Overview

overview

10

Static

static

3

1f45c7420b...d3.dll

windows7-x64

10

1f45c7420b...d3.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    134s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2024 20:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f45c7420bb7c1cf677722307e3254185c29d670e0094be2fb67f49e0eca1ad3.dll

  • Size

    1.1MB

  • MD5

    4feea9c3aa36dcfc5d3f1fe8bf7bd120

  • SHA1

    bc0457d5b8b4360bc9b6ebdebe1024b54f7a7f16

  • SHA256

    1f45c7420bb7c1cf677722307e3254185c29d670e0094be2fb67f49e0eca1ad3

  • SHA512

    640f0481c2bd4a2b035e079529db919d94af49fa78ed86645731ddbc545c3997f761e89d6b067d876717b0fb997a174313d873f21ed74c0f556438983d458864

  • SSDEEP

    1536:3Q2vgQVn1Wt6h2x6fpM+qn9JPJ5C87Y3peXa8frNbj:3zvgYn1Jc6fpO9dC87YQXaQN

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1f45c7420bb7c1cf677722307e3254185c29d670e0094be2fb67f49e0eca1ad3.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2128
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\1f45c7420bb7c1cf677722307e3254185c29d670e0094be2fb67f49e0eca1ad3.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2336
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2064
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2412
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2364
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2364 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c12273388e7baea7c4aacc5decc3ce0

    SHA1

    e48252258a4a7cb5331f4dc054e6bce2a7ebffa3

    SHA256

    64e0c02a0b8c7190c073043a1ee872e4a182017c80c4f197aa1f80496f4c03b8

    SHA512

    88b77ae4a81e8bcef17dc4934c5067b2172cd210f587793ac69b29be45bc279e7ce15389757ce9f45f7e97d41ff48aa91a804ca91f27931ae35b8ed7c1705b59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    abc41cc795d453b760f152d9c79f3320

    SHA1

    92a74a2c2cb97c16995745b5052c78d09c897f9f

    SHA256

    ccc1d30a38461ebe7ce448d3379989685f92f163b9cbc7301d3e9532a6944381

    SHA512

    8073928ac740c5844fc3b74733fd3751401c10db7c347c90a2ee05ae5f6a959dddfedffe2749685efecfa1219b33a95b47f8d29ebc89a9753865ee287c657733

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b24daed1c261c5246295f897534df856

    SHA1

    a3248cd69f3de3a53ab6134beaf28b341276b35a

    SHA256

    522cd78893d6be3a3d7fe8f6329b2a69dde127267e39f8be2797e6564d627316

    SHA512

    046b66b5fd34c92d9e12057218f424b7f5c3475496caac0eec490bef40c7c77e0e8817f4e63b4b1600f00de57182c57b1e466672aec53caac178638d092f7eea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    74f2541f8422f9b648d9731e57216f52

    SHA1

    bec612ece4abcf77499fdd9cea8efd41f688cc71

    SHA256

    b41beb5f20a7a0f44bb04385fa5bb0a35d64fcbe8155484ad8f24e9c0b9c3c11

    SHA512

    c406239e2d7068951589074df287c292f2c8eeaaf4f56ae3e119c014dcf7dc09bfbfccc6ff0097cf3e58fdd8825a05c2bd9e61cedc776639b18de9a024cabaac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    64cfafffaca8234ec78c0eb8e7c9e1c8

    SHA1

    7bc8c84a678c146d4eef6e8d7ef7d43fe91e9159

    SHA256

    c38ce7bf41704bf9af65f5b34d4e76f88d570b9ee61ee99b92bd39a193348cf4

    SHA512

    dedfe7d77a80bfe2f8a84a60192d2278b345d495c94c17e90b2f651785f1918ef0bdcccc5cf49df7302d09040be7bb653bafa1fdbfa125720cd6da213759174b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ead2eb735d30cf0cf12db133793dc3e

    SHA1

    c055fda82076b9802dd962d6cd10cf6d630a3697

    SHA256

    2fcff8e4dbfdfdd23601735f7dcea93f413cec6e3ee016f419d6a3065e669b81

    SHA512

    859fba87f2cea8187d85f421d23e39439174edf8b02b180f74ddb8eede9dad6da6c1614b53e80c268d07db4f0dd157e5c0e85521e82acfb302ccff5e8454f6e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e1489a51dc14b39991498328cba7110b

    SHA1

    e9bdbbd6d028800b180540c0363501000e7bbc08

    SHA256

    73a472b9c5b91e57774b09ef8a23fc7b1babe376053d22c565e476d9e5e421a4

    SHA512

    8261693b813d18e132030bd4c071cb4e5fac2b3d9b2029211b7415604ffe8ecd28e52e940c4247551504a6fc47b5b93e9971dcc93f394278eb74f05f4b80ceb4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    578dc64e7f6e5d2f0e72622707b3a4e4

    SHA1

    0834266db3cb021283c956d053c428699d4bcdf4

    SHA256

    342b06126459c1356093ab56f6116fbfb4e188fa2b59f90ecaa44ed84f02bf9d

    SHA512

    febb14cdbc18a9165e7c6bb7ab18cb8aa09cedd31aaf5aeba7229a0de55999343eea8c1089e6fae9ba4683356100e1e58d044783e99874162c0f358d79984d2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dcb9771077b1dfd8f433ba931e168da8

