Analysis
-
max time kernel
134s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
-
submitted
26-12-2024 19:18
General
-
Target
b2a14bfdfd0f46e9e7db081edee8506d044493cd037b42204e6306844c40aa6d.dll
-
Size
124KB
-
MD5
54d16fc26d5a926760be2631a0466900
-
SHA1
1e0bfdc77774dbee96f38e5eaa48fa0e16219d36
-
SHA256
b2a14bfdfd0f46e9e7db081edee8506d044493cd037b42204e6306844c40aa6d
-
SHA512
5a3ffe7b01f8d8a216e91788acb0a2fed4e80682520bc3701bf52dcea3b14e840e29c3f76c76b507caf8ccc93615f7709fc249f3fd7fa83ac5e3e402b93f22df
-
SSDEEP
3072:Fj6tJY+M7VmKeZ88Dkj7oR2SqwKJXtf5DGyVBQwIY6X4o7:FzcvZNDkYR2SqwK/AyVBQ9RIw
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Drops file in System32 directory 1 IoCs
-
UPX packed file 9 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of UnmapMainImage 1 IoCs
-
Suspicious use of WriteProcessMemory 19 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b2a14bfdfd0f46e9e7db081edee8506d044493cd037b42204e6306844c40aa6d.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b2a14bfdfd0f46e9e7db081edee8506d044493cd037b42204e6306844c40aa6d.dll,#12⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32mgr.exeC:\Windows\SysWOW64\rundll32mgr.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1792 CREDAT:275457 /prefetch:25⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5e4a834a36a4024329a56afa8cf0c0bdc
SHA1bae586e7d46f61a5ea0bc1d9351acdbba64b3d36
SHA256aa3416bd141316291b21f732cd144dd44429378241a0c68197d65857f3c38e16
SHA5121e24dfe27cc0ef98ec8c5f1bb12ab62a230d383a7e50a32d88b4bfe4f01aaf2bd9fe1edbfecad59a1ef2ca15cae46608af0e2204d430d0dac9606fe772506438
-
Filesize
342B
MD57205f637831ca4ce51e9205cadd91316
SHA1be0607f3252b742e63627cb2766316705f89a135
SHA256f270062e4c196c6b9e4e28ad76d860159d9f0a861529d56ad28c036879fd663f
SHA512226e8477e9befa51e4356b60f659850ec5baf9b1a14c3cf48d30ebd7dd7ed1ba7df8ddd1780bac3a268e4ab4dc43a0ac2067832162b1af05ffb3ed8230cea61e
-
Filesize
342B
MD50ccbb2ddd6f97d9d5ff20f669f90747f
SHA1fed9d23c3075acee449aad51528147b71999eba2
SHA256f3a9f5763cf835cb6beb96303e171867a30daf34ca9cf3279bec7f4b3d6b086c
SHA5126d93c259f699e779cb136e5c615df5e2078fc003d7beb49e92793d575ef73b3dff77ebd9ef2af54c261f45f4bf2a31299e4cd070867c1c76970a2d9e226be6c3
-
Filesize
342B
MD596f2b9a396d0cf7b3697c470ad2815ff
SHA1f93f8d1626a903751eed69d3c585c94796ddb706
SHA2564dfd55f59fa3c0bb2d680c4bfcb466da666793e8f8a4ddb49804ce3af40ed8b7
SHA5127d21c39def79de012acb431f3bdbea85a5e2706fef884358ff1087118dd73e19ecd667c822d78e1ada4f5805df1df86609c81e8fe56e0dcab3a009babb4212fd
-
Filesize
342B
