Overview

overview

10

Static

static

3

1bc62e0f85...bd.dll

windows7-x64

10

1bc62e0f85...bd.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    137s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    02-01-2025 09:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1bc62e0f8596d2a7062e4a133ee614700420abfd1963f345bb00efc4d48402bd.dll

  • Size

    1.6MB

  • MD5

    7ea754bf0ff4157e816924af2ba96c02

  • SHA1

    5c51e882982d9e68c3483c94be986e1306662f44

  • SHA256

    1bc62e0f8596d2a7062e4a133ee614700420abfd1963f345bb00efc4d48402bd

  • SHA512

    755c530841e153bba3d67369862955cf6bd8892b3db6c91ed2ee19a5534030740c81c7262edeef7d21f4b396380b45e47665b4c4349eeb685524fa669db66b5b

  • SSDEEP

    24576:L8vc0VJnXtBcaW+KpPrCnp6ZlR1NKOCfBNVlKfyiMp/WewR+YBi4Zy:qc0VJj4jKCD1Noz1p/aZy

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bc62e0f8596d2a7062e4a133ee614700420abfd1963f345bb00efc4d48402bd.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2564
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bc62e0f8596d2a7062e4a133ee614700420abfd1963f345bb00efc4d48402bd.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1636
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2348
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2976
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2136
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2136 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2452

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    361f56eaddcca9fade9388cf26cc76d3

    SHA1

    c19c6dfa91f5357e31d295631e696a01f6d54bcb

    SHA256

    d480f56dbebd7ba050e02114ec7b8bbe673f62c31cbc7eecfbf4aaa50fb9db32

    SHA512

    ee688acc9adaf69c913e1c7acc8dc94d807d348d5477f6cfb1faec5e67efab75fd6b16bb59f77dc5ce3d06ea6e86f6d0596ce0d25dc74cd018384737277befec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c9245d8ec9b6fa58896a62ce4b5ec15

    SHA1

    427f3466a2fc52d7cd58ad5010b1225d24ac5376

    SHA256

    83a9a2645dd5318c3600e6a670cda4e61364934d8b6d641170e2b15085ebf402

    SHA512

    b81f7e7db75b626054498f6b82c13e703ff5a9ca11063de116046a6fe43b22e9bc5b547f55b42bb9194c33988d86b4fba3c774db45d8a4f68bf8f20a66cad0aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3db430ab45a5edb290c192329c088a51

    SHA1

    fca31c0a0a334e6d1f13638180925b38cd8247bf

    SHA256

    6537320c7a863915a032d99fbc57bd2208b9d585f9130735f96242ee7b75010a

    SHA512

    3501bb80075894873e900dadb79757d7d1c78e30a54b38a4c63d9aed95061a280fc9aea09a9130a9ad83aaf47de77e96b4cb505404cc73a6dd9f5e0dea80c781

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8fb30ccadd309097469e89b2dd18e728

    SHA1

    fd00de8401b3c7ac9ece87b738de24e6a58a0bb0

    SHA256

    71bdfacad7d60c20ad0aad82c618ac72ed6f5d7f6314bf201c3212660cb0a1de

    SHA512

    878ee9a6ffe6892da21ae8531790899c3418534fa7b66a72bd52cf60d189107a6015728a5a622a660ea5a481c21cdb93331d704803b128cd88775a5287d07734

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9cfce991147a45783ea599cb9e8fec2

    SHA1

    655cc7555e5b288104e68f9d7c3a93ce3a7fce8f

    SHA256

    b8a8f16233dce3afeb560350a5c5d6cf4ded4a0b32e42443c94865316bac79ca

    SHA512

    cf48527f3a36c356be54431565b50970c22bdb76cb73275869b59a09a7fbbd540d4ef68e1cf062659d21020dcdb5f87cc89dbb2f983db7e8880d1b8fb14ad246

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a0791d3f3038b95511e6054b5ddafaea

    SHA1

    140193d94959f9f9fb82ce91b4808cd48b769404

    SHA256

    dc9a148b232497bfbf6ee93bd0d00ac2b709596447ab74cb8900180f91bfce9a

    SHA512

    429f0ebb07799e9814a435940330befaa1414b865fc2468148c747c4fe1a40e1e88074d1b5a427c1faaab717f80e3613f50c798efc5c7540de6adc057eac94f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c92bbadee65442c76dee87dca943da14

    SHA1

    2361126d7781c1c993a6e9bd027d47e1f989437e

    SHA256

    49c68a8834ec71c7de8bafe67cd6674fc725e36a85d7ba1aba4b9834be98a9f3

    SHA512

    79d18726b0bd389417b266e0175e9ce3d08febed304456dd99dfe9bee6281fe76bdb77c7a280f039fc526743b787ab6d441dfb90e7bf0aaa59aadfd875119e95

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f73153d3fdf5778fe5fcf1d9af204f4b

    SHA1

    d43a53cb84cbe4405505bf4649544e15d63f63aa

    SHA256

    9c33bc1cc5d489f9a4838c4617e41df5305633a5f887d09805bc9071cf1483a2

    SHA512

    c1e263afc85a498d7c14cbc0ec158ec5e069fb918b90c16a122d701d80421ca5aa27059bc3432c08d1033513655fca89a9e960b16e8d8a6291944205bc1193a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7fbbd83367cdeeb2f1f66b84ba9efbee

    SHA1

    4799403b585a9a5db9c581b0bfc2e26425b9dcb3

    SHA256

    b5a12a551e0dcddf91304d503db7e51e3cbe3a927c405fee730b96d4bdb0a411

    SHA512

    a440a839fe8cdca015aed308b0b93b82e8617ebd6b2bbc41492bec2ca955215b99386074406e2d4224619a57dc5c515bbd233cf05062c2646befcacaa64d3c29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c3bb0e9d5acfee8b4b4c803c8fb0f8ff

    SHA1

    9b29c8b88b06242774045eb026c44ebe03b83815

    SHA256

    bc258a70d6447a71f82b0cb42a205d476f2d0f63c263bae786f4c7a664c97648

    SHA512

    bd4235602670224c0630e0e3f140151b9c07a4e8f5fd1937277e2aa7af3cad0088ef2806ab4e839cf59da90423b3a6dd0b556a25abc1d749c7e721a2ae5c71a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b3a4b9190ab1768705e1bf30c500923

    SHA1

    c7c60e3928386deb0e831b208c6e4993a3abe938

    SHA256

    b37699c296f0188d61df5d2057ac91dec81c4a1f5c8007bda02fed424e253dac

    SHA512

    2664cd7666329612cb00bc724e00e0c428dd4783123f67f635243ca00aadd5921b8256b1d9ab8f7920158237443c34038c89358d8348bc6b153ebe888d1f1fff

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE1D9.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE2E6.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1636-1-0x0000000010000000-0x000000001019D000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-6-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1636-5-0x0000000010000000-0x000000001019D000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-0-0x0000000010000000-0x000000001019D000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2348-11-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2348-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2348-16-0x0000000000240000-0x000000000026E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2348-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2976-23-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2976-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2976-21-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download