Overview

overview

10

Static

static

3

67c11366e5...a5.dll

windows7-x64

10

67c11366e5...a5.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    67s
  • max time network
    68s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2024, 20:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    67c11366e5c766a0a0c982af560bdf3c42b175df952cfd256737dd938e744fa5.dll

  • Size

    100KB

  • MD5

    9f0e079743711361782f891841b73a17

  • SHA1

    9963f7c63bfff17686bc1ec3c0c6c3607e7b2e18

  • SHA256

    67c11366e5c766a0a0c982af560bdf3c42b175df952cfd256737dd938e744fa5

  • SHA512

    fc1412d16d67cac3ed2db6f85d5f49036b62596f1c5d812e28058df238374ba49fe0f96db2b08bca298615f749c6f779e8e0253e1d83f35a83c2f12b8c7779f3

  • SSDEEP

    1536:rNP0+uTEX7OpopI4iWb50WZgePYrEzt0GE/AiSTSDIqGU2Uo:x8+tYopj1N0WZVYrXdgso

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\67c11366e5c766a0a0c982af560bdf3c42b175df952cfd256737dd938e744fa5.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\67c11366e5c766a0a0c982af560bdf3c42b175df952cfd256737dd938e744fa5.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2208
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2912
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:704
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:3056
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2748
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 224
        3⤵
        • Program crash
        PID:536

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c806b000e98f5ab4710e48a5f411e089

          SHA1

          dcde7d7f1015d22b1758a38de3a503bdc731d0ad

          SHA256

          3a81d32f2dff18743873d4d74d4a7363632123fb616bdc08bd9b7b961746754d

          SHA512

          6ec82d1efa1fd318e7c9bda34ce84d418bab2651c8f6548666a2d328c76183dd08cb81886b20e6cc980e179d01928f964631c6435b23b1d7330ddaa7a86e64d6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b892e60d67f2d2d125b650d953311752

          SHA1

          3c692c232436538f031dd19553117ed3b095e22f

          SHA256

          8cca72ceb535340c54d9462ccca16e08664364e05dd61a065ce3f02991489097

          SHA512

          7a7dba7c4049ca3d05abdc57bbd5665667db8b7f620927cc1a179e1cbc3884b1af814ceefa0a25b35f3713bec8e04094f2c8a3f344b72056c2cefe007ce27d86

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          be2d294e43297d4375bb1955a230970f

          SHA1

          906c8851f86ba6c3b2cfad18fe8362e32a6d2840

          SHA256

          76c1784bd8ae057f205abde1b7d0dd37f60ea415ba6a15df81646e282db0a0a5

          SHA512

          3c0da10ff2d8164599947850d9b9f5465231010697b0a14bc3f36af2ecd752e61cf55bd545550ac0a02fc7aad12395004deae0d95a6ba0aa43fd5cefd853299f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          96b418fad9074006eea4528cecaf5af1

          SHA1

          ab7657a80d5599498f560bfbaa77ddff03064b36

          SHA256

          f6c42b5083edd1ee3282ad4fab0d1156b721c057ca9be4b692226aebf8804f02

          SHA512

          a1227c0c684b81d44b1fe77dda24dc879de108507428808d2cbb1a9ca378acba09bd36fc85e20465788ae93ee1e5c8c72f263e26894abfd8f95ed53f9e837725

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bd2236f3176a54f525c19e40b74891e8

          SHA1

          416b657700332fe2fa95945a852a792968e64538

          SHA256

          f532ec8ce77d2cef2d6bc9ca95d3d4c1b66f1984499d28d6b1339bd752731a54

          SHA512

          5af12806cb37587e6ec34ed71eaf436bc7d6b3b26d77136e4ba8def4acdd8fbbe0edb974a365fdce4bde7268205e77a8399be0f179d65e9b539b9abf94903af7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4132fe30568e9047875d7cc216431643