MD535595ea3e657cf1ddad1ae03b5baf4a3
SHA106499e7fc8e3b3061db759affa46d570c92f85bd
SHA2568b21547c5fe809ecc0f29e512e770312a27d5e99f1f612d807ab6b18729df71d
SHA5128a677b797e1975d37bba68d0c19db18189573f7621011bfea01b0662e8f13d462ddb1960e1db4b551aca863805f64db7b762530adce83fdd77dce9d562d8c64b
-
Filesize
342B
MD58fbd3b5d1c5fb7c421ab9c1996b39a13
SHA182f8c4ef16675aabb2e47bfc7f244204644e1a09
SHA2568a5f6a177fc385aa17272520c5794961309b7b933f4ae2416dc7869a411fee88
SHA5129ce712dfae02ca9f6ff5eae3e3333dfbdcb5abb42b8a9b6e33d5ce514dbb8b37423f060c3e882692b32fb67a3daaf0ddedb68bc6427d3ab61932c78240b33011
-
Filesize
342B
MD5469d6cc10410d22bf490b36107e75ccb
SHA1dda2bda03398bc56362cfa091bd33725f87d74ed
SHA2567f20ac6c7f4bbe29c76f4009e71969055fa0b5ac114b7f4ff2c06be27d6eb605
SHA51249c6ce4c338718a41ef296efdc42db376dbd55fcf4d291488984c936dfdc77fdbdd6aeb0aae4906e9cfcc3689454f0f92e6e9078661065460eef61cbf90a8c0f
-
Filesize
342B
MD5fc26a29e5bd6ceb4a2b2c76372110fb4
SHA1a596f822fe0fc0e3c85b9bbe18392afc07a3fce6
SHA25613383449916fe1b45292c2a028e08724c737f53a0e691e708f54d99f1ce31394
SHA5120e5df810b82086691e97bad3bb4bce86ba8a1e280a966e7995f07f76d1b9b6ca6fb2412aae0bcebc79e3eccf46921ff6b65b854eeb90158cb91e06c518e00de5
-
Filesize
342B
MD58f61a8a0922de16a39159b8c74ae4d2d
SHA188c83dfd119c7e8d55a496e4d78f1b9ea05b7225
SHA256f75e3896e52650f3d3beab48444535b363c99b35308290f188369c5cd5b8cde2
SHA5122751eab854fc42aaf5689bc624b3dd88432b178260046889fb3848d6d7f7fb4dc30e688121e763fc27798550c23291c3af6538b6ee25fa802d0a9dc2dc938a58
-
Filesize
342B
MD539c395716f84709d8bb987e0d35651a5
SHA13f32d24d7f4650b5dbd7fc967819ebc2d9148b8a
SHA2560d4852290b3258fddc218cf2955c341a8b85f6935ecef382469abd01a8719e05
SHA5124de1b99687bf847c05e9cee5fc7103cc6af5c5daf506d42da9c2a8031d4af5c11f58fccdf4de77454455d7548b6d35c12dd20a93867eae80e44f5aaabd89b121
-
Filesize
342B
MD5482b2078cc872dcf240d90673a89d72f
SHA17a56dcfa0a9e268ddfea0aa124238a71b281d699
SHA256f86d3e50831dbd4e7581900ad13998a7e53c77d706c4a10b8d474623627a3b6c
SHA5124b5684494b618d3a9fd29512e0f59a1b31e5b17d42d334e137d425b3f994e261b8d17bee174d8c88cf517a430a95f901b3bb2abef371b2638987f3021824f701
-
Filesize
342B
MD5efcc5d801e1048d42ca2a83fe584366e
SHA1c7ae895aa1121da229e36b3dd246d2b387124028
SHA25681c5b79c9a975edc02f8beeeb6ef987ceaefd3b009723cb1f9ca70a5a68d71fc
SHA51244b632f39a1b0be10c7ae73f7d1c5b891125a9761bd631ae08bfbdc1e7138993a42c9d396b398dbf1fd595d3cda3b4e7502399cb8b655afe339bd6a43e1af604
-
Filesize
342B
MD5cbd35a08c262bada2c49ef5fa1682943
SHA1c8406865c84133c4b08fe9cbff68a076204a9bf2
SHA256e292d45a2f6bee33cc8cf014f6f8bd62723b2a5b5fd9e47b86a6217560ae3de8
