Overview

overview

10

Static

static

3

fad0cabcb1...f0.dll

windows7-x64

10

fad0cabcb1...f0.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2024 04:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fad0cabcb1cf639ba7b3c98a3cb1032e88bd42da59170c70ed3c52aaed5c9ef0.dll

  • Size

    124KB

  • MD5

    82a2d4583f9cb9be340c84604028af05

  • SHA1

    6df4a91bf08979adb430ebb8529e2d37b6be9aee

  • SHA256

    fad0cabcb1cf639ba7b3c98a3cb1032e88bd42da59170c70ed3c52aaed5c9ef0

  • SHA512

    fc83103be35b478f9a3c5b8487691ed3db50e33e51c4d79369032de4ab6d4fcdc29b0690ced566f413078046ddcdc92f83cde611ff824d6a188f9bb194bf5f5a

  • SSDEEP

    3072:/julfg5M7VmKeZ88Dkj7oR2SqwKJXtf5DGyVBQwIY6X4to:/+cvZNDkYR2SqwK/AyVBQ9RIy

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\fad0cabcb1cf639ba7b3c98a3cb1032e88bd42da59170c70ed3c52aaed5c9ef0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2684
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\fad0cabcb1cf639ba7b3c98a3cb1032e88bd42da59170c70ed3c52aaed5c9ef0.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2776
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:2828
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2748
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2748 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e88768735f58b9a32e2ff757b17a0ca

    SHA1

    c5a9cd659a6763c3525b3ea5a54d9ccfa51c0d69

    SHA256

    9a270215164e8ecd94230278d173b37250bab9035989966f887d171ae62e42bd

    SHA512

    b8f9449180a1c9540ec593762fcd2220ffe1759877cab273e77ba254a9491462d3640d70ce7d7c1a1f34b521f836ce46c59a277b32a1a14276d63e0af95cfe91

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e940f15fc67333a9f622f89e4aab57b9

    SHA1

    4c3ef5ac48b4b14e832b0bbecb33b1e1ae015e64

    SHA256

    cd3050958fc69c99878d7ce648d122930f3c9841b97c47fb0ed74cb7045865bd

    SHA512

    ceb763121302b655b3b778203094304a6de1ec7d1be6c69a1b96fe96eb031b77f7b9223e4b8476504acfb9e768abcd15073ed0252e637cfea647a1528d8add6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d05365b2f5854aaafb558211a17be173

    SHA1

    b8e56c76e44689d21d0c4c8162385bf28e8e8b7e

    SHA256

    fc7386a0589a33e6f941c4a7eaf9d7a7a25c818b613001f76ac7a6d1d3770506

    SHA512

    1410719bda8713e69aadbf7e4f44bceee03ad1c6bfed417a9982900aa1260dc7df378b302a27fe11e124e1679b3729a5cdd13b983bd4f7419a1cefeb9e79f8b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4de887ba636edb7be9297b464c3db350

    SHA1

    f19a1651a02dc467023f6bc8b600a00aa45dad3e

    SHA256

    c1a3de0d9f4f84bcbbfb77970ff0449b9bf3311a3e268d9697637e5ac4011c15

    SHA512

    156a292134ae4f9e9317db2424600d5e7d08e8a0f676b0cd98ca664fe021bb9362903b3b7bf4687e803c94d7c2f5015a5569558d8d5d40a8c33602f589928187

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b623987c3b51532c128c428c02f8095

    SHA1

    6a99a780b49ad2deeaf73c3e7b2a03bb668c91d7

    SHA256

    1adf0cb74945752529a887e97ece59b0bdaacc4f36eb9a8d00b288641678e51a

    SHA512

    80753f43e535cd0f9af7a98e53445372d3019fa822c9e811c70557472e086368692fd2d0de17a2960e70b6e70becbb4f16c11fea8cdf5ea555fb425864581999

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    006653ae8885ad726088470e4c62d39b

