Overview

overview

10

Static

static

3

befee44fa5...6N.dll

windows7-x64

10

befee44fa5...6N.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2024, 13:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    befee44fa54ab0d72e25adc5b34d1f04ac7d08be6a577b9a738aa9f3cc726af6N.dll

  • Size

    124KB

  • MD5

    e118492f7909287cbf772a0c9d07e890

  • SHA1

    59bf670ebc18f804bbec9c0dcfafc9995ad54c2b

  • SHA256

    befee44fa54ab0d72e25adc5b34d1f04ac7d08be6a577b9a738aa9f3cc726af6

  • SHA512

    75cd0b2345a57eb89d1633c5b57c4665ab3194d4975327d3896c518717c2455cec4c4e72a8bb93ab32362c47b1e6f4cf18816d752d0c67d74314774d865e8b18

  • SSDEEP

    3072:Sj6tEosM7VmKeZ88Dkj7oR2SqwKJXtf5DGyVBQwIY6X4h:SMcvZNDkYR2SqwK/AyVBQ9RIh

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\befee44fa54ab0d72e25adc5b34d1f04ac7d08be6a577b9a738aa9f3cc726af6N.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\befee44fa54ab0d72e25adc5b34d1f04ac7d08be6a577b9a738aa9f3cc726af6N.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2540
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:1736
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2492
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2492 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc9e53401e33114151e132093516f2f9

    SHA1

    ecac46ce3e81d3a5ae79e2cfbbc7a8d1c585a009

    SHA256

    8ad39a5df67d4d3cdc8e75defc37e507fc23ae695d8dcd0514b15664ad17c246

    SHA512

    7ae47e1f997abc78934770e045f64e7affb2acb80ed06c61ed7ca40a62c7d064a67f7f8d2d93edb7d4bf35ca7de6e91ce8a728103810b65ee49fe97ebd0bb580

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    973c5b3525c9f9a6e4d4b171467e61c3

    SHA1

    9784863c5b91e1b8a68ac00d058f25d6e866663a

    SHA256

    24b7a79b94dfd273beb33798bbccfeb1e453e5aa8e48604d38c4bd042e4522ce

    SHA512

    0c770c38787c8bb187d1bace507d0597a55721e2a79f3d60b0561b343e7ec88f2194646347f330e82cf66b3694e09401576769fd98d79f6b819b7660d22412a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f1884e0bf8d972f03940eb4130334202

    SHA1

    8e288a449628b246ba58d45c16a4be5eb56090e4

    SHA256

    9229592debe15494fa11fd264bb56683dd0c2aa23af2d27697293e30ee696eb5

    SHA512

    56a4996c886a6d6d649677cfdf2006b128b9defe1ed3ab4387fb1dbc91cc76a811fc113c7df5713e2ac455964329ea9be412d67f0584d97f2470bd67701a53d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6709c61c7989c7dc213275a0a1e920b1

    SHA1

    e86fea127e55f8076fdc57cd26a5f26fceed95da

    SHA256

    3725657b9e5dd96fdeb23e0eceef177d5775153534ac354274e91226e4375db5

    SHA512

    ba44d0cab1be53842f601965b609f82fb48cbbcd767aad21600580c40fc41eddfc79077025640fb31a0feb77879dba90eb183753253cc6f85fd1562ebf36ec5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8b9a7db1c4521acab2ebbb23fa6434d

    SHA1

    b7ab1a9cce2fc3fe11df70f34e18afb71580b817

    SHA256

    922bf5aa490e51b3ccbce709dbf8aaa3d6b1faaf97eb95eb938482a2fe40ba07

    SHA512

    199d8cd686657267f1927697760ffc7de36c33ec96cc5f6b2c141c99aa910d5aeb43f41e8c92417dfeb068383a364a6c9ceb78c2709a9e493601c67fbb0fe2c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8170b5487cfd2168e5c7c18f7053b413