SHA512434aad655b6b8ccc18c7c26d58be9831cd5359d5a45d735539cae577c99ebad95233693eb78f1c687ac870073522048c1395ada948275d34239dce9d612fa443
-
Filesize
342B
MD59900dee4ec40c8580784d1b0b6818950
SHA19630494866a7baa9dc1126d3198d95db7381f19b
SHA256a7ece54b4e1b6885e240388a90f7fa2089f5a94a07a3ab2e6f889ab5eaff3474
SHA512ca500e9a5c99a230a29d6c78851716fa8d9a2549f50da4284a4c39b116de17d7cce60bef0c593b63e8e3e584122b394acfc239f744085ac550b9ee7449be23eb
-
Filesize
342B
MD55156b206db651e19c0718aed456f11c0
SHA198b68db26d48874658a6c03ad1a8c6dd6988ea18
SHA256f1e80b407dc03bb488df282ce0e4d55627a0d4bdb26d61a595c7e5f36f94688f
SHA512514db57560a0b4f758f9a002a75aeddef1883f7c2a152b40d9a598b8236da68f192ae62a15dd098d079c4870ddd60a9c5976c1e1dfdfea77df697f3d60608f26
-
Filesize
342B
MD59225b6c4c4e98e908ea26debdb756137
SHA15e50ea28e21269496c62ddd46485e1178f7d6a80
SHA256f8b5e0ec81f6198f4c8ad08e6f90cc34c73f80855cb7dbcbce4bd006cb6ea4da
SHA512bf2902deb6a5e5d1235825f6672ef4a831edd8ffe2bdfa7f08d8122b711b9dfba8186069743accbf5136aa1ba3a850b8c2af9cb04adbe975787c48b8379b5219
-
Filesize
342B
MD5524996e0fb03caa2a3edcf7484a1a6f7
SHA1630f04a6ca663cfdb482291f9b2698e668b9fce8
SHA256eb4dbe97953199dc28fff47574cc8aac73f187af1c6a7789735caaaa7e24d437
SHA51267ff486730452654a57ed1035b5259ba79c0e2eec53638688f4b5756c2113d76e3da3a9b383acdb1df1d272f81b6945a81083d4b2a1005ff587a2ecf2fe17ef9
-
Filesize
342B
MD55e0037fd8e01c97267d3367121196989
SHA11351fa0327d40f3e7f7618a6e3dbda0e932dbb1d
SHA2569bd498d2d54b83fff72e7a809e719e405f1f8a4db5408c417224835792143d04
SHA512adc6982a8efe8c9a40673799a6ac87fc033201fcc4b88c454071155e57c28c4e7407426342c6ab48ae9f67d3060ae12247e5a3a27b6f65fafc15228c5761b449
-
Filesize
342B
MD5e3c17578ae0518cda61503ba84f78964
SHA1447cb39e49620fc59dc178d48620f49f6c398987
SHA256793a2c1de9f3ade4b8cd95d8450088ecd4301c873c76823c0e1d66dde98253f6
SHA512fa71a3c95461b4c41aac2e414afe7a63d8928d8acd102b47f8f1c6758c0aa67c312b82d955385c76eb5fe79f72c2a842d41af9e95ce636a7278c25421acd7809
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
88KB
MD5fe76e62c9c90a4bea8f2c464dc867719
SHA1f0935e8b6c22dea5c6e9d4127f5c10363deba541
SHA2565705c47b229c893f67741480ed5e3bce60597b2bb0dd755fb1f499a23888d7d6
SHA5127d6d5bfb10df493ffea7132807be417b5a283d34a1cd49042390b2b927691fd53ecf8eee459c727844395f34e4230b2cd85b38b7fb7df0a3638b244d0c3f6394
-
Filesize
8KB
-
Filesize
128KB
-
Filesize
124KB
-
Filesize
104KB
-
Filesize
36KB
-
Filesize
128KB
-
Filesize
104KB
-
Filesize
60KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
4KB
-
Filesize
128KB