Overview

overview

10

Static

static

3

1863026670...a3.dll

windows7-x64

10

1863026670...a3.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    69s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    24-12-2024 20:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18630266705f0a37c0402cad980b09c85654717d37d4c07a0201c01053026ea3.dll

  • Size

    124KB

  • MD5

    8374095052a67e0ae44e11cf98fc46c9

  • SHA1

    face6c48a88725b3caa7375560d67badff8ff878

  • SHA256

    18630266705f0a37c0402cad980b09c85654717d37d4c07a0201c01053026ea3

  • SHA512

    1380557e7a54243e80e6e4402158214fe604fa86a1507dd02b154aded8531c75c30a39e8c546769309d89fa6d39c5c40c95f04d3803b21d240029ccb2c8169c4

  • SSDEEP

    3072:ij6toPMM7VmKeZ88Dkj7oR2SqwKJXtf5DGyVBQwIY6X4L:iHcvZNDkYR2SqwK/AyVBQ9RIL

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\18630266705f0a37c0402cad980b09c85654717d37d4c07a0201c01053026ea3.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:108
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\18630266705f0a37c0402cad980b09c85654717d37d4c07a0201c01053026ea3.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2008
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:1244
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2156
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2900

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a4fba3a14891764e27aa7f3a629e197

    SHA1

    68d9bdd9f609cacd0a0847b47c16924ea4b16034

    SHA256

    c7e01e15b258d0b360a8414b15044a0bfe15dc50bbb5f51e6f187fcb6516ecb7

    SHA512

    0fc30a8e4763028c4450e5d01f2e55b1a5da639d06064412d8fb79d1535fef6bc489ab174bb297d1ddfa3f67e1442a07f6360c843d429ac46f62ecd2a7934a83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd44582ffdbd858725c5f9af74fa25a2

    SHA1

    00c5e3a4afeb8566a2d945c753e037995e9489d2

    SHA256

    4c1501fcba3ede89a43a6f1b3815253e6f294933d23bcef3161ea46890466474

    SHA512

    fc9df39cd60613c4f0a716b21854f42f67b6db855ee06c8017edbd1d2992ea1521021e3ee8a1dccd8deac8cd74fd2573b2eae45a1275b528580e4628b736ef5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    041b3ea92ffbb89a5f3312a7457bfb7d

    SHA1

    c11a171a37b19877dd96f4bb38cd533bc7c0ba27

    SHA256

    30e7adcd2bea49a17ecb79eb5ea0ffb8c9f6dcef3ca45a5b3426622e8cc49b1f

    SHA512

    ee8334397ab7658723983de43d3324dd491e76d6acbdb4fe0d1e80c836a828895cc1746b39c84161ad7d481df7c949b811516517739f3abfc8c8e7a9e7eccc0e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    877ad22cf18e96619c586d10bd6a7c8c

    SHA1

    486bef50787071540f672b3bf203c75664930081

    SHA256

    03d547f60517467de44eb22f80f32fefae971016cde0f0dcdd40eb85809a719d

    SHA512

    1013de4454b6f5aba33bb4882c00642e9875b500173787c6945bba49ea47d5b1acc0dac8658fc062297add464d5d9494566ab8dc8c7823f153f01c347e6818af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    30e79aa25a56f794e6c48725a9f69084

    SHA1

    b64a0ae491c15c98baef148f1ea2be5fe20df838

    SHA256

    18e14c1d64577965de9d56d32d5f41521e7ff510d4ced763454e035178f09e33

    SHA512

    18f6ac9127a136534dfd3316db9ad1dcc4b0694d31a250d0311437d4c32b8d0d9165324cd69eacf4d9b87981f8b52ffd828a3743431456b53617470e053aeeff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ba1044a13ec377b28878c13a9c5bb29a

