Overview

overview

10

Static

static

3

9a63ac2530...ab.dll

windows7-x64

10

9a63ac2530...ab.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04-01-2025 09:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9a63ac2530d3fe297a07fd55fbc215778dffe617945d69fd8693460f9be2c0ab.dll

  • Size

    1.6MB

  • MD5

    2257256255ca13e2622b85d4f880d334

  • SHA1

    b3bc6ca7294f9e0c5f5a518cf42344d26071d441

  • SHA256

    9a63ac2530d3fe297a07fd55fbc215778dffe617945d69fd8693460f9be2c0ab

  • SHA512

    12f877f19a980b284e60e2b1a8bb85a383d129d53aa2da4cf93110a16baecad0bd53c66d75008b6aebd1acb099bd92a0481d83d23b0be64040128333c469153c

  • SSDEEP

    24576:m8v7VUmXIyC1m+KpPLS5lpHN9DMa4NfICXucJp/YDwR+YBUrPqa4R:f72mHxzwPwvBp/GPqa4R

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a63ac2530d3fe297a07fd55fbc215778dffe617945d69fd8693460f9be2c0ab.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a63ac2530d3fe297a07fd55fbc215778dffe617945d69fd8693460f9be2c0ab.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1792
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2072
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2488
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2128
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56af4825b0762b321b351a4a1f736936

    SHA1

    6874812927e5f4c837c429cb47cec637ead8e80d

    SHA256

    377f73ff8237bb4c56f06ede622098eaa1b060c3ecf08b665803c6c9d8a08a9c

    SHA512

    c32daea08867af9e083aae7746362947a554ee14478634c108919cb9d6ad969fa43a899d3def214523c7a9991b8d0123d16596846d14e6c3816c7786d1f5bafe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5a509de6bedf23c27e36f19bd9ca322

    SHA1

    8876cc67973647791d1189c75ddcda6bbdfea704

    SHA256

    ea7cd384e0d4fdedc5abccb77a02b6b02d9a4b510044fab5a35de753c8eb8a2b

    SHA512

    184cb6cbbc33914d08c30175457ba5399d8f96a7a18663fb1daad54b5ba52cd6acccdf7135dcb7d7ffda2ffb353131a3a2283569954102902cd60f7fcdd4edda

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    14038769a9ced6b85a8a95cedcf947e9

    SHA1

    ce3bd6a2c03e3115b91b287119ef8e0b74eea4eb

    SHA256

    fd36fad8830b38e7c8bf6ea74a71d1f73c8e7894e027029371feef0ecdc3b304

    SHA512

    b778d7c89e2e12632290e34f506708fc961d8318a5c8aaa0729bd02be1232ee3699d15e5d1e160e894279b3f0450546e0260575c1cd25639f0d512f97d325e01

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8cfb2d01510679d478eecabdbdf2bcda

    SHA1

    3ba25c8e0582e8cef58fb248b22f2ea9fba8336f

    SHA256

    c75d0ae3921008aa1b89c8f1ef5c6705dea91e1faf7aa6aba2a1d7f3f72c8866

    SHA512

    0636e2e3ec317c3e8f4db2433a38215680878ded3a9200193bf56262c7a0c86b865da13c1682dbd137f4d22433dfe6a69a98477131b64050f03e2a64674f7047

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9baad0e7b462aa1f4ac373e10f3d1913

    SHA1

    b0d3797b26a5d1888ad4b53651411c1f7c986f71

    SHA256

    4001a8c185c20aaad96b2f2d6da0478d1a0907945e922d1233d04011691cce33

    SHA512

    7f33fcf6bc20c8b252549731c9d9627d5f5e0505f8cc31b72e8dbdf659fb3256d56301869c7be8f3b39d329141527e8e47b9019c0cdf7d0efa2e56be7cd83c3a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92f644b7e881aca61fc01db90abe43ff

    SHA1

    8e5167ccbe0e3586a7207ee8d82ebe7fcf6ed252

    SHA256

    f8f1488f74b000dd3752df0beff36781b1c79ef27a51e3e47b5faf4f401abe43

    SHA512

    d6e6c49fb571b3fa6a870caa5847ea258c52a6d2c173b3ed37f8736627258f5f305cde79ceea0c86bccd829afbeaf4e256c9e2ef3c6e477fda0441d36d1e9c48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cecb9d4988eb6e30643e8f67ccc0b90d

    SHA1

    9c270dec673c4cc104694b4cd88acd9da1c627fc

    SHA256

    ca91a8feea9ff3c76415a510f84312a98b8964ef55f8e196a57e6948b66b4005

    SHA512

    3ad92bf74901528bbd4dbea00ac72e6fc0697fe176f567ca9dd9a6eb09e299eb48d944aa7117d6c4107f30f6cf80455cece06d884b2b95387e4edb01a2ddd112

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d7c9824fa9e6f66938eaeb5369ca9742

    SHA1

    fbcfc05c40612e17a45de119243777644bcbcfd8

    SHA256

    7decd78306dd956679169326b519c75edff4bb48cd37c1344b230e5abccd7c19

    SHA512

    063bda772a9c65ba1ead9e4629d01ae6de098ec1e2da9dd96b987234c14fd3bbe783b6659d237a45f976109a28f8d88fe23b22f96d24e8e7fb5ac00228c53793

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28f80b4b06359365c296a6f30c72a740