    SHA1

    b3e2c67ec1f04bd1f5099caa9beae03d733aee6c

    SHA256

    4544fa75be4f8c37b0ba3ce5a189467bbd4214052b30e06530fbd283d5298faa

    SHA512

    19b122e699be65b8cf691b8f8fd271fe1f4ac293a2d6a00e3e5d190c789e8fa21d6434f0d649eb463225622a0d1eeeb9a3bccc9cfacfce24a48149fb2c2f62c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d6d2d4ba69589055ee8484967034b2b9

    SHA1

    e817341e0505635df171dabd8740351daf785ce6

    SHA256

    40934808bff2f61fe83981975f5fb5f3fefd825572bb600fa6b4ebe33e0385dd

    SHA512

    84f60452f389098aa6684cf46130469a5edaa0981c33ef5d4ec8bf1bc7a0e85afe582d28525ecdc70eadbac1455a5d96964c7d3fcb061f74ce036cf5a65ee01a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47a16f2cf2a625f3d095e7050d462df1

    SHA1

    c553cc20ff875e60d2907abeea201fc1b8a7cd9f

    SHA256

    a743a6bd104e398be724b6f361ad14f50d67dbe12d7014f981ddc7da01614f8c

    SHA512

    97b688da995ec36d846a8d187198b1f20ac5a7d7d802132fb6fecad2d2e7b0823ab7e32ca306a5bdab76739667e03ebedb5a2ebade784ad62f923ec964e0dbdf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb057208bf75bfa1a9527a446a0f7d18

    SHA1

    d2a9007ca77428d1f1036c7de76c1194e250d39d

    SHA256

    f44428f8d7a82ce8a2d9ce08966584e8d7ad15c4fac1d8bbb8f0d098a0e9111e

    SHA512

    4f129cfb1a001e73effd6e5da6f09b0853f6f47837fd9719e0a4a7d14d98e1e9d96c1430aa7c94ec50c3e71d6ef278853196b5cc5ee661eef401ea2e4067ec93

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    86f54d7350edb2fd4a75a97476ea06fc

    SHA1

    e3c7cd751e395544a06da78775dbb4db2520b288

    SHA256

    4951eca2e5adbff1b4dada4b64297f039398d426bc348da64c27cd34950efa37

    SHA512

    b8eb657a28e23974e216ec5d9469611bc28350b1d75eb04321b7e3468e3b6cffcefc0c5cf46b21fb61dac658a3619f05fc2b0f2f009d7d3771ff92dcbd79ca2d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    100d2bc17a0f9f1cf223812b8d24d099

    SHA1

    5f011845e9249f32f455d97ad366d9d7fe93700a

    SHA256

    cf08065ec74cf172f2fdb4518d4f3e7201ec413a24693adde43ff512bd7421c3

    SHA512

    848d1980e28fdd986d95b090255ec302be673c060e65329895fbe7eb79f4f6f56cfa6f4220889e0228e734da11abc32fea0eadc9d41c2d0c11258fdb77f98126

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1bd7c549e0a681cd1c96f356a8dd6867

    SHA1

    38ef908288234bddf3b0a34671250d704353efff

    SHA256

    df91bc013d3229f1a1ce57a18fb099961cc720cfd2da587efa2c47fc1051aa59

    SHA512

    5cba69ba8b79d3fbaef9591bd832550c3cba02be166e694fb78f404e32e132ae6edd7727c859c3e1a7cb08c9d3179f51148e8ac502bf7426067c5119372a10bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9089b0620e7afb81da10fa9ec1a2639

    SHA1

    6427ed14fb3ecbd741b0ef4de311f9b232adb420

    SHA256

    a702d503d6c5dd2e44ceb20c8a2c6f453411a9435d741cbeff1a3be5ab734b41

    SHA512

    4b918dfcf221844f0e471b0e7fd886e30b3471b6ae799f6c1352e57b80e2d415e9d42783b9d0b5b4b4793d965668b5603af3aa09cdc16dc6c3faddb7be081022

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    59235eaf1f33f8f8d58fde71dfc26830