    SHA1

    7f7d3b86ae24557e6204b1ed33495ff837453549

    SHA256

    c3d9a75bba8153c91d059b9b0625f656fa3a397a887624d9a60ed606bb8a3484

    SHA512

    2e8d9d3b60c563daab9f80f474fc03878ba2ca03a84b855a62a7687e79e3ace39ffa12de6e2b4959ba983e622e9753050fa59e11206990987236da3e316fe137

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f620682f10a1d51c433a470f8d0e2af

    SHA1

    c35eef5c235c482f478d122d6592ed867159b92f

    SHA256

    f1df22156bdd43308fc3557792039c8395deb2be7f0cb74d784f1790e87dc724

    SHA512

    ea20138fb4b73744a7e4796a4af463de4dd2283de2d8165e7a6a16abe616a34573d346d7d8d8d5c85ec9b60ad324db6f395a8528f947e09de7679f41a0821485

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    26d940233143bc5ec89f3552dce76cb8

    SHA1

    22a49d22d28f8427e4b8451f71cae987a230d41f

    SHA256

    d377a977aa4f3f05988e64bbadc8b37323676824285b6c422da855ba8d170fa2

    SHA512

    f0521653ba7b56e80b6a7a0623fd5f6e3f61690a72abf6b8f6718f5aaf18b8240718134770f64c6a09229d60ccc7816cdd1fdb4f7fa8cb73912d478ac0f2cf91

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91732ccfcb5593e2e220d75815dc54d3

    SHA1

    f3d4831c7253a8d79616e222001bf9bada2f09e7

    SHA256

    248e7843444d307405b17db666c1936303bf2a451f1d0a2e608293eafda1f725

    SHA512

    2cd7cb91533fbf4bf363957a0e4bb9952f2a466e7d72701328eda75f5b8744148ad3db60758ab13f9742669de8bc7e59db1a4bb0222b2d0601a261cb3baa5a96

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fab5f98787c9d8d0b38f9eb320d7ff3d

    SHA1

    3594591ff852b6fb18b8805a9f3288f270d5e23e

    SHA256

    c97b9db626452ef4d795150ed316827891b843c6480a428664d07e103886e267

    SHA512

    17ba7343ec7df5449696350d4e028bbc444d563894a84f4b95199de13eb926ccdef6ea3628801d684d571c50d3b40229de2174f68895796909205952f9dea227

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2dc9f9aa9274ea2fdc46fb0403260edd

    SHA1

    1fc60539ac7e7f65d2fe55332fed0ba0ed30d8ce

    SHA256

    8d1b1631b39dce53530c34377c582db92d67f1108c2c8734c752294004815f8f

    SHA512

    dddc20c918844fc908c459301eeb88d352037646e248febb2afb4f004cddfe76a19de6c2cf6f342e0c988236e56101347803c056ff721e6e0a13b3bc1af96908

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    90837412a62a78fafb67308daf22cd36

    SHA1

    e91bb0df99fd1ea2b21806bcb843e7851a346764

    SHA256

    79eaaaf0a00ceeb5b0646491ec212f5ec17a23016d2694a9f8908c082a54f81a

    SHA512

    d91730f76aaa9a2b97e9b7ce374733165dfe26ae78a56f0e62f941791962036fd0db08a315b08a7fbbddfc6759ea7ce60c15afa7468bedf031fdacca477bb868

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b29eba9a76fe9a268c6f53e121df4298

    SHA1

    8a447fd97d40e1ceaa007c99c654684f2bb55b70

    SHA256

    05a228cb1c20b5a12f270f1a2f467831014480d5b29cf691f35e8d0cea5762be

    SHA512

    621bd5afa2aaa2f58b310ca1d6c697e65b4301e78d0e7c8957878c8d29e966e110b65b84afb28cdfa79840d57ceaf566fba141ecd593f105dfbb704dd5e952c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5458106717cbdf6d934639a08c737a81

    SHA1

    0207ac2ba5647d8d26f66c52660012265b45037c

    SHA256

    fd1e306605c44d59185885cb1435dbe2a6d34a461722d58a32f883cecaa05fc0

    SHA512

    3df9e81f3548f3834d2648e08f1d503b99aa0b20154ace416610223c01bcca82ea153ed101557dbc0aca540a585ed004ed33a01ca0ef17928efab00b94a1e634