    SHA1

    e2e30f2468d559e91eac72a14319ac160da2a354

    SHA256

    c14a8ebc54471e2eecc342e96c0045fdd488610f3754268ca85ee888e6654f86

    SHA512

    34404ae0bdeb9d6d5fc8b8153e1c5027850d9469bf8a5d6b6e56603962469a9b3b0dcd7186f1925b4fb174767ff5cd7ae3065fb637c250f887bf5ddba2f10466

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b2f3d1a77092e20c391bb70b608c765

    SHA1

    7826b73dcc82d0fda6c85afe731fb724d0ae854b

    SHA256

    63eb12ee8ffd83cac9e9cc47da7e0846f9e8706645434e09d18371f0392e8517

    SHA512

    ead6842b3d46e9f0e4dff5ac8fa6ec80ca2b56259202f8c41462d4ab4d3a524004966d8b6c4d78d9f5b9d53469b9b7e485abb7771ef78410c4089ba0c94bf91b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    691821450333bb704009140b7a024f5b

    SHA1

    c886e059ee236583c23f230adcc5610b72fe0694

    SHA256

    ffabe7fb012a97de6cbf806efa8866e05a16558f89b8ac361478e0e4d5f2bf47

    SHA512

    c2a0a2ec04cf636b0b32997dda67b441c8ebdfe5e8199fb5e01fe0b1452df1a826c33dfa0cb6a47dca62a5ecff88ac462f29c9c03946a23853e47121903f7d07

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    79c581afa92b36e914afcde35550fc55

    SHA1

    3b6e21db87dfafe398d3ba73467ab75b7eac2aac

    SHA256

    60bd92a697a1c14f4dea8ef45b3f8fbd28c6b9f2ff5eb52865ce760734554917

    SHA512

    e8dd0fb49f57fd7f15664486dbc16c28917060ce2831f95ec7c95b3af42b55a9067c56d6bf7177cd30096d38b2924fe22b7b87cbc03be280786adaaa2e720795

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f56a46f1829ede2ea992a29308fed8c3

    SHA1

    be5c069bc525355597719dbc14a0edf21fd424c9

    SHA256

    6993a17a6cdec39619e51af4b53d74440ae0ed87b374873abbc28a1ca631e829

    SHA512

    78d8c1ef11d72f0df67617ced6ae2f4c7e1e849d19b4b075f5f97b32c69e732b592c97453e56c1d2fa772fd543f28789d70df6440cd29316d9b18dd1a8854307

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2fed45f250009fda227932240cbbc80f

    SHA1

    542944a479c1c3455f657d8ad604044e52d497b3

    SHA256

    c36b8eb289cd881b13b3bb1ecdec4c117495ececf9beee2aedc4d8f31168633b

    SHA512

    df30100186ba9fe35e98c0342f11773f293c9224a956ba344a4b34726e9877a6d90b4e65ca571244c80662553ce450dc3da13369a56a83c94be705a698e1f46c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43ddbdb34c4cc902d36f495a30027bed

    SHA1

    d9191defbc7b094f260009990b4b27d87388d2cd

    SHA256

    becc52c860a62db0ccca2d1707faf3256fedeb04e3c6301b6bd592e301292b27

    SHA512

    afbe37aa98f80069e27827bd3c08c96da8b5598cb9bc035f9b5451b436f3fd2257e945677f89553af38c43675f0d024c1b44920665f268697c3c46420f2a5480

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3265b42d4e821db054a364e4fe4c3ba2

    SHA1

    313f6c95fddec99745912ad394dfeb26e45387a9

    SHA256

    dcf9e97232f23255e31c3eb13e2fb85064d996bd7ddcabede01a67ee290e1732

    SHA512

    63af58f967f0bd3fc36c8168e8127b558715064a2bb7d4ee84c1492e04c08ee22337dac16951e682847b092a5476ba78a631336362b680ffc1e1107f87e1881c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b7d15574bbee85018b01bc4dc1d253e9

    SHA1

    bb287d5a3b475ee32cb8eb772dbdd46a3baaeef4

    SHA256

    b14db99fa2d42db91997d1b3c258bd22bc2abbeb529b8138e76fb7e24c54c0f5

    SHA512

    df2c00cdb88c899b2097ccc8bb18c544559d798b3314a22b4c08427219fce6efb8487f78b77d1be2ed1967646272572d0c0aab90a88d0a6315ad1b9dcce52c13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    93ef88270dc31e42751f480f92f7a97e

    SHA1

    eb94b89ec74c35d177c105d03e89cfc32f8759d8

    SHA256

    4f2eb3814b506153997bdadb370ecac58c050600f298d314bce12668e7c57f72

    SHA512

    64d874de44f3d8083e37b204a6ed7d729cf151c16de52d3a4234f9f6716bafab5c94fac1bfd3313dc85fe669ed17f793e59030d590c0c5a89d585195907325ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f0643aa95037d2b51e4a686cb93dace1

    SHA1

    f152608bfd6d75a6ce8634d345c82f29574a26aa

    SHA256

    fb60e56f8a4aa290d3b30a68102e8707babb6535ff729f3f01263f09d7ac1d00

    SHA512

    18799ae78ac95b4401a2a22dedd6793624ff0c1ce6d7614d7bfd4b14d38276422729c7bd4fa17fa0f107b06b2a0e1fe35abafcde75f8ab1a5b78f55d09978b02

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE311.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE372.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1792-8-0x0000000010000000-0x000000001019D000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1792-1-0x0000000010000000-0x000000001019D000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2072-14-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2488-16-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2488-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download