Overview

overview

10

Static

static

3

a224cd7924...fN.dll

windows7-x64

10

a224cd7924...fN.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    08-01-2025 07:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a224cd79246632714506ada8f152159a23777b488ab9a7d7b74aa1b59f9ae6cfN.dll

  • Size

    138KB

  • MD5

    11fe3cb2c529008b29308a07399ab5d0

  • SHA1

    b10c46e81aac8ad3dc39692b18adb18278536694

  • SHA256

    a224cd79246632714506ada8f152159a23777b488ab9a7d7b74aa1b59f9ae6cf

  • SHA512

    605a0636fda06539d11b9f5791d856add18a0135976c6fd5078b0cd9aca734f703c5bc2e484b933fa100eabd619ce5d98cf534b8373d56ea0cd629c9a2cad09b

  • SSDEEP

    1536:L++3Wn8xwbTmTdfl/d+rDWHXLZ0rRcynv0lEwiCIREos/5UyMG/42lc/ft06dmol:6v8dH77ZWRci7PCIRHshUjGncd0OzSO

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a224cd79246632714506ada8f152159a23777b488ab9a7d7b74aa1b59f9ae6cfN.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\a224cd79246632714506ada8f152159a23777b488ab9a7d7b74aa1b59f9ae6cfN.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:824
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2124
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2628
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2260
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2260 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2cf5ea4210a439cb2e4c55b644ef2743

    SHA1

    b33c50fbbca8174c003183a3dadc10af3cc9eb2c

    SHA256

    e7ad093f74abc79dc43d15113de2e11eb65b297b16836b83740cca9a9006aaf7

    SHA512

    d39a65258c64d205052afdc164cc5256fc90aa0c2cbbc583574c95887b6c922ee9f551f92e589c5692bdf5984c0bb505f2ce06f8c67e2fe1eb190c4c53d9f3fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b9d497e74a4f4f722855d7496dd4817

    SHA1

    e5da0ec27311577e3b70025e67e1aec454fe1179

    SHA256

    37723e680d83c6e66854e2ba603eb9232bd7c8a31de300accb7bec3bee21dd36

    SHA512

    d308da8f4d0c359bc9840d5d1ce2a93945ea6bf29ec760cffd5fdbeae056783d172e2b7b006604da89d66e8dc1fd6013cddeba2f8a2addf6b11adbe12b4b563a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c573c53efd4604e084fc39420ac46225

    SHA1

    619d1cb5abccbd061f68f1fa511e770c10106fda

    SHA256

    99edf1a3fef2654f6fc3f9a0bd1621fb71797fd0fed9e493cbc98c665ea21c0d

    SHA512

    57836980d4a31e463cfe61e529d63796aecaf53af51ac8942bc40f47170db373f697b09d2952f07febe761c9946413776161de8fe9ba483ce73771b34c545750

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    642d25f8bb0684db3693835203ee57c3

    SHA1

    7f9cd6d83f480a51489c368de153c4e7561da650

    SHA256

    af66c29afd3ded2f38556b6dff97e6f16aa8cb222ee4744bc1281aa27bd9089f

    SHA512

    c20869c9498ad7d572f6a8cdb6d6ff46e1763c78967e46ba4abee1229db1cc92f805be886bab31d409d55a7b3e099fe51a773255ac663edaa0a4462e6313bd05

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    57120138350928a5b1aa04f797b06b17

    SHA1

    a7cd2155679a046849443c755b77279de5eabbf6

    SHA256

    92ce13768a0258206677aad309b85566ca30ef101e0f947d5a9b8a438ddbdd00

    SHA512

    958c834ebcd4283ddba40a47d355ee2d27349f802f29a8111a46bbe820d4e5197915adcbbb462be6ff4f3b2dfe0eff6fcee3305ec1cafdba202133e0bf6b12c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d7c131d72c95ccbc80841348d464e7df

    SHA1

    ab7ef31f9cbc48518a0eed8f837b62abf72e0691

    SHA256

    635710bca298c6d6f7dc64fd39efeca14d8afcbc4535d3d823ee9cf0abb5c312

    SHA512

    176e6f4620dfe15626744423032b064af2d8e08a54a2dd4752df5b0d07c198484c9e95f0e86f30ab2763ae1a4803cba690ac6475886fa47800ebb28e1fd37a31

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b458716e085443b4f3cc3dcb1c09b9c

    SHA1

    5e0e905712f812c38869e09aebdc79f3693481ca

    SHA256

    016ce7ec72aa23f2df7d2cafc2b67f0d3860ee6050830f5276d5643b9249e6ac

    SHA512

    fc17784eb7c785e1492aac2516089d273dbae4aa554a9612030641a527d616517bf330cc89d44eea2d0f1dca5ae47928b1c01ee882fdd7d786429feb51440a5c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    266405309307beabdbda35b5ff98f826

    SHA1

    c2a61cfff2c8d878da74bd5b79e55b20ca24a91a

    SHA256

    c1c07439423e76a4316f9d6db6df45e757676cdad1c2a85731a99970602cd9e2

    SHA512

    80c9d3ec2d891e127f6385ebe7b6991b53a5a15df998715cef98c1c7900c2d910a9ec00d4f653e9d7f5ce0637e589d4a4487e53b418b21712835a10fac2e2e11

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    01c41b398918221c220536ceb84e9e0a

    SHA1

    16b0102ce8b3cf1237e4c2415bfbcdda951e6018

    SHA256

    0a0d8ecbe9d0f00495ec9b0efdd30f0ac3c8b934953945f4e4d798d3fe434e42

    SHA512

    18ea6d3e031691bdc496acaac60121685a6607b1e81b22d1e1b3bc4222005258ad9fdd69934ac4c19b29a3adb90d2f700b8aa1799c1e239187f841747ee3c723

