Overview

overview

10

Static

static

3

b43a72a672...ac.dll

windows7-x64

10

b43a72a672...ac.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    132s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    19-01-2025 07:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b43a72a6725d4342dda03210e19e35307e74ef03b3a9757f928663af10f001ac.dll

  • Size

    472KB

  • MD5

    1a0e44f069192ecdb59268f16d9b47fd

  • SHA1

    3df64c67076d0d05873a6adf93eeb156373a7f34

  • SHA256

    b43a72a6725d4342dda03210e19e35307e74ef03b3a9757f928663af10f001ac

  • SHA512

    56054ba51028587dc21467e758f56b2377db0ccadc5b59c78c717e00df0183a534884f0b8d522fc7389ea71a493afabd52f71b9e9504aba5b2f82c09356aae7c

  • SSDEEP

    12288:Rlg7Vk6XmpPS0IbAMFL3cKncXbk7saeW4S0K+x2th:RlgKWAwL3cKncXgwaeWV

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b43a72a6725d4342dda03210e19e35307e74ef03b3a9757f928663af10f001ac.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2140
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\b43a72a6725d4342dda03210e19e35307e74ef03b3a9757f928663af10f001ac.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2724
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2844
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2704
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:3008
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3008 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:1752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fea948b4d74cc2ba39375715b997d75f

    SHA1

    27f33716cad4e2ac9b581b5010d36cf04a2501fa

    SHA256

    eab9e94f28d86a4177f0b66e9f13d4ab497cd5a1492d16bc5d0a4649c3a03326

    SHA512

    4ce67e6668c2cd9cc65a73136049519fcdbb3442ec3073b822a82f19a78295c525f06820b9413dd45ffca3b05679ec31103dc670760b38883b85d6ea1904e015

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91dff0eae95edb4818ce4aad17c34be9

    SHA1

    34ca8665a971f5a4e2a6c3507ea4e39f48b19b5b

    SHA256

    c377c48e7d25c2ce5467f018d5fe1659df775b8c53d78daa7b6f0f21b2a283df

    SHA512

    facdcf6ffae04bfdd2bb1b8d16fc3390bdfaa2ac0bc93a1bb9289954b2d33421a9805f50fa06d39cd55d2bf0e834e86db213b1536f1be4a8c2e3544e35faacd3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c3baad1265057f814940174ce7ae04e

    SHA1

    23defa8f852f1d65ca223dc173a49e73dd367231

    SHA256

    5e46205baa6c45d47c4d67ab32f6a74d230d8c99d123ca1ee66a057b56953e29

    SHA512

    55442d863277f54417b93a65a224118a4500112bbe3653c81f4a69409fb7fe8b1015bb07dd6389f4eba251bde24f340c7fc1de1cadfb43eed1bb2e46fcd7b7ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c0d76a30cc7a9da3f3bdae94e8ed623

    SHA1

    efaeda5b01eeca3bd81c641169703d24061d2938

    SHA256

    8895147a11b90512a8b55949178ba003bcd5995c64f6c62dd5b6bf2918f40335

    SHA512

    7d89d995e1aa253c7700f705061a50a28cc0831df4b23bee45ce5d2c3a977df0f04c1d6a811629bc5d128ce94264cd59e8b491403d9e2d52ec414879e3e5a28c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b10e0324bf32b645e5798aa048428ff9

    SHA1

    cdb59d1ca0c65b2f68a6bf082a9f0d6be761e8d4

    SHA256

    84f37b23a698bc3da9168ce750e3ab7831dfecedc09b577f5548be0f28fa5d1a

    SHA512

    82fc51de4fa9fedf1d1de3f1576110e10a1a137ba26af6287a5de667f34dfbb80dd005963e481687f0c05509e1d7fd1d8592ca9d1942289b0268586db2874327

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d29f7c08f52e3d312fbd435877d83468

    SHA1

    9c8a2d95ff3f9b826603ac05274118722c8158d1

    SHA256

    53b736f422392da3fe3baa7b0e124e5424d349c2b93a7f9862992b672b09ce20

    SHA512

    84a2af9fe542d9f4bc40648ed69524e87e1c5c629e1b992913154a187f6f7cf0975d98120e5a123d760a12df4e018b5d27c8acc29a4f6a60a4506e814e03e675

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7e2c180571357e66689c2bcf45c9eff3

    SHA1

    1da4742120a8f16819f5c6d3480dee64d8c1eecd

    SHA256

    0b8d7d17cb04382afc2cfa0d295c8cd49e90c2fce5a08da8a728fd37e8abc1da

    SHA512

    5708955339ddcaeeeeef0ad089805ebe0ad3edc9eaa58231210366b954109f0a05b1480de5f8e6605312e1074e44f778e275dc4ebeea6627fbbdbce1b76f4f99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b8ac3af185c5cd23c8eccbd87e4b33f3

