Overview

overview

10

Static

static

3

50b947c064...3c.dll

windows7-x64

10

50b947c064...3c.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08-01-2025 02:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    50b947c06432f14813da7c2d7135efeb5a0dcc03263930322a803e8ccf02e23c.dll

  • Size

    847KB

  • MD5

    7054b33ff435a263265dd141568b5f31

  • SHA1

    8b7393fdac942dac81131d39105b17b36caac152

  • SHA256

    50b947c06432f14813da7c2d7135efeb5a0dcc03263930322a803e8ccf02e23c

  • SHA512

    81abf3d4c43f7541df38be271b6340a5a596509ee97beac943cb95050162ebb1ee8f6c1b902ea364a69de040eca3bc18886eef7ad9989492819d9c73058760b4

  • SSDEEP

    12288:x2aqaPt3XB387UAJRDolkb+BAlBrQtF1SRlx9hwvtOV0ZW:x2aqet/AJRDolkb+mvctF1qlx7w1W

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\50b947c06432f14813da7c2d7135efeb5a0dcc03263930322a803e8ccf02e23c.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2312
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\50b947c06432f14813da7c2d7135efeb5a0dcc03263930322a803e8ccf02e23c.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2332
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1896
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2440
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2256
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2256 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2796
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 220
        3⤵
        • Program crash
        PID:2944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3e4713f30d4add2de79d1cfe5dff87b1

    SHA1

    1fe3409f27d2e0ba3e9eb5bfd7446ae16c8fcfe7

    SHA256

    a7173658cfa28e5424ac7cebcf98ab13ad16e6045c29e79aaecd2c497701f4f5

    SHA512

    b095abe0cffc44dd5a4cf41459e98dc6eb30f907e44afa4e0504d2a402c1084610305e0fceebc6c7260133835104836499fc7effc7558935f88e2801cdbd5b5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95c639f8f84bbd80000b1ca2a6b5d479

    SHA1

    3248b8df233f5f5c7fd4bc6d2e22f00b505b82df

    SHA256

    54ac91d226dcc460b2c5347629bb34d9fe99612f4106318d95a64e3a73181d25

    SHA512

    b1b712ba1edd8f76d9cb340c91a96bf372e9b12a558101dbd5ee3a93d9cb0e5d87ab245616bd37f66c6d937d5000353526e1744c87870344b7f71a3d6f378c40

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a922b2c8a3bc5235308c47acf617e14

    SHA1

    81a93ebfc8c2354a499064aa2f09da7250ebe13c

    SHA256

    d3ac3890639bfb069f5a9650b8c7b32953cf2d581ada63409b77a63576711bd7

    SHA512

    869581d8311435538c70c76b787d4c4cbc02409ddb985a49939c341aef59f4f8191bb25a617b1b4bb07ba8d635d9c13841bc04e0763832a28831e62edfac772e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45dc8c3242dc7d6158699b7fc8d9fb2c

    SHA1

    bca7de5cc99082f891f188d4ecd679033064a4d0

    SHA256

    9f82ea7d923d5adea20c64db01e34d204b0821be2f17b9e8ec8452f598f9efe2

    SHA512

    d26d82497b47f755338dcfe32a5ce4d19eac89e246937c6509eff5cc75a07b3c3dba1a37afd1c9ecbdc0e5f5bc85fe1b85eee77f59d61f514a9c566928109a38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    41b62b91984e727adde6dfbe4fa4370c

    SHA1

    9d9fe326347f642f6610d8100bc60fabe942f3c5

    SHA256

    d2fc152266fe314752e44648e8270c168b982bba7fc2133207a470adebe13358

    SHA512

    1ada27fe680a0395e86a1f1b73b0613fa9173bba8c1480b3ff04f7ae51a99cb65c8418d5101aff251a4ddfa39dff5bc77a937088d5195d80f1bd454f7106bf05

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    784ffa1b0b2b31f12dd9ec6e54c2fe2c

    SHA1

    ba156328168733f80ce851d76917e8fde3ec2753

    SHA256

    7ea81f0c729cf313a7fc56df0d43b1dfc7cd28003dcc0e420e8b9f77594098ed

    SHA512

    3a82b73f51645429934fa0b04f7fb54dc2c9cdfcc6f0ee858f5f1c0627c6f21aec1c4016dbc64d835a2c7ea0d081627072b45e6da915c199fc69de84fd7f7743

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    52e1234fefb3c90c9a3cfcc0d77db088

    SHA1

    6b7c4cc4a9c70369e099e9a154e9e1778c62338e

    SHA256

    2f795860decdf7718c6abc0d58f774be847112e857df6f49857f82c99d93fad6

    SHA512

    3d0223e816a831477df6705f58a2051dcdab87df8841b5c335a46c8f05c0cb570c1d921f6413c038d33685b2945c79f1b3474e26978136196abe65243685541d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5806b5ba694ba9ae498c944168e8e371

    SHA1

    d6d71608efe4842f90ec6d5a365d1b33f435c95e

    SHA256

    845dd1fdb1a2029881ad46319af67e84c5403903fd90eb122697cd5275663274

    SHA512

    1776801196ef54ae814a9f8e7f9f9a3e2f02c27881c1d5ce931343e2312ca201230e2b0010719f228714032d3f4b7a0264640bdb3c954b8f26f2aa3ed568928c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    23e9a3ecd44a24f2b22e0b452a938340

    SHA1

    ca08f564892b37cfa1af98c63a0d22d712d09e0e

    SHA256

    6cc22280a08b9de36819c4e92584b0ac8d3d0b3c14ef28fa289115a1e3f0412b

    SHA512

    f1cdf3006567902f6a8d218d78f93fe680601b2451fe27325632d12cc5253df615a4920ee3f10a8385f4828def22ee11cdde614a43b89cfd8cef734a5e8dae7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b551a525d49e8ff98a94a1ea86c5d8eb

