Overview

overview

10

Static

static

3

ceb667fa0f...21.dll

windows7-x64

10

ceb667fa0f...21.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26-12-2024 18:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ceb667fa0f91bd61777a95d14e12bc34862bf2bc9a5d32ebaf224206bcc0a621.dll

  • Size

    124KB

  • MD5

    492c0a5d67b16df1470fe03e9d6bd870

  • SHA1

    ead3956f6d055d2e172f033be8d5259feb18f68b

  • SHA256

    ceb667fa0f91bd61777a95d14e12bc34862bf2bc9a5d32ebaf224206bcc0a621

  • SHA512

    bb09e8af560944a4cd4a43f2e3af692d29bddf0dabeeae03171bcea9c24b5c6e7abb2e14ac64ed8e6f429164f3d37fca2e8aee4b78b499d44e9d236529e18fa2

  • SSDEEP

    3072:gj6tLWNhkRM7VmKeZ88Dkj7oR2SqwKJXtf5DGyVBQwIY6X44:gTcvZNDkYR2SqwK/AyVBQ9RI4

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ceb667fa0f91bd61777a95d14e12bc34862bf2bc9a5d32ebaf224206bcc0a621.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1780
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ceb667fa0f91bd61777a95d14e12bc34862bf2bc9a5d32ebaf224206bcc0a621.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2508
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:1196
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2644
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2616

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7766dce846e12e5ab08880fbb213e154

    SHA1

    f1167174a7917154bd30067b99f3aacb134eaa7e

    SHA256

    e7dded2b9ea096da1cbcadef55097756e8ffbc9a23a52a70a0ad4f8281275ab3

    SHA512

    25899002b85c80583c0fa256d08923c03c26979c2b229d7738c29819c01a74bec1bb5126aa0dd5c2bc4b85a6b5c8003955634b03c96dcbfb55eda346c53f05c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e689d97d334c5d2daddbd2fc5f755fea

    SHA1

    397805bce1b25d49024ee7b037051ffa1efd2800

    SHA256

    a43630f3aa192917f22d77cfcbd900b4dbe57ad07aa2dd101f07150e2db612f9

    SHA512

    4f73708e371cd0682e00f9649e2465808d8ff5e7bec39072baf514e940c77f38227f130b7871ebf26775feb0714ff1abacb93eef9fe433dcb317c46973721649

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b1be96d48b008a0c76f206ab00cec3f

    SHA1

    c5f05690fb1d8385060e2f6664927dc809559e8b

    SHA256

    0ecd40541f5eefe3ad4729cd32bc52d3962d44426edf3d229b7fb5fb0490412a

    SHA512

    abbe2546a9241fdf4514a6bd9acb3e2619d70a378c5d4fcb4c18fbe0f208e28bce6a7b0ad3205a344585f78d9543bb0b1f9a8422d8d9926c9646f5e371370d14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    faac1cb9235310445fb61a2702f6dee3

    SHA1

    d4f622bc9e7e9eb1fb6368857643b8cdb1332572

    SHA256

    d5ce5eae3232b0ddd53efcb05c9c5ccfcebb1b45206fc385525fa01c1c345bf0

    SHA512

    697bafe01af057e200045d447b8b5ab5de849b75e906f81c72e127cfc40948eeda764ba58cb966a0d315aa0cdc47cc1ae898f97585dcf5f9e6e45448d8653dc8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d3255be5e5a806eb52eff38a00966bcd

    SHA1

    64ec067d50c2e149918fce49d87d1713cda70ebf

    SHA256

    940c8884c7e40b8111878de42a198198df7a767d136fd623057d8b024f232600

    SHA512

    1e39ea6d7b30430c1014e31c8b881fe841f4b6ff7e479454bee913a31d7579d7a8c10d6f3897d8b4ff3a88595ed65e143410695e7f32872f0cb0802011eaf50f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad5111fa04deebd52f876c71537a04d4

    SHA1

    06182a003cba7804751a590f6ae6d9f4a15322a9

    SHA256

    b78062ba0f15546e4012ae91ed872b6c9fb312a98ed6a127d0a8ce9dd57d9942

    SHA512

    435d007f4c20f159684bd101acd974c85aff5b9cd8ce46905b63c2a06800288f9394996872b03b5de741690077b85fc5ba47cc08158f03ccff2e5371f6a0efb4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d6fad6b4fa7e73e58b3bcfee94a7d055

    SHA1

    ba34aaed9877183de07188beae7fb5620252ebdc

    SHA256

    81565fe450816d4c1b90071f79638f203da72c4919309c87f62e08c614877064

    SHA512

    1f43fdbc612c964d0b35484ded69fb70217f1199ab307e2f198bfdf020128d1137a0005c60cf0b1e3577cb2dfb5927603e721d570380d68053b3a252b28f1d8e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b823a0e0a38fffb1e08d1c2e2be9b98b

    SHA1

    996e0514d521dabe70ff32cccbe9bbad79bc166b

    SHA256

    b7698991a835d0d6bcab04da1b4550cfe59d69e2635b9f4140658aaa2b2c703e

    SHA512

    cd3e38785f0f1bc0384d06f066fbdde3c2bc3540039a8f605ddb3bbb79a3d6cd6b36481a507edc305c9e9f7b520ac800e9e22e5cb9cf0148da47ac51312d3a49

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a2a4e452a5d3cb155e595f3ff825a9eb