    SHA1

    537962cb47e656064cc4a91a68fe41910a2e6a72

    SHA256

    4ddef24225eddd7ae856c1b4cde189664e9a6d0216e7f6b635a8201d1e9353a3

    SHA512

    5196bf70c5184e7b738927121d0659baa499196b70b72852dd09017074592bd49ab3101cdbaa832c36f3f4eaab837453932f0907ff69d340343a307ba76cfcc6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4784a4815bf9ec6895eb7f2a792f62af

    SHA1

    3229615f5daf818b6c4aeca8f514e7cf0115748f

    SHA256

    98342762561ddf5c80bddf58a59080aeea4c1e40c9b896dab76e993618ab3101

    SHA512

    49fc9f355520da806c25187237aaba884b9496ed462f84c97e13d6f1200aeb5064619ee24bbc0add4908344f0527a52da1624c7299a36a6ba9e8d7b825f6a91c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    897c88e7aa34ec85057ac340fb6f069f

    SHA1

    b0354eea374e72931d82d35704506c763ae8523b

    SHA256

    7590b27acfae048aac9c07d60fdbdeeaaab642cebcf7db91b8c09e162b2a6be0

    SHA512

    32b0925f0429326427f667608ce506b5ffd00c91719d9b92a1849aa8860b7bf94c4b7544a51c2104af73b254ed80834029b38a2e9660b52bc58bc3cf995e5fb9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c47cd8e6485b3dfae47f5bd5769ded88

    SHA1

    5ba433fa9c872de856fe2d8ed9abe1a4233aaa67

    SHA256

    e0a3f8aaac5004edffd8f0a66bc75b80b666ef4400d3aad9f89f6bfba670682e

    SHA512

    1f396644bc60a035c618d9b5247d70a31173d670b1f4699914fc436c2877f795f0b984bcaf25088ad3055075b96772b03e9ebec5d410cef8a0353a0d45df6e61

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06710ef9dd619bf190ff81751eeb3939

    SHA1

    4cab4e90d1447058bb031544c412b06f793563b7

    SHA256

    9b3a605a1cb7983736765e0ad2053dadc05f21792a81718acfb35cf07aca88ec

    SHA512

    ba50b35ed492dff1f62e5c01157cc9802d151c44e81fac9fa991bce0354fc504636fe30e2ff52c29969bbc20d8d741392168a1a1f4f8b953b4f13ea8be67c9b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be26d156b870472052318592f450f3f3

    SHA1

    3f0d276dafc9c974d3ef239f27e514b6e61f7cc8

    SHA256

    61daccb0d29b6aafd22526d3e400c712dc8b9c930ad3ffcac1f5db1f5e0139d1

    SHA512

    5eace1182aae1b62a66e82ce18e88fb6a8d43e5c696ebf3acb9b0cde62d113f153f099e5e1358ae72373c98b72c514fcc5756a7270d6fef44788f07b911484e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eb62a1160258a4a66b6d15a93fbcb3fc

    SHA1

    e91342093e38a60fe4a7434345cbf630510a3d6e

    SHA256

    f7888fdaad858d48afe2f13de27b90e56c73d402a4da76792c7381a066da355c

    SHA512

    f4ad9f6e11b3126bbe5f9aeff14abef3ae512abbef93dda588999c46bf918a3206bd6c3681814d620ff6d89814c40e6b572b06253cbdc8e39ebffcf9e319c693

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0ea32060e32cb74590406091925aecbf

    SHA1

    350209d65fb39019a74784a24657e547c9b318dc

    SHA256

    6268270deac450c7e542ef75b120ec8091ae9c8e7fd42891e523afe74d1240e6

    SHA512

    5c362fcf960dd0191a9440f59e670a600e8b76b26e4910ad896de876a5193a4c88a21062bbbd18080d1af5ae2c64b209874ba13b6874304e7d511301cb92b866

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de9013b9b3491235fb9a8c807968329a

    SHA1

    761a283e0b473ce6e96e4e55d579c51142efc214

    SHA256

    80d56a666d51ddca7961dc77e8513733eca052fcfb087ccbee33ffb3f35304ee

    SHA512

    268a75a4731d352fc496216b80589d6104f4c67e02e36f4253186ee27d60d7524db24e6d36f8aa612d90da14fb54c1d4dc0564048d7b132f6fb58833515c4e65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    567949948519d308e1aa9363072ad5f8

    SHA1

    daa67bc0a3de2e3167857961c49d07c886243b1e

    SHA256

    7f2d48452ab996433846015839e905b0eefafbac9cda34c48abe1cc58c5c8832

    SHA512

    be3c1a38269ffa171d6f9bb8fec95baed254ec18526f51cf66c3de83e5de410aa3479834a5747546458661cb97bb65951d2a82372678d868961ad6bbd37833c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb6bcc29947ebcad936f1632799eadf5

    SHA1

    791b612280e16cf35a6aac5c9c01f4f5d9d03e20

    SHA256

    50874aeb88dc8aa1fe8674264f4ba593a6fd8e3467e3740d62948a5202f5f8ec

    SHA512

    3ea718ae0d1de6367cc88d93e5e887a78c17132cff8457d1a00af6f2486e48211e6ae6ccec6319f8cea08d33905ff362b9199e41f68eb3054ffd65dac0361f1f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF806.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF8E6.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2064-16-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2064-6-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2064-7-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2064-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2336-5-0x0000000000120000-0x000000000014E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2412-19-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2412-17-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2412-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download