Overview

overview

10

Static

static

3

80132059c0...cc.dll

windows7-x64

10

80132059c0...cc.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11-01-2025 02:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    80132059c033b4354f20acc52879767bac021679b98c89adbb562ad4447232cc.dll

  • Size

    120KB

  • MD5

    3ea0c998564ffe048529e6b01e268428

  • SHA1

    15f175d80b489093115783314638ba5463f9d516

  • SHA256

    80132059c033b4354f20acc52879767bac021679b98c89adbb562ad4447232cc

  • SHA512

    9994954daabacfe001ae32bd8300791d772b5898e80b607f7f695ab454638170024acad26b2195a25c69ec5da50c4ae9348db8dfb358247ded5862ce89c6b225

  • SSDEEP

    1536:6hWTimRqIDubZ4TovsnU9zx2g5883CXV6IL3ZBOEzwLvZYJbhNetQ5Nu:6hBID64Tovv5ByFFLpBf8jZYdyQ5

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\80132059c033b4354f20acc52879767bac021679b98c89adbb562ad4447232cc.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1292
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\80132059c033b4354f20acc52879767bac021679b98c89adbb562ad4447232cc.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2072
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2060
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1808
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1160
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1160 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2824
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 224
        3⤵
        • Program crash
        PID:624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cd958825e40615fb20e4dd397a7cd8a3

    SHA1

    56b75f8a4a68c7732163dfef424a15d8c26a4fda

    SHA256

    99bd67c3f726a01a070da7109da1d6817ad19a27ecde64e9569f556ee723f3f1

    SHA512

    59b79f9b99ee151ef39233d0bf64f3d532ce64166a5563cc2d7b7ded02a420f0dd872991ee6b86b9a6ec5fa56085bd603505388b21ab3c62a13c976fb103be7f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bce96362b751efee4e0d929813580d19

    SHA1

    b2f6a38ae8f8292d17960723a0bd25719ca1d692

    SHA256

    fa05f972ffc5c49e255f2682dd0cfa58df2f7c73dff2a00210827f5ffd847cd0

    SHA512

    de0f26f98a702b3b23d9b0c53752c393a7aad8dda44d8bb4528a172c86f9e1ef5d37b591335cca08d664e7f7af99a1c5ba3b27a7319f0179388a4571dc53ee6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9f9ff71e10353bbe86a820fdac28829

    SHA1

    0a66049ba4ca113de5972dbc3a1ab52ede36a96a

    SHA256

    2ec6f9123fd108a9626a347a21da443bee2ae43a4e55496f4fea7a0885bd325c

    SHA512

    f4bc18f0e5e8bc212171a06f1fe43ce620155074616a0acbc5760668cbd72ff0cc3a4f45cec7da592a7bbf35bb432bcc268587e80e48e5a5e7677a799c1c4ebb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c871d2b2c01fa61decb5d1d645b7f5f1

    SHA1

    59d508b81c3bde896697f89d71b51d38688dd527

    SHA256

    6bdfdf0f58e7f06e1d7cfd63175c9cf838d1bf9035d433c83deeaf07503a69fb

    SHA512

    60e83a5b710a1eeef9314bff4d85cebdd94c84cc98a0cedcaa01a4aa9457c04948b8b4ca9159e4682ff8ab6ca24d607279c8ea9f678f6f4aff9bef92167b1449

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4cb1161b103696c6adbc8956b4062d8a

    SHA1

    4d06a242db96b65e3f3f6a3b1e2b80bf6312266e

    SHA256

    a53073656f9cec2b022025596eb45d44b122cc8d131a4b2db43b5dc2130ccb9e

    SHA512

    36f6478d505104fc348ba2130fc46a7a5afcb31c338e64550ca1332e8ce45e9403442cf11d7c4e63f50325d030fd5f9f5e0df502e3fb46906281dc28178fdd02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d548e94eced01a62f6a479868d03a9d6

    SHA1

    bca56d64cd6f00481bcc89628aa7eb107b9939a0

    SHA256

    4a280ae2c6c4278f0d2ea70d69a7ba725fe1abdf4f1c198b5968316ddb19ee06

    SHA512

    1e34b0be67ef224d5da24f067dd99f5f7e31f298b26757f6df177020cba207843bed285aae30d08902a86f975d5e4dcd28df893cfc4b967930cb6656e0fefc35

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    84e40f6446387e61944d71baa449aa58

    SHA1

    082e096b8f970f7b449cef0bd17d7d746dcf3bd8

    SHA256

    5a5e8d215482dd522e967e5897ac02714eb0dcd1e4783c5a17cef0aab71fda2d

    SHA512

    b574f890bc49ced613b6794c05b6f63a2f37d20415400d6e8bb0bd31bcebca2159fa642ba34e109bf7df330535e402a044de3050a169959c236df58b1d7adf60

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73031bf8f98743dccc2eed5cc74f3d53

    SHA1

    f100a1c454626456edabdf14bb6f6d8a9e00ddc5

    SHA256

    8c8f1828c7cfe3019e1ace3d83babcd0e847441b4cb917ece578f6cf582ea73f

    SHA512

    de7626a4b2b2589be196f3aa23f94a48394f7c42cf7283c1245f2c90df9e335bf6110afc98c7a7433bf4032e34efadd5aaf6d7bb4f60a8e1853114841f2eb674

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7d46cfeb394c77f0f55276aafb2f2722

    SHA1

    eabfe1e1fd5f35b76a57f900f37e72c2972be5c7

    SHA256

    8dc18ccf1ead2854f5ebe231f7042fac6f57d4c35f08b154f783d07b06597e87

    SHA512

    9ac59a5bc259d8afafec383041b3872359f0ffebc9b42110c2eb9c1e0f25018976a423ab254fba18b4f7c58f87e57ce99ef204eab8c09834e5f59fdc34841c4a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD185.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD233.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1808-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1808-18-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2060-13-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2072-15-0x0000000010000000-0x00000000101C1000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2072-16-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2072-12-0x0000000010000000-0x00000000101C1000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2072-1-0x0000000010000000-0x00000000101C1000-memory.dmp

    Filesize

    1.8MB

    Download