          SHA1

          7c73d3d0ecda2990ca936768fddfee8409f83386

          SHA256

          932440ac45ebf29626e9c1ddbfe2f3b1afc7aefbeb75224ad3b32256bf0158ef

          SHA512

          451d70e630cdb8f67c830a2eebac4915d944c04c0a37b9c0419cea5970279e8ee863e99049a60a727982087a0fc9f889a9b96c81cb85f0090ebfc855400a1e96

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          77a2e8f336402bc98fbdbb25488b880d

          SHA1

          c598558e9741a53cba0bf9e869f32765ba3e9b4b

          SHA256

          bb5dd3dba91710647d3208642b83361731b4eae36fb5dafa34068dd00df60204

          SHA512

          d7442b61aa0c588c7753230bd76fdc3f5a376965cfbd3dfc44063231f25819af04d500ae6e0ae96f0babe10903e2e90636e3771d40b653822f23bb04ea4c2b6b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c7d6e5802c1c28aa6f47e9b38af2301c

          SHA1

          8e8ec6e6b9b33cd9946541cb3dceaca58c9fefd3

          SHA256

          5a5b68563d27c66419e3ddd9523fe387cc81d6cfb74a40acb21e8165ec327f4f

          SHA512

          9cd6bdaf631beae92ae461076e1071b514264c2da15d4a6b82d042761ad88b38a98e7612685d71ca5277796677f46e81d6723676d43c3dbcbb945af4640cd91e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f195d0a0005ce61ccf54e92c3cf7bc6c

          SHA1

          445805278869221bfc61cb36d488649b5ca9bae1

          SHA256

          09b50d6cd2924bdf2016c6a270feafcb12935a0a88d29f805e3fcd0fa5c04efc

          SHA512

          801548209fe84e7671858d20b5ea70e628f274a74926987351041ffad36b6fcbaad721101a3a31f3d5c20fe55d67e7100b762db9ffa6247696e6918e54ed1bc1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4f6caf757cd0b67024ca3d7c4e297cb2

          SHA1

          1d92d8691d689baa460a7f055c09ed55b15f8c0b

          SHA256

          d1ceba3d0f7cdbd5deb556dfb863392e3ba0358f0ac9c01dc035ace7984d040e

          SHA512

          dc1bf9df5c5f4ce716806831861049d61ba5cdd6cf017e060ef5ae5c9d5521a13de8f488b5f97895fecbfa3ccd63cc6a877742b4da25e9ebbac6f208669c2b54

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          389e4f5759f54a3bc037df806c3b75fe

          SHA1

          1f4493a7ffa51a303f901eba9810674411e0eed8

          SHA256

          c5571707950ab054100d18b03f166248c19e6427fa2040b67d871f92095747ec

          SHA512

          004bfe795d02dedbdb6ee1dcb0cdd111c848c45d497c50157c2bd940e59d9caa19378e57463b53252cd9f7b9bbba040b32efd18d7163c2711d8f0c8ae54f0fd0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          0e4e8e28a8234ca9d37de096ef858cea

          SHA1

          650d71b5ed86975b5830f1b53f79257097395ab4

          SHA256

          448a850bf99842d854814f9b6bac3313967f04d262520974cfb9f3a4d5e90814

          SHA512

          6aefe6734eeed7514b333355bd8bc0d61ae8ce658bade5e55688cc7569fd9fd8172d0aa80aea3d4a3b5ea685e0efb0c25390ce722d04a004658236b8d333163d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          fb922670a930421fac9fb6220dc17864

          SHA1

          d51884991f22639abccfa4befea42fd938ceef71

          SHA256

          437e63b414a10e37b2f2c9001fbad163d795737e8da67bc5bd6cc0c894090b52

          SHA512

          6d6014d69f4a1c1a804082af0663a063a455bbe20a55fd1400c9fe41ffba66cbcf8bafaaadd4f4c93043302523823f1f9e8d4f7f4f826ef9be5bd9a77c6efbb3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          644343a325a6a09431a1be288832e2ce