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5ca8f7e26dd4d30ffc66fbd9d6234326

    SHA1

    23a9de48a0ea0cffd531282518c808a5b8ab1418

    SHA256

    952f53d5a4e4379631e5a9bfed5fc4fd7c561d74362b1253ad54fdcd9284a590

    SHA512

    f418cd38a662ba7cf37614f47a5862612a6364a90a28474f0dbf5c9b57c6ce4647387a1e550732451c88db35bcada309d25bf97bb0ec84338d375ee50d41a19a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6b6e589b87e6143e5641b03a13ee5a5

    SHA1

    d7f022e495da9a17f67afe00b8b8b0a96e2d262e

    SHA256

    64f9873f54c745957bc595fa7cc2508cddcdd4df27c0eeda55820c5e5c9d9501

    SHA512

    bf5615a52585c58e3cc51981c43c947cd2f1ea3723109d2d6c9ab985199aeb8a5f4ef79223c708f093df498cad7a49ba5896102c54f4c37746e0f2c7c436a439

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    760e767ba9dd61ae5abe58ca49b44ab6

    SHA1

    d097a8db020454df09001d65a38d10a2df24a1f8

    SHA256

    aa1371b6128f841fe8c9ea74d8c85240286e4e6a5dfc6ced97c779a93fa54670

    SHA512

    4ff0a1dde7e0432b3aa51d9c64e1e80297c88c558fab66b3a19f50a90be824a6935c0a4597ded9360428c52b7eca48576c1b5f1906a178b76bb9335f84ca98b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    31d39fc52a131cd830e960586e48ccc9

    SHA1

    8ebd16454f45bafaab9e3b841112f023dfd1aac0

    SHA256

    ecc90f418cb2d2d964730d33aa5a4c3149323e1cf408cf6e1e6eeb42554cfc6d

    SHA512

    aeea8c2b40e6a3ce517a7d45ac3aedfc7258502d7536d49f4b849f72e32e201840a538b7e61daeb8aa1d02a2afc9e2c39c66561f8dc1a782cf4ab0ae948cfb8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a472b54473d1f0f9e560f6756ad5a46e

    SHA1

    b0ff9dd5ac988805dad4a198d707f25b3122e035

    SHA256

    a947e14936381f7d1611d59e9564203dadf2fbd476f41b5b337da6dea44ae397

    SHA512

    8b3ce2c2ea92bd202139bc6d7834d923779b847830128db2a5f6ebca00bf4aa01760f8dab88992c83d62645df20c1cdc99ec173f07e390afad889dd501945be2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3C96.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3D66.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    88KB

    MD5

    fe76e62c9c90a4bea8f2c464dc867719

    SHA1

    f0935e8b6c22dea5c6e9d4127f5c10363deba541

    SHA256

    5705c47b229c893f67741480ed5e3bce60597b2bb0dd755fb1f499a23888d7d6

    SHA512

    7d6d5bfb10df493ffea7132807be417b5a283d34a1cd49042390b2b927691fd53ecf8eee459c727844395f34e4230b2cd85b38b7fb7df0a3638b244d0c3f6394

    Download Submit

  • memory/1244-15-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1244-13-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1244-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1244-14-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1244-21-0x0000000000190000-0x0000000000191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1244-22-0x0000000077BAF000-0x0000000077BB0000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1244-16-0x0000000000340000-0x0000000000341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1244-17-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1244-20-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1244-19-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2008-0-0x0000000010000000-0x000000001001F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2008-6-0x0000000000170000-0x0000000000190000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2008-452-0x0000000000170000-0x0000000000176000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2008-2-0x0000000010000000-0x000000001001F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2008-3-0x0000000010000000-0x000000001001F000-memory.dmp

    Filesize

    124KB

    Download