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a5293683b97ec5a08d91ee6648324a3

    SHA1

    c937f12c112425df9133cc985b8a13c0e56bca2b

    SHA256

    fa612c5e36ad098250d60ca091227b7eb6b5718edd5c4698b2a9e6d855b63f23

    SHA512

    eeee5f28b49534bc99f4b871446aa62a799edebcf784e93e76535515e8f2a0e96519c53f9194eaa03fec0d6e66fd09af29d5ed111f16b54ccd5c8b416b6802ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    850b6d17ad443685f19ba7b25804d21b

    SHA1

    800c0300270519df3628d339bad4f974353a08c0

    SHA256

    b6aabd9c96df0fb1f7bd411097530cba8d69056ea3ba0153c805361814d11aa3

    SHA512

    bba07f9bbc15e5d8ae0b79033df24094f01a9c3c3e3753606355aa0326db4761f7b9a31a73df6e7f6ec39cc9b691cb02a26dcee425784397b4f8fb6844b2adc9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5cde00363a68252dada54b720d2e9c91

    SHA1

    082f0d2ac0ef1b7132ed99606d3db382c91b300c

    SHA256

    3756a54579051b011d8b945f35d914fe94ccb0c80d0c3f6548633412b5ffca66

    SHA512

    f7ffb933b650a1368bc08e9cde0df7fdc431b467ea150ab6a21670a0d3a4c8b4d896c822084e67cf3aa5e2deebe38e7ccace0d7938f43ea18cfe511cfe1c76d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63d390ca5d6bbdb7c21572cc5c30641f

    SHA1

    89f717381960330a982f35812449f957ee5d73dc

    SHA256

    f0d79a6a20cd9da0e7183744388ab32622a736c7dd69cd6aafca93a173c7a153

    SHA512

    610d88eae54dd69ce858a454adc88e6f2cf4a84c961a30916c1280d4fa9be4719bcb6471c40c4d0818c7841c93492ab44d5960364ba02737b9823f316af7f7b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    13c2cb6c8628de0f774ed51f1143e53d

    SHA1

    421eeec1d23cb3751398d066992578192aa83ed9

    SHA256

    929461f601f3215837113dec974ea53501040c8ca7dcce4496b05cc2aad5d930

    SHA512

    9829fb85e726ad699e8aa00c8de2e60802ce8d0eedc629b261a559ecfce5d5ad4a9e0608f257e4353f7e5a0340c7241d20df36b872e15cb04afa60017edc9c85

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f8355a24a2513c292028e67ce52e1e7f

    SHA1

    f64e4a012e2d4bd6a4c3e5f5de44c6377aa3a308

    SHA256

    e6a5691ff6182752919c9d13fc39720d6aeafd2113d4d83071e96f108d5cb659

    SHA512

    537c40037b78c1e08b507fa88f3038e3bd01b48c55a0d408c7c4ea11c87fb53d82d4b37623a9f6614d5b3d710d0f173f7d73857e0bd07079f633613c2572c0fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    78a0295d427b356473a8dab6a0afdf1e

    SHA1

    dd366e9d313413a88b7a9f7033d1558289ab6db0

    SHA256

    d2c3862225d689f2ebc75b0546dbe80e8446488ba0f0fc1df5b80d9c385a17c1

    SHA512

    b6d2f28ce5fd1998b5c28060f89fe2d1159f5edf11766e2746f5d05e0e06a19f044dd83ef12963a708273204cb5ffee535676cd69fa469319dd61f529fb024db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    41b569b296886e44d6a5424ef95b3ce7

    SHA1

    4d340c5c70ba04f9239c123f7c4e7b1491b4042a

    SHA256

    c49db334b4a37f0982f64617eef3f9e077ae61897d9f64d7e8741a5ef1499c85

    SHA512

    30ce05744f330d80563c82906a150f5228642ba50ccf02150c6e0fe8f386910cd5b14a51dc9a2ea06b8b85c703532be1624fce6c6b5ec17c354491f2ce03489b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    313043e914a3c555770c00abb2baad05

    SHA1

    b3769b705de54423e3688ecc7cc8aef81e9599f6

    SHA256

    32ca4fbdb38e779a1267250bfc5c03661fcace041cd40e0ee85c9e5762ba8246

    SHA512

    1d0d8f816287457de326e736985f8dac56eb68939bfff70043ea93bd1797ce634a9426b8745686e2c40b1f54c9074e0fcec633679e33a9dbf6778abfc6ebd405

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ad53301828ac3954a7fa3ab8fb77425

    SHA1

    f328625398cf21cb2ece2096bd00cc8c08acb3d6

    SHA256

    16d684b61a3a7ca8a7d7dca47d40ade46ce9f50e92826a0783af2ec9176da217

    SHA512

    3ce1ea6ae58bdff664aed3235d382419927b5581725f5c05a9e8cb0236dd74e6f4665baa956ef53eb4bddfdf50acfd523ae1a937606d6dbd22f8d07beed8e90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC5D1.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC6AF.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/824-3-0x0000000010000000-0x0000000010028000-memory.dmp

    Filesize

    160KB

    Download

  • memory/824-0-0x0000000010000000-0x0000000010028000-memory.dmp

    Filesize

    160KB

    Download

  • memory/824-1-0x0000000010000000-0x0000000010028000-memory.dmp

    Filesize

    160KB

    Download

  • memory/824-6-0x00000000001C0000-0x00000000001EE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2124-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2124-11-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2628-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2628-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2628-20-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download