Overview

overview

10

Static

static

3

ab2688822a...eN.dll

windows7-x64

10

ab2688822a...eN.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    67s
  • max time network
    67s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08-01-2025 23:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab2688822ac9f78489d4e05a4c1e34ff63a918ce94673cf2c01010586e66555eN.dll

  • Size

    847KB

  • MD5

    368421d6e2e5267eb91f3976b1308d30

  • SHA1

    7d5123036a037a69042d5b2324a8b463e3cd4794

  • SHA256

    ab2688822ac9f78489d4e05a4c1e34ff63a918ce94673cf2c01010586e66555e

  • SHA512

    2486bbe2c3c0cd71448bda6e1ea3516577d6a15133c9ad78c8ced2c9a3a6cec682888ac99db0de3e99b05261b8d6b2a647ec8fe81db0cf7c8761a4e795f24d42

  • SSDEEP

    12288:x2aqaPt3XB387UAJRDolkb+BAlBrQtF1SRlx9hwvtOV0Z:x2aqet/AJRDolkb+mvctF1qlx7w1

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ab2688822ac9f78489d4e05a4c1e34ff63a918ce94673cf2c01010586e66555eN.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ab2688822ac9f78489d4e05a4c1e34ff63a918ce94673cf2c01010586e66555eN.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1736
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1964
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2312
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2896
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2896 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2820
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 220
        3⤵
        • Program crash
        PID:2164

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6892d6f463427472dc15daa1acbd40dc

    SHA1

    c7407e20a95ad4694aa67a1548e9f495546285af

    SHA256

    cef0426806baa14fbd0202e60189eed2a7f5ca7e6a190c936bd83cd403ba5d96

    SHA512

    ea0c957d11022a64d39727dbb994a9f9f713705eed4f9643f002e5b8f6e7ed9de9554ec7664d36a5bd2fa4efc5d3f9e0072aa8111b104471135adbd3beb04b4f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    259b3763c51786b0d9e949b2a4217d4e

    SHA1

    0742a6ab754eff1b877a02572f92dbd222643fa5

    SHA256

    5036ae517de8a829c4910b038187fd1d272895800933557697594861053b8e1b

    SHA512

    13ffbfb69ebfc4b8842f14bc2c95507824495aab9770e6a2578145fe2f0ceea6e8fcb7a8d9e8d2359bb9d6983b6888f01b643d797b6306a1d4258ac5aae42fb9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    146a66908365016bc7707aa4cfefcda3

    SHA1

    25692cd31d3e3091ac7d47855ee1e31ce73d57b5

    SHA256

    3ff0f31acb144ef88fdc08026318244cd431f537540d7195e91b2fcdb3970e23

    SHA512

    4e24cd7a120df3176043b211d12f1dd58503c1baa26a399c94611d84f844ba722440f4e64eebc3c3373b29f6869b6acedccd68517867376d2155f88984ca0364

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    69edca6e57c563f663e3ffdf09b72646

    SHA1

    b90ca17ea9816d79472c9a237f9baac9a591c919

    SHA256

    b5c3db5ea4910a97fdd3cda8e1af0ca0f95e315207414e5071e8d78abdd68560

    SHA512

    4c088f0afcc8be66163aa8de36c7ad70f9fb2a1621ccb159a0b3e1c6c89817b0fa1370a9e1792121ac1f015a2d44a061840ff1336acc6aefae9d22975f398179

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    17cffd6202ac018ef74bf5c7080cf817

    SHA1

    66ce5cc1ef6c73dfbe81ad964106809ef2907e6f

    SHA256

    d983120e10911bda89602615ee72553f0ac0563c183929f278ea6dc55b53c40d

    SHA512

    da9706c2380b4d9f0b7ebb9cba7221d4a82a7198c7a32fc84937a8aaed2ac08ebd96a9fc30674867f8e2ec78f3bf5a24856318fff70676300564c60065b19a30

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eeecb3629ccac677704e93eec0613abc

    SHA1

    95df05aaf62ffa3a98424b7b09db67327ad6bc68

    SHA256

    5ff4c6493e6e54d36178e3df9410e81bba93a984ac863c4c482d1579c2263f6e

    SHA512

    382436a5255dfde7488b5a866f5101fe581de4a6a42fcd48b1c70ed60b77394889eebd6bd9a375c85bbef674c7e35a0754852bd8e46dd2e55820a3688a87ad84

