Overview

overview

10

Static

static

3

66a45620e0...dN.dll

windows7-x64

10

66a45620e0...dN.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08-01-2025 07:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66a45620e0124f0ff63992820db44b491d6e2c3a885f0976ea8092e75c25e9ddN.dll

  • Size

    240KB

  • MD5

    7620c02bdd9c233ba9452d7c07e7bcc0

  • SHA1

    88f465a540c202fbd0b3561b5fa56ac85d5a2407

  • SHA256

    66a45620e0124f0ff63992820db44b491d6e2c3a885f0976ea8092e75c25e9dd

  • SHA512

    445875571d89f9688ab85aa5966e1d559b48ed5e062c66892d906e558f20a1c037a666107a6be3c93c2f9ef62f2a89a03b257f168645fdf07faedc80ad340793

  • SSDEEP

    3072:zNm5KCdK5ribuwfF1Kn2qHVSNEJLtWuCIXWZdz2t6e9532seOn4QrlA05TaUjqt0:Zm5KsKZU7f8VwNQ09IGZdhivYUaneD

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\66a45620e0124f0ff63992820db44b491d6e2c3a885f0976ea8092e75c25e9ddN.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1796
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\66a45620e0124f0ff63992820db44b491d6e2c3a885f0976ea8092e75c25e9ddN.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2052
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1976
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2472
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2492
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2492 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2304
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 248
        3⤵
        • Program crash
        PID:2280

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    deb68b87abb9b7b56e7e78c4535a722c

    SHA1

    ae0235f9c05475aa5864535bfedd30e485a8d3cc

    SHA256

    6e0171d1de386af7dafa5632cb2f04093a60e461e260ac8754e13887f1f8af5f

    SHA512

    580520e2b5e7ff1bc0a7846503d601d4b01bb927159f63f2da8b75ff1670907044d3bc1eef9408e950202ea68e509f82e0969215e46c991901dff628a158969c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a84d9fc202bc1c580cd1a3745381a33

    SHA1

    2a51d902ec143f9a9e42e608b1863204d83fd4a3

    SHA256

    73d6e2a40aefa04d012044e16a06efb31ae7e50ba415bbf4bce608fc604fe1e8

    SHA512

    47a06bf6dc3a106475300356f3a58e8b5161443323cc957e6486583a92f180018888248dff0cd58a56cb8e5c0ea7110811fd6441678cf5eddb6f9fe164676865

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    96936f74d17cae846e9ae8e3ee53421a

    SHA1

    2ac0c80d6519a21a32201892c138d7d80e497500

    SHA256

    9877fcfc7590cbe30f8478f7584b38409d731a0dac6658cf664595c5056cb4a1

    SHA512

    ce57bdc6d884aabef3a5b95051b9fcfbc4debe40d4c4ec99893a1b3f69b26979b842444c6fffe202be7e1e1b0b1137577aed5d7631abd628b91bd88bdce0c087

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b68543f7319f0091365caf832edd75ef

    SHA1

    b8d044880ed02e434846190989bc73bf24dde999

    SHA256

    166e79813af8c5fd691d615e597a817fbf73ccb8cd1888e003e01716dbf4eb92

    SHA512

    90212ab207cfdcc49602f4f8ccd049c173614a916bcf16acd703e481bc5ca2ed48e138f7e81931d1d6a3894066980cba7c28e19655a02e9c0c9399b0ea71eeaa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ae68ab4e877fc644c2538e37d5fd27a4

    SHA1

    80d8b10badf8398f202e07be2c30032c5eb11ee6

    SHA256

    10303ddc60dfcdcb5dd9c98d8e84d887a2cb5fa4053893e46b24424cd81bdeb2

    SHA512

    22319f83e1f6f4c56c1ced48a3cdefc144314cf37e07a877812b50400e67c6499210a13d35880e85b3a099dcc4ff61d84b61d706710cb8937b5741a8c21a063c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b63ede3ed61f5f2d92222836c656699

    SHA1

    51f8c8b104c5c2a0ef6c741b86067a06baa71f51

    SHA256

    1ad41e94e85193ef94835cfa2fdeb3aa2cbf53f96f337ea1efe97711b449ad29

    SHA512

    bda88f484d7c5443cf64a53c8eb2c2a11e537564f6962549bd03fe61f188d115094522e6de7c7cbd63ef81ab1a2c9f8916729596be83387c897df592e79949f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d50a927aab6ad5d635f6b4a1f5928f9e

    SHA1

    ef43aacb1522897ab721f79eb5ff13da5b77411a

    SHA256

    11706e8f0e75983b441c3e515a189d532f67b4501b87129874813d67a49e079f

    SHA512

    1d755f87b1d56c90baa5326bcc8e6b4db19e8223f3857e23b032285c3a9e7897ac213d4e910c2850bcda01d1173b1cdd6572d87c9098d643d6093c22a171c4f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    efa705dd70e85a4bedd1d1a6067729c0

    SHA1

    14ec8e56c3babe072739866b89aab563a46a9268

    SHA256

    1083ba0dd357049f7824ca0048e7e330a5bc73ac0cc2bae12167e1e1f9171287

    SHA512

    d559ec2c0f17970e71bd087ad84e8803e892667b7722700543f606bc5423c95da8a0e0d6fd6a5b834cc394fc5cb87ed92ea0e69833c63eaa941cf22c81f45c64

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    639fb5e7350a0dc3dfecb7578c7951e8