    SHA1

    0e1bfca76a1be924cc0a80f7802c082b34de1bae

    SHA256

    b5deebce7bf76fd5379fb1b3e4c058d906563d5a2c694e036dafd75514f3e8e7

    SHA512

    81b249d3033520eef79a16e0321e5f092e8457b2c7cf97f9025e8f24edd5fd35f32921fea41d333743fb7c95ce088a1fe66b8ca834f27ee4e73101f2d08bd94d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3bc2432656c92c22cad490373ef65e72

    SHA1

    139efcc4f09ba0f5d99ce123f6c3d23b95d2a7b9

    SHA256

    d26242ada3b90c14bf77a5b6ed9d41c9db89ba2e8854a4f67e84e4a5585df157

    SHA512

    1873df9bda0f717a483e6c289a1b1d11c02d0b02bfe50ab85efbe6b53e5462e22d15f1f8d0a6f0c2fe47765973d4ee02cc2976795f614f78e7fe64382f798840

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6fe1105222cbb9ec4840da349ae5d857

    SHA1

    50056cc9cd2e5f9738d251f48f5fea2dc359fca9

    SHA256

    f29062d6f0b4f6ef2683dbfba4849292ee71f5a0a651a2f14ae3d2ec90a68954

    SHA512

    cb2f3c5593e8aae731567b6286dcfedbde656bb06fae828abac14a950c09a13dec4efa85d0ea34050b7e46447f0a142352ce18642ad5c3c203ad7cd5c2a25754

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6f33891648806ac5c377a590e935d0d

    SHA1

    67aa7c28dead7a4677792822f7634111917a6b40

    SHA256

    07192bba8d081828b28e359e148f5c46a5d38ef2739a546572eceef408942a6f

    SHA512

    9ba746dee8133fa9c22e23543c5df0b2bb17af61c427765cc6c47c9360eb1bed5b39e4e6ef4cc7956b7cbc6f2a76f1949379d2345bdb9c37cf32b80c43639f23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5095b96b02c5d9a7fca9754099c0bfc

    SHA1

    7032f366aa8874806738d92919065623ae5856bc

    SHA256

    d073a8090497b12cb8983b07738ad9e99c118428c4d1886c4870fccbcffcea3c

    SHA512

    dfab53035ee581510b5124e82f24dfff4b3752b0bbaf3249b9bddb00190e1633b5a558774f56cf5ec2e213c0ebd8f852db491f7c22e7bfa75b8c46ea68d87029

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67057af496b85949923182202b3c70d5

    SHA1

    2b9584f5298298d7b4c9c271c31e2608ea0df5f6

    SHA256

    8b321090103c5b71cff6cdcaf2c8ccb94b8dd782cab8200a5589b065bb60dd12

    SHA512

    746d3465673cbc53657fcbdbb7ead3bcc20ef2c0d87b63a36de1bb4be87566f346944464e9d09c3cf9d8cd524f07bd9ab999af8c9582df071157f024d6eb2263

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cf2283d4ca43360cd3eb7f682f7f725d

    SHA1

    2c3f92b93a82bddc933f06c44700056368c63a77

    SHA256

    5bcbebfa7eec2282caea982e05606648aa9030b9179cd4cb608a8cc71d3efc02

    SHA512

    e54a6dd5bdb7731639675c2bc06698ec06ee0cef2f95b5c566a6f558e20a34f00b1c53b7c7fc8be6b5d1e6a1473460b6cf799a5a353941322de00cacca8f54d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3de350b195a95f3ffc7add9eb71dad24

    SHA1

    4f38184bdc60a84d05cca0355bcbda02a07940ee

    SHA256

    51f389f6a0918cd3a024216932b5d4be6f8f21e1777d472d6e712c17e0b4a2d8

    SHA512

    05ec3c1d2294ff68f13de55313876ce20a71e2e4526cc72fd72bcdd5bc1b816e350260b355b0dd71797cb21af4375243cdfa53683e96e3303772beecebc2ac72

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d548a68fa1e85793b51c872bd2ecf01

