010000000-0x0000000010017000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2592-22-0x0000000010000000-0x0000000010017000-memory.dmp

    Filesize

    92KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.