    SHA1

    cba7fefc32ac5591918a10a0530328ea4fc70bc2

    SHA256

    6c4eeb3f694d3e3877d2ec5124e83082ca9321205318152ec88d051883370dd3

    SHA512

    d23f2dd353f3887f87944cb990bce344396212462c20b28fd8e915b84b2c4942479a4c2064d6f2b681a4d6276b44403105c7f00c9ebb90e87aa08669bdab20ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    800180c257ed538183a8d9765062a563

    SHA1

    22f8c2816b9ec69ffe1a006f4d383c89aeaa0fc6

    SHA256

    a0c09e69c2db7b157e1f4a76ff596fd8f9c0ac9037d8781d140387f9c7f357bb

    SHA512

    048192ea359019e943329af22f3b1604d195cfefc5174c0acc3d37f38bc24925334de051ee1ba878d2bd818f2e71e8ceec7a4ca416b60b3472b451486eccc219

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b7b3b9ef811cff884577012ebe18d10

    SHA1

    9b9e9a6e3be03d995f893584bf6769a29e6db146

    SHA256

    a5999c6ccd7340ce0452020e04c542b2b5e4a35f7a101bf39db3a874553699fa

    SHA512

    fe0be119c32ed49d0e197bd5c1f09af0fd67f074ea66268aa71389bcf7dcec8557bb354fced6de7ce051c71519700f96b7f134427b3edc26e3116f1ec9e97b1d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    739a1054febf17122b18e365e352f8b8

    SHA1

    f36fc72a3f2440174d804789df8d422d00e20902

    SHA256

    7f0e92077ed6d2dc5cffcf31f89bb8f14f87ff1453f9ca75c8e116d60eb6f4e5

    SHA512

    0f3052369b0b27cf338e038c0852227ca4f6de8f779feb05dfb644d011b43a963f73650c384b7f572cb9d5f1bbf0e98e5a0edcdc05c9110785174715a1ab628e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4daa6046cdb9fd6eb5bd319cdb4aad75

    SHA1

    34dd82b1d75c07a0d044acca63fbd74169ff6cd2

    SHA256

    76c9674b1bb7e7521f48ede97f8b817dd33a8953619ff3b19121365083b59f24

    SHA512

    89911c92f8b8b1375f17ad7b4c414d4d143aeda5ea0223564f54232641b92666c6e34309573eb5e58961a59688cf625dd5f04b376cbaf13af12d94bac5ed74dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    262ff64cbdb19427762d3fa88b094099

    SHA1

    48d157b0ea25405a266a91c1b8e424c059d3c255

    SHA256

    32d414f8c222df4f77861564748ecf8f2b96654c900d171d6738e552ee93b5c7

    SHA512

    5ccec4f97e2121d91c1d27cdd490261cb8e4929f2d837e952c756fbd7867cfce73ed27b6693ec489c0e77d453d9e33c353aa5e43ec70bd162bf1d8a9604ecc69

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    32d355f93c0f98ec643fab31e2e5921f

    SHA1

    17f1f919ba573a915c45319a8a438425c3bd29cb

    SHA256

    d8db59c35928554fed2f2cd2f15a64c01503d856169777c85e75793ef63ce2cc

    SHA512

    ed7d18b26e98a927e6781ed67dc786181093255eacc3552880f7a175328eef33cde9318336bbbaf001972d83ebb3898823c3a9d3154a9d23c02a43c907068254

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ab5ff6e92a3fe1d35191606748e98099

    SHA1

    8e27ee18d12e38cc137557d607aca776da7b8db8

    SHA256

    8ed41c124cb1270acd748b1955d059852b462eec90167ffec5e44bce90194134

    SHA512

    6898cd18c3ea98f2d562af94b80d8c1a37b40bd702f971bfcef6de8c48e74883ff9d8a47b26ff1c9a27920c98b876807c5ce45b7e6be97812b40510276abe225

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1fbddcdb95fc89d98193b980d6be35d2

    SHA1

    56e1eaa3e7119aa318873b5ef9d610cdd81f0b03

    SHA256

    73c6f33cfd8a7d6d91a14d7f874a8c38feb745d7d525aec582bbfe46024c418a

    SHA512

    a8c462e3596863c038e3e8563844f7a9dc55350fdd186b83ef557e9a768087e001ad3d6ac8f8c76f9777b8dcfec37872a25347c958ea020a7fe43b57f664aba5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ba044e39ed84161ef845d8de4d38bd5

    SHA1

    73f0376fbb8556088ee2941bd3d6968cb1b7dc12

    SHA256

    c702909ba1c468b80fc552d02a8bf518c2543590a9f7f2802fbbb048935f6ea7

    SHA512

    f00b0a83025ffaa8aa12fc38788bd658c989a35677ee6e79503515bc4ceb44706df06dfab855ef26af6fbd9f5aee17d17401f759fb8414f17090e8db4b6a724e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4e243932b1123bd6e774ebb0e2eb94c2

    SHA1

    b67dff5aab65f25da346418324381bab4e83a7c5

    SHA256

    e27737b8a67a0b248ce35c26507798143f6f6a129f2a6c13af40e33856ce17ec

    SHA512

    d78e026ea8584e78658f6c567addf68dacc1945ce3c8caa4db79cff3cdad77cc2c864dc772f07c168155e3513ec088f1243c435e016c63c855ba17a0b12af14d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE17A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE1DD.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1976-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1976-16-0x0000000000240000-0x000000000026E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1976-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1976-11-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2052-7-0x00000000006C0000-0x00000000006EE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2052-2-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2052-1-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2052-6-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2472-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2472-24-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2472-23-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2472-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download