          SHA1

          473e29a5c0892d9825ad41c0de1cf7a53262f786

          SHA256

          9925f2f7a84138441e35c072a1b9efb98322b15f650a216a733f2cf5d8350b60

          SHA512

          c9a4abb11b1034d172ae6cdec318169aa204a9b0adeb10b70e98295384f7189f3aab05d844adf08f1c2abdfef7f4eca501ef09d8b8426dab329131ef151bd089

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          de2698c43f78e46bbac69f1a495b6fd2

          SHA1

          91df18c07df7901eeb92857b5ece3e0b441ab421

          SHA256

          09da9cf25519eabfb5ec3fdff14157a92232cdc5cfb650a046cbb24e126fc28b

          SHA512

          66aafae11f473483631a9359449c0f160dbd235beab6326008a2d17c37430dcdd1b870ae7790139dbe667da21643a9df4c6b30205522b782ba8d967f0a7a81cd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d38418faec1e9ede13f8ed6579eb1a45

          SHA1

          8b85ef66b52f41b8e9ed6d40f23d093cd9f26a94

          SHA256

          75454ed7e5913256c38c86f7359d2ab9902cfcd280b917686a95a9d0c45d27a2

          SHA512

          4e923756dcd199c754aae6cd29d4240e017d9fe845c604f4f437c024ba84a111d7a3d5cb85e566518c2b2415895b6a539c82efec75fbc21c2594fa9b0ab21bea

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          76eb53ae8a27ac084a6bb621f2777cc9

          SHA1

          1e9270084f07f6ae2e7efbb278711ecbbf102429

          SHA256

          f264cceaf5886fe309aa87efd33350de3bb752dffc480550dc27531cc1692bf5

          SHA512

          8ac7d16a66ec3bed8f5c9e582e2d0de442cd6b7593a0ccc9f73a9dc655efb82ace3278a561d9a9f8a11a6523e2a92556a74f6b1cb0a80d7b0b3f7b0fc5bec993

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          0f167a5bc55f75b7496cf706fb1b27c6

          SHA1

          09ecf99abe84d85842b3b712cd3ff2012e96e871

          SHA256

          038a077cf3a01ad685a2a69a64550678be78bf6f6346446a13e9bf40bcfc760b

          SHA512

          05da1a6458afb07c49afd365cb6b85de89ff79525040a3a90721f8d21ddfeaf178d834f68298e9c871aa63d5e6b7a26696c619411e9532e005e2fff96fdc8fc0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          44b229d5d60eb62873fcc8b5e3bd750e

          SHA1

          448ffe516487711acfb6c65d241857532e40ab3f

          SHA256

          ef7ac8e601d06d240e4f9911ea7497f2400fc470c71ad0c2c49d3bc7a26a4210

          SHA512

          8c5ba19d9d093595fcda6a8797f3d6748b5b1cf4f85b73cc483862da7316dd0088b503760bb3682eb073cec244595d197b99dec2ef5c776440f5f9f5a7c5c8ba

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabE7F2.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarE8C0.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • C:\Windows\SysWOW64\rundll32Srv.exe
          Filesize

          59KB

          MD5

          54960c2df820f374ee1216a88a5750cd

          SHA1

          625417a11188c591c20837d0acea1f993f33e01a

          SHA256

          fd45f7c47b029a6f0a94ddd71135fe817f90ce7a231ce329ca47b648292b6cbc

          SHA512

          bbc05eb7872f4f7c3343f47bbda890b28ea6a51dc413fcc959ca515894ad3fdbbd893c4c0959acd1f8eaf479209e98d4641d318890758b7ebe7349c4c3757836

          Download Submit

        • memory/704-24-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/704-26-0x00000000003C0000-0x00000000003C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/704-25-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/704-28-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/2208-1-0x0000000010000000-0x0000000010019000-memory.dmp

          Filesize

          100KB

          Download

        • memory/2208-8-0x0000000000180000-0x000000000019F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/2208-27-0x0000000010000000-0x0000000010019000-memory.dmp

          Filesize

          100KB

          Download

        • memory/2912-15-0x00000000003B0000-0x00000000003BA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2912-10-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/2912-20-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

          Download