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    192d48df40558fcceb43b755f906c1f1

    SHA1

    7a943a83403960edae254e649894363ec7f9c964

    SHA256

    caedecb4ab6f948af5b6193f9686249b87a160100f963cc67e585d6dd51c757d

    SHA512

    73dd69775292914036f3fc17c39954dc15b4cc641de8264e2e58b6133a98ea840f08dc841780895b723378538a3a8c961b41a28ab3e1b64289025938cbdc6c42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ea0c68b20b0d12f01cea139a8e731c7

    SHA1

    50bd6b92b50ec6e4fe8c21d8a74edd7abe2237f2

    SHA256

    bdf05529f5bbb421500422e4b68985444d2e29963c0bae9ff036eac726718906

    SHA512

    6dbab265db6f8a816d6b182c27ba8e3b873ba51b4114137522fbb06077738950fd6d19b28d5e66bef5252c1b8df88facd9bc5ca622984b6af0b76b622387d1e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4bb0c48b3fec52d8ad9f6c3eb10bfd88

    SHA1

    fb9bc298703007b9f577b96ecba2a19960bfb71d

    SHA256

    9dbf334924e419a6e618f439333f812e807aa7a4e1c8985fbad96a0211c93cb2

    SHA512

    b25e3f0ad936363dcd5fde02fa42f97c337477a93674dd659f79f49d8252f630982d8c2db99a0dee01d0f8b9a41da8ce16908af84e14e0a8c83781e74b287199

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b88b032bdfee0ab1d44dc03d08a19b7e

    SHA1

    e664c87503c31b6bc1319520940c0b21a513154f

    SHA256

    fc9d0fc3c7bf31a3501022da55cae0a8fb200122f91cdce385f9633253580458

    SHA512

    4ebbf81f47f590fda5b683b66be422eb2eb5a9de5311675680e17aebc17e6336f12b2eab248edb87fa7e81871cc17f05b476888bf6eb80b9f3e6c8f5681256b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e2cb1b2dba0fb583eb974f7a056f39fa

    SHA1

    bd8a471abca5374740db5548982910e3ad967fef

    SHA256

    6f2aea78d2ae34663ddd4c176dc2388259e1f0f206b9b1e912e472306c9c2f14

    SHA512

    b14d97a366fa198660909c72852640707d3f4e0fb776b4a4802e15ba07c2a8718197fbd82bd3bc8c2f4e08b669a803de343d05d0e201918bfe026239a7954a4a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    975b7f74f80f2ee6a6f1e8c60df338e9

    SHA1

    7f9699e89d12c6aa8d7ac31d4e9f336a646bb164

    SHA256

    511192c6039bcff7747eac7fdac6af6519d2963f0b1269f17e2d444be585c6e7

    SHA512

    64a1f3e8d9aab9b695b0d695a315f4c84a72021e396803670983f484f33284d836bdec9ac8c34c6cf1f4649dd9109fba2a6190b488beef28a3f93752435054ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    007e64d2d0f0c45265f390cc24e623d1

    SHA1

    86edc864e7a641262c7b26e626abe0df4a7df150

    SHA256

    ed77faa506314c87ef24f1870fab33ac1f6632cc22fd2a5a2d34f1906cd8addb

    SHA512

    34d79ce2a18d79a53112873ef9f5fcc228686a57193a830a4206565a3b63ec2518bab11b0ae4ecbd2c88064f6da30d2cfbb41365eae737cfc9ecbe73fe3cc99e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b455d74eb54f0b4e690d2a087c405d9

    SHA1

    3e063123c6f73f56e26bff14d74a73dfbfa0d3b4

    SHA256

    c7fbec661d4dc6dbcd97c495a186fe5821d356e740bd8a395a62ee6a57529129

    SHA512

    979043c963ee601b63eec845f2124cdb5d96eb402d963262b7612e45989c109dbcd7fc6423881fa8f8b919424e4716ef4dfe452af34e4ac70dcc254549e9e008

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabBCDC.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarBD3D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1736-7-0x0000000074810000-0x00000000748EA000-memory.dmp

    Filesize

    872KB

    Download

  • memory/1736-13-0x0000000074710000-0x00000000747EA000-memory.dmp

    Filesize

    872KB

    Download

  • memory/1736-20-0x0000000000260000-0x000000000028E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1964-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2312-15-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2312-17-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2312-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download