    SHA1

    3c05c818be34962889c3fae5b837a1fac0aff505

    SHA256

    2fc3c5419f53b8205fbcf953f1fee5611247566bc1ba756d2442ff6b33f1f3bb

    SHA512

    7c70eb9c7820088769eabb2cc649f5be55bc01d0da5fc1c22721199cfb798b1b0a88a9ffd956126ebe959bda18b3276bfa34e8bb0a140eecc603abaf6a25c9e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f0cb0243da978571705b425ca82d87cd

    SHA1

    f8da95674c1ffcb66405e356957b80dd677426af

    SHA256

    c0ef4bb5b8a9e6378ebf24870e152be5485bbe2a8b87c763c94d10d8d97f4c7d

    SHA512

    1249e9ab7865f9810026c529f02ba9d7e3f9728f76226ee21d2bf21a87be61f5126a72663ead0b601828e2537be58a461bb327b0dfa442e0cbd8d840560c8cf6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6385f401f768b7fc8e8bafb11cebc69

    SHA1

    0d3d5bd3f03c2252092d09cbfe89e64c26270374

    SHA256

    2394dd5c75b9a7aa301fa2efee9098f3b7a196e0f7d99abaa56fb96062738bd5

    SHA512

    d5ebbfd9016bdea5d36ef1097b371cec4e4cdf5ce03e5508fd9d7e7444e7dd1c7008f9fb9369b9e01549bdacc518e9e2efef4edb08cb5b90d08746ac66d772b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3374457c0edb52b66e006b27ab3726cb

    SHA1

    d881a98ad324e33b421a70fcf73576dc9e2d4ff1

    SHA256

    a3f8858867e9f0707a956421c86dcd17cf27b912c026e0839beb3fcda29171f0

    SHA512

    11648eb457a26bc7f4d3a9316115092d83622311a1e64bdd740031b43685a588ae5496d54f0a82c3817d3a056c9991a0004a89013919a72637b1f5b3a561d7d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f2108c9eed72bfb5929b0947b084b8a1

    SHA1

    ea5fd8daa3a50c76a6b82eb5a598ad83701c83fd

    SHA256

    14862a1e35b2b79df1982160c85e407ae2cec463d9604ef54fa7cc05df0b585a

    SHA512

    f3b1633cf570ace24f682a86d75472e87ef95f83b48d573d6a8ef7eaaad0505fe549c4e264e71e3e8ffdcce0fd26dd9b31957fe875d0cb0d303dafff0418bbef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ddfe9e73f8ea49ad53946de8ca894647

    SHA1

    62a4c96045e20801b7dc28fbf56840d98cdecff6

    SHA256

    84f9e510b805f03fe77760afd41ae6e1379d65d3a891f4267262ccc2e95f581c

    SHA512

    03bbdb145be4808c4d82355866ae16d2e7af2aa5bbbdc25c4e78f6190d55b8ab34e62ca460dad8c04dbd80a34f87cb0d6271226923902d11fde5f61c5812b3e6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC5C2.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC690.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    88KB

    MD5

    fe76e62c9c90a4bea8f2c464dc867719

    SHA1

    f0935e8b6c22dea5c6e9d4127f5c10363deba541

    SHA256

    5705c47b229c893f67741480ed5e3bce60597b2bb0dd755fb1f499a23888d7d6

    SHA512

    7d6d5bfb10df493ffea7132807be417b5a283d34a1cd49042390b2b927691fd53ecf8eee459c727844395f34e4230b2cd85b38b7fb7df0a3638b244d0c3f6394

    Download Submit

  • memory/1736-22-0x0000000000050000-0x0000000000051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1736-17-0x0000000000350000-0x0000000000351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1736-18-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1736-19-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1736-23-0x000000007716F000-0x0000000077170000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1736-10-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1736-20-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1736-15-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1736-11-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1736-13-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1736-14-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2540-12-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2540-2-0x0000000010000000-0x000000001001F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2540-3-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download