    SHA1

    dacf9b2b402aee8c8d8f04c4eb18aec618bfe548

    SHA256

    7e4d79c2d9aea8e1052d6301249bada453d658c7cde6ecc4137d4ffffb9504d6

    SHA512

    b6e54b151af18bdda2960cc667c1e5eea08fdd1b8c3adabf7b4a6d62d310870de9c636d39ad18ea336dea471cff899e5e032b8fb580899b1ec1e004bbe6cc5de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d6bd6a176f0071569aa71da52fcae06a

    SHA1

    a91f6b047c956763851bc5b927439cfa0daf47e2

    SHA256

    c7a693d8826e138fc28c7dc6756bd44e0869151c2ff297476d40ca44e4ba538d

    SHA512

    5c69768b98ce7169a5cc8fb8665646e3b01730b6b848e72c98fb9e2458a68ad1878d8c133005fd71ee1a0acbe37d0f97e6b137bda392bf97dd21b97c95ff335f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b7869c1b6a7c1cfa6f878b85c1fdf64

    SHA1

    8821f85086450e5bacec073946dddcddf3604a9c

    SHA256

    7ccd6108e5c3dd9c72f96510eeb8974b041f8ad2febaf60b68cfef347468460d

    SHA512

    78870826cbb3e29c41a1367e9bde98a070768e34aef6c85808e37ceffdf91881df33df4ce7c458d13294d8dbe44b1066fc2520f7ae20d35ee84c87b057661ee6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7cb5cfd52062803aba983b8497a658df

    SHA1

    7807f1e27d2e78f9b199e1167855e1e330240574

    SHA256

    1535c3f71dc42af54ef9fc18860273550a526e94ea2e358c705c925d0d4c668a

    SHA512

    62e58aec636fb5ac78cfd05859e1a4705dae398cc4a248b23af8fa8e4a566939664cc21b3a3c59a28e4f6fee7db0df4d2cfbba03ad03a759973f2c0db13ddb61

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da537527dec012f63fd185d12ca2d998

    SHA1

    6c74b2d4126082bfc6d344d25498d57841848b1b

    SHA256

    965b208f2f5e378e2704979e5f4999d656026179860d8e860a5f0a6193ff18bf

    SHA512

    ee64815c3dc0e24f6ee6ae8965ab484b4402fbd1eee7c70f769a7e037c4d48c31c00593db0c7a5500895a4537d33a4342ae5b5b67bca8f23cfd429628d04be83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    07140591a1eed076197ebf159170ea18

    SHA1

    c6d26c452fa644578ce6ebfe96bf1d15c09492dd

    SHA256

    a302efc7aed4013b527af2ee2bd474464406a9be3b411109230fb0fc0a523d78

    SHA512

    888dbd5675999267566b44450d975daa8e267da0aeb4980505f11e5eb916c47b6a05ce1d89b4cded0393b28f282de3ea52115c725032d1dcbef3a905cca94dc5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFC4C.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFCAD.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    88KB

    MD5

    fe76e62c9c90a4bea8f2c464dc867719

    SHA1

    f0935e8b6c22dea5c6e9d4127f5c10363deba541

    SHA256

    5705c47b229c893f67741480ed5e3bce60597b2bb0dd755fb1f499a23888d7d6

    SHA512

    7d6d5bfb10df493ffea7132807be417b5a283d34a1cd49042390b2b927691fd53ecf8eee459c727844395f34e4230b2cd85b38b7fb7df0a3638b244d0c3f6394

    Download Submit

  • memory/2776-453-0x00000000000C0000-0x00000000000C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2776-1-0x0000000010000000-0x000000001001F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2776-9-0x00000000000C0000-0x00000000000E0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2776-8-0x00000000000C0000-0x00000000000E0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2828-18-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2828-16-0x0000000000340000-0x0000000000341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2828-17-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2828-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2828-19-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2828-24-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2828-20-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2828-22-0x000000007785F000-0x0000000077860000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2828-15-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2828-14-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2828-11-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2828-13-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download