    SHA1

    43a9fdbbd4b85159ea39539db05f81f97ca3c41f

    SHA256

    12747e4b6ac6f132d234b121696ba0fb4596f5d7467de8dc2c28a3f236dbd5a8

    SHA512

    410aa49fd1147e3dea91a19a8f2e7a29edf0be3f946fffc9abaa0c75843356a235c25b2b3d128f31e0a7ed285440b7fdf9c12e2113b056616e2d2b05bedd52ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f6f5525e144e0b76a0c083e0b1898b9e

    SHA1

    5044e13ad165a5a271977fc5392300154f4f2a14

    SHA256

    944f7a2cc1dbea775493a46e37b22c0075c45ba37749a7735df85dd44e4678af

    SHA512

    2cd40fe6aaca2468e88fa8cfa6bc1f8a746e2daeaf915fda00f72637417122451f7366b973197342471b14326bc00911e6b6c9101ea269a6ec9b47950a370556

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d7058150f2a338a3953cd044f7a83ca

    SHA1

    8eb78c919cc720b36cdf734ec9a95efa9d4a5c92

    SHA256

    6b8985e6b582dd365c1ae71b4405fa0d98ec14f4e255bd70179a8ea48a958eec

    SHA512

    48b8db84a3a48ae0aa7eba768d93c84dde26d628b5332065415904278ea4662e00e1868246861f2bd880b4a29221bbbc7f4adbc82c0342bb1382a757c99173f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e5113e8256482e12f4a8ba76f40ae0c

    SHA1

    3fa0a535b403d6493141509596fa8b99eedbc125

    SHA256

    d3194d8bdbb2a5bf2061a49e1839f557c581efc2237a3beb7faf4230e7dc5818

    SHA512

    d75606fcd7d98cbc856b450fc306293bb48c0dab8ce04cd1a6d941256a0f2821ac6cd939e0cd5d4ff6a0e343eadad4334bbd9c2cbad3e236ecff387111f41ad0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c962c431902b0bcc7cb053464239ba88

    SHA1

    dee37141f9979b9762935b54842b833adbc488e1

    SHA256

    beb53b5efe92525d1c47a3ce308ae26053dde7eb94aca260d56d1ca15b211b0d

    SHA512

    2305d2f0041869daeb13af324e4fb1d55215726774d345a7b5fd38bfbac07b6df81df5335df40cb0adc5a3994d583b9553097b4f2df1e4e0dda1a943d5d79c25

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    23ac60b5dc906cdcef99280c9ba5909e

    SHA1

    88f33d213353df518434bd111352fd5254751461

    SHA256

    9821c6d18aaf3cc24711df5ed89b3d4896c9d3d94d63ba829ac6eef8eee98a76

    SHA512

    c9eb852539a4c45a9fab09e2135881fec3dcca57beb325c46d39a5248ab2bc602c68bd79bf05211a51e0264a1cfbde96044b26c406b603c100967ec7a8f0e7b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9a57c50ea165232ef974b2c2f2e3188

    SHA1

    6721ad57bc601c06a995a7d7acb1f7edffbefc4b

    SHA256

    e46643b9be3c6b01f682da25a66aec55180b3f2d2ab9758c3b1c111dee9142c6

    SHA512

    6923ed0198c46a40ac98d899814fe76cc8e0dc6e60f57fb362b5dff3ae9c2a01c521db9bce7533c917d7dccd0242f19f2aef5036a2b39541c4a5391687c81aa0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dfbb42cd59082998ecc06559e485c9a4

    SHA1

    74d43fd7fefde9173934de80d2623ccee62718a4

    SHA256

    b155787c4ba51258590c2aec8d71f115bf9110ddd6d90f0f1a0abe4438592913

    SHA512

    daeca230f6ee046e7b8e41388c2d10173fd3da08d60cf46f3f21366c40d6e010405e2f98402c738eeb63e105ba1acdc971b33db07185d1f5eb3fde50d1a70856

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c84b3f767fa4d749caff477fa7b9ea38

    SHA1

    bc2e850056e6b6ebf29f418ff1ab57f1b02c1b57

    SHA256

    c4b8a37de92de5ab8331161fe8ad22930071af6317e931ae4cba6fc7d931aa11

    SHA512

    1156fdedecbe0f46b33240cbc0092e5be394248bcd4446a84f5d88a4dda5b91b47cdfefb4ec45fee412ed44065eb459e1ffaf4f123ebc12c4ed2d40c1bc5d451

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a2dbea575b3dc9cd9c46280c0d2b599e

    SHA1

    5f52bd5c4b92751c085c81381b0af4ad3c1c76b1

    SHA256

    91cc81db0ca0ec0b0ba785f303415478816c50c799806b8173c5518f01bb37f8

    SHA512

    a814fc1d25a99f3914739a905ba9d7d1f11e89402fc3ea32a516f4685e105bb198ec09a3f85f6aa980c95125e8fe8ab525e5e448f70d3123beb225516c97d923

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab35E0.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3662.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2704-20-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2704-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2704-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2704-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2704-17-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2724-5-0x00000000001F0000-0x000000000021E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2724-11-0x00000000001F0000-0x000000000021E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2724-1-0x0000000010000000-0x0000000010078000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2844-9-0x00000000001C0000-0x00000000001CF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2844-8-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download