    SHA1

    909a908aa06aa84f72cf4b6cf561410ff8a5c564

    SHA256

    d30b596ce961ff720dbd72aef14460894edea06e16922daf09445a30c14f193d

    SHA512

    6b8c5f1846de1a662387636145dfd9a1137b6d44a07562ccb5544154db48c972a6e7566033b1e37065db8e475832859971e0d1dc91446b09bc3ee30c958b208d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc9c4d92414e40b330a4093b0c6abb95

    SHA1

    b6a8459cdf15ffa7f0c658ceb5dd3cc1338257eb

    SHA256

    246d36052b1992bcb6634d146deeaf98aedf7723974fffd8808191d8beb092e3

    SHA512

    89ddd7b1440d7d68bef29bfcd28e79bb7f0dbde050bc0a13be6fa47832be31772cab1624820b03569c53a3a8ef0d1899370eb0f8379b0340f77f898d6b754d3c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9dedaa8c1f99f130013c01bed513ad4

    SHA1

    6940f8a06625cae2f50e368920a7f56e9691d515

    SHA256

    8446f8a005981657d20fadf97dd979e5cc8a71ee81d2780fe2c5526d7dbd34e1

    SHA512

    305c45dbaed608c579943fff173ae59f2d71061ca887534bffa6ebf931d38514b73c4f03f8a080b11586adcef9abaa078d33d82e4fa8cb0024e75ba3e1207ea8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    35bb0b720a56f22a6cbc1159eccd1fb5

    SHA1

    1dc3f10a23731cee9d31f95c66c5b672ccb516c6

    SHA256

    250ae7d85d238156b1ffa3a52d4ebbe5ea3a2faa43b68597caee2bc7edff357c

    SHA512

    e271a5983e719925cb70cbb351fa6a744e9b9f246c295dd24973868456d49f8711b4a5a9729e17c204c07193d7e75dc3199eac2747aca8a908aff212f3ba0098

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bc88210f2dec96c95284c41597e38efe

    SHA1

    d156df9037901f1a1411dd739d4e8d94e9d65e4b

    SHA256

    7662659fd18813b7bec9d8aa243ed37022b7d067ebbd8e8279df76c8a4fc2d8d

    SHA512

    0fb487f0de504464e7bc88fa8ee936299f2efe5cff530d7d13d7888d09e76d1671997569661fb40cc136b49933a6e9492de8c3fe1709a3c88f9ff4852a9f524c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3579e226021232737f7368457fd858e4

    SHA1

    bbe95fdc3903f4e538d550e8fccdc4860415f54d

    SHA256

    9651e650b49833e23c122967d1b2acc0f745e6a5b59f998071f6c31e2f6dd8bc

    SHA512

    aea559cd739635c9ff820a1e55d7603297a99e5255821a0c6d00c0a40ac15d12ba8d1ccb109231674e07488a680548a78cefd111b65b906a1292b694231f4bb6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1271faf327396f76e8b963f4f43cdec0

    SHA1

    c5607fd1dc65ebe5a98bdc89920f5400fc0ad85e

    SHA256

    a8757aa45cb3a2f5c9d01b377f067f6081ccffd80b004d13083c2c3b754c732b

    SHA512

    4eb1169a1590a93a94e5e1d646d0d7e6ed6068ffaec9bbf622c48ce14773711495e6e09151bf2d8aa0139e12bf0c15a4d5b127592793670088f34093d39c2997

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    19aea7d0562f609851dab249d946ee59

    SHA1

    b7d032e0de1892fd3acf30dc0678af4298c4e975

    SHA256

    a6d3fccdc09567bf02ff7b601e4159c729765844f1a98be55f7ccb66e107c268

    SHA512

    cc035c6da085c2be129966a32ce892bc20d908f70f772fa9cebf85e25f9106f182b32c34fec1b7444f777556ee0d194f65260a5dc94b3c3e4fd46e0d1f04455d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28528364658a3cd88df7e27f7b4cd149

    SHA1

    251736ddc6b769bce79f64be44e90fe50c1cb5ff

    SHA256

    1606f8b93169d5ed5bd79c89a512da84d05ab7ead4889756c954863e4da3bd77

    SHA512

    6ce2846b80c0c9914ddac36dbb67eb00b26cfa63cf165a01483779e399399fd5294be2ee85a9fed692d8ad5f9dfbe58fffd51c29e9d36ade0a947aab915e3711

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab14CB.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar154B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32mgr.exe
    Filesize

    88KB

    MD5

    fe76e62c9c90a4bea8f2c464dc867719

    SHA1

    f0935e8b6c22dea5c6e9d4127f5c10363deba541

    SHA256

    5705c47b229c893f67741480ed5e3bce60597b2bb0dd755fb1f499a23888d7d6

    SHA512

    7d6d5bfb10df493ffea7132807be417b5a283d34a1cd49042390b2b927691fd53ecf8eee459c727844395f34e4230b2cd85b38b7fb7df0a3638b244d0c3f6394

    Download Submit

  • memory/1196-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1196-14-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1196-20-0x000000007744F000-0x0000000077450000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1196-10-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1196-11-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1196-21-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1196-13-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1196-19-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1196-15-0x00000000002D0000-0x00000000002D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1196-16-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1196-17-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1196-18-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2508-8-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2508-1-0x0000000010000000-0x000000001001F000-memory.dmp

    Filesize

    124KB

    Download