    SHA1

    e00f8a11d0cf87b590345a49ee0c19b91eb5cdf9

    SHA256

    8fa1387e813c08b748209f55220a9a14d40dbcb2789c7dbf111a1aa5104b8038

    SHA512

    22ba45202f062db51d3db9e1bb20b69594d3a12105457b2d14c8e02b85af5a51cb90598bf90f13180542f898657d952050fe55c06b04ad8d2455e7f42f739c18

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    837763cf023c99e57deab96eee61f6bc

    SHA1

    37da203bf04ac550dc9d7ea0f18366b624901978

    SHA256

    11452219f0d0a614d263d0342fd6e459633195819e840b303ed9709bc0484802

    SHA512

    4b9dfee6c1438ae33dc9414c1ef58c0fee4ba0c2e29f14657f1ddddcde1719d7ccb79ceac4e84b6665421a92593e8d034a026f7eea445d2e327ff5bbb45023f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ebcc50252f416e93729e371b198889ae

    SHA1

    f335fa8c183207a2614b6e81af0041ba22adf1a6

    SHA256

    49ae7492939be70faa66df297f9a00e8917f14c451671f5a4e489cc7dbf6d496

    SHA512

    24f412afedf7fc46166ef5649c72065e371e55a602d4e1306f730065983c6684694e61ae719b410e681689174ea504bbd59aa7c49fb5265b85f2f48e68cbe689

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a0639e9e5844c1bea5578f0117f43a7

    SHA1

    2c3bbde649cebd5883033cbbd9471641d457f7da

    SHA256

    31d995f7df621f0728f63dafdf887ac41f4b3293e406d03c20cfd9172ab5cbdf

    SHA512

    3d02fc62056cfa9c38b56dfa0be6a5c05ed01f0b6b9a1a1fca1f05e6008e706061cccd0f7d4ba87b786fd8cb52ab0f37bd92ed5cbedf71367ccd8c6cf7490bd8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c4d9d95d6c114d5706ef1590cf5e21a

    SHA1

    98e3e3e0bb61570b1ee58ab1f8060c5ae89fcf61

    SHA256

    41247351749e9c1b9e025a4c9a8fc52d05c6a08b664787959e1bf97f1299625b

    SHA512

    c49d1076418ac27b3b1f0ac95eeaf74546bea6f3b34a63053b6f22597c7bd8deb02203b6224cd5e7fdbc3ce03a5ecb33106d7c5255a466a08e3376dfa84648f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f0af9d4bb3adbf64788e43f091519cd4

    SHA1

    ccdaee8e06cae95396444dc214356d4b7b2b3c43

    SHA256

    5c3d701e134ec20d2fc01a5adc91b17fe80498f143324b566b13f355656ad235

    SHA512

    576b285a9580034932a53e416cdedd5ae72582fb07f5fafbe4c9ef3ed4d3f671f90d7a64bd5ce4645ae8ad3300135ac9a1ab287bee39430cf66a4528e745be8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    221f54d91eb2af698d2cb85fef5c4a67

    SHA1

    e4a4aaa9f50bdbf1288e59ea5c29d37de2d774b1

    SHA256

    c20975acf701dfc3de11a6967cb8914ea49bea2e2a3399c1f7bcab3343ff6e07

    SHA512

    24a22161e4cb969d96a291c8b8c79fd98c1429eaf2b53b92a3109683c7ab1a5c02512db32369a1efd0ddb5e21a758a72e86419570a22f94978d6174387877a9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a54c186fbe7e2a4a61a5048a967d3ed6

    SHA1

    7495ebafffff0b341d230cd4ba21e7ce06fc66a1

    SHA256

    972f661832ccd079fbc9ec06b7d6634d80d4431a756e5c6bf8ebfd170ff9ece3

    SHA512

    c39e50ed2933fbf4e4a04ef91dd5f799c9c8005129c27438b18e11e9102ebe60eb7dc507a907b76116128798278f9eeb576c3b1a5f4e3b64720355def9035661

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1fec7ac015f7346e7e402cbee27090bb

    SHA1

    8abf59abb5721d30c7036cdddd183d3a06646bc2

    SHA256

    bd4405be3e46f31ea5f8b17d4c86908d866845607b2b338c78bf7d9bf7800df2

    SHA512

    40844adccc07e825221b3c3f56e4bc121e0e71dbb17f0de8a54edbe7082d449c6a06262bb0d6949bd19f723d6bf8684520dd4c2e8043ddd96ca5838123f4fb68

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ae6b09ec337fcd147e4f1fdf9d2c8683

    SHA1

    d796029eb63878098c3f8af5f22de526ac5b41b4

    SHA256

    60b2bf850ccd77b41dd30f31b215e94082ac745796a2b3629963fa8120e3ebbb

    SHA512

    4b46e5d439a57af693b6152f3ac935f8447fd392e768c0cd0870de58db5e138956395679a5503f36c1fa8021867fc9a8cb98563e6f8abb5b473753f9de2aa653

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFD46.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFDA6.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1896-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2332-9-0x0000000074730000-0x000000007480A000-memory.dmp

    Filesize

    872KB

    Download

  • memory/2332-6-0x0000000074740000-0x000000007481A000-memory.dmp

    Filesize

    872KB

    Download

  • memory/2332-13-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2332-4-0x0000000074820000-0x00000000748FA000-memory.dmp

    Filesize

    872KB

    Download

  • memory/2440-17-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2440-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2440-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2440-20-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download