Overview

overview

10

Static

static

3

276da67100...3c.dll

windows7-x64

10

276da67100...3c.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-01-2025 22:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    276da67100830bf7791e788022716f1a730118b3b6b8956dc732893653f0a83c.dll

  • Size

    144KB

  • MD5

    57cb789b0c748b0a4f930a0e353a23e4

  • SHA1

    3dfe3d6a8cbe1362063b6df7dd247ec9e0f1f842

  • SHA256

    276da67100830bf7791e788022716f1a730118b3b6b8956dc732893653f0a83c

  • SHA512

    542c7e05b30935c4c23f7f25e62bd8d3ea8c55ed208be55e8b72a1d9e9eba72fb76ad7eeb5f4e2e4baac0f965e08a223e1cbda95b45625297f18b1ef8a7ed4b9

  • SSDEEP

    3072:sdSdb6JJWj6QGFOTRM5Yry8cOHz4zUkpgzag:sdSJ6nWGvFOdM5YT4zUkpsag

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\276da67100830bf7791e788022716f1a730118b3b6b8956dc732893653f0a83c.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2128
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\276da67100830bf7791e788022716f1a730118b3b6b8956dc732893653f0a83c.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2216
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2164
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3044
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:3060
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2700
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2616

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    87ea56a996fa79a07a49889cee1f4f4e

    SHA1

    629cceff77bec20bd42a4799ae6d22692221207e

    SHA256

    eb949cca5df77c1bf09c648d34669b7df9a481d9ac61d6b6c10d0b8367c8fa95

    SHA512

    26dfcdf04aac0cfc75460205625fad5be59fe72c1fa4681759177f9ef041ed9ad0240c6ba25cf71a7d1db792af020c1bb6962fd190796a8d1cdf2ec47121d092

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e2df7760bdee1e8333b1450916fe28f0

    SHA1

    7753f2c4f8c3e7d1689c4711ad220576bf14222f

    SHA256

    a6f8aa5e506329e173699c197ddb29788b9fbaf0af84b2f1d46343f1d4cb5576

    SHA512

    ece78dccb0bf9ba46534b9399c3ddb2ba1cb2baa5eeb41df5018243a59268f1e6bd39ebd3a9723ec8028e5eb2ee87325547ad656d2a184f2df4c126eb5d363e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b90ceccf23e00686705a37969b16cc0f

    SHA1

    4c0f075f6d11d34c2d0e16266caffe39716aeaac

    SHA256

    3aca10d99660d860c5e3ae954319135e26c5b72786d7dcefe7a55825cc283547

    SHA512

    2ebbda77c27de908524f71037ea6f096fc1d27dcf0323bc5c6d994f72e0e1e0f0a874b7bf5373640121d119bca6eb8db33f457b357b2811bf93ff8abad66dd67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eda29485132f7a64cfe01aa58ea0f7ac

    SHA1

    6d6402c22abcaaa5af75178390661846a695586d

    SHA256

    b76b49e854dd9ec5685ade858a5be1146004bd46fed39f65b469d28b2f36ef92

    SHA512

    23eedff89fc3b11eaa5a3b256ec9f4b4c4b6b770b34087203ad3918fe06003876520bf7d3ec229b1ef5fe71b510cc6050ba6b657faa9661dcbdb6f2534423bdc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82f3c8c10b67b989910099495889dc4b

    SHA1

    2c2dd6b32df6c8db16f85c4d59674425bab07d33

    SHA256

    9c95f912aa0a38d99dd4291c7efb76dc7637a2045b55665ca0b28081c6f29592

    SHA512

    6a71e3edd95b4cf761ebab3fffbbef58148802fa25aed7313b232be5ada5c5e99fc8a003ad16718135b2182af71d02377e9262286896f28ae773233ce1967ea2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c21c1a84de3100b5d4b01af464289361

    SHA1

    cf44e38c93dbe1ae82cd127effa580c5ac1367a9

    SHA256

    e4bf9b07f4e193d92b3af9395965eaa023a8141005d82a46122518986662f044

    SHA512

    4657e2eeb5c14c6c4e590df366f76463e7f728b25f7bae3b93ee83839b6d59d9f1ea3a9cc594ca90379c665afa46a49af4fa343d53c2209c912b78c490b9223b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b75aa38b63fe2718857be5d76b43161c

    SHA1

    4d713aa2d9288ffdc5f76e7125bc7d456f0ebc94

    SHA256

    071d29fc990c8ea9597405470e5cecd673062d7b35d838253ad416e4c4f96dd8

    SHA512

    2b855fa8b1a9850c460dd8a356171465b15faeb47fba695d303f93d71d504ea980f08db5fef1f6383b50406db718c86eb5494a17df821bd3b6c4e674930df6e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0105e49f904e2de8dcf308a4fcc21e77

    SHA1

    5fa7a70f3f94ed8d63c46522f3a82b447d161264

    SHA256

    8e68dcdb1b75774fbd482b80378c07f911e087ae0ef569146786fa35101a3207

    SHA512

    987eb2b146af592b1106ec14fdb014bf1224e3ab1e00ac50b71d857fa85978abc7ad1130dcd9ce5cb9c64e3e29d4dfd4128e1c72a1e7bf8af151c9a07e846c15

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e8458470a29ed2f5b1eca0742c8cacf4

    SHA1

    3849d4523b6728b968ba25e7e41cc4bf1245d865

    SHA256

    513cb951b0452c7f07d9406f7575adec0288f6c9ceb7dcb2ec94bbc2c65bd317

    SHA512

    616c48112346cc4ad6739d20ade34de5ab581a19a402b55bd7e0e37c72a967a35abd6209a93d46c2c53e82f29bdf34a0ea056b82723301afc38cdc32b8fd2c4f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c826f028da3cac36bee3d16a35633b33

    SHA1

    97cd6e56007375bc379a584e94265b873c05361e

    SHA256

    0d0cd5f4f98b7182f8ae9a76a9176adceb10773ba087df7ab115e9f0aafe7d92

    SHA512

    705c5859eae9d852b0636201c4819fabca960b9af0c7670cb0d5d4b958fe31ec79bd4b63995086c92c9c380e55aa0573982a9fc876d0b872bcee37fc4afa2255

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0118dcc5a3721926d7df79d24aa32a64

    SHA1

    f01b33856f502dbd93683ee951e61779ff98bfbc

    SHA256

    ca01241ca081eb371ba6e93835173b33a556209351b6cfa110503048872e63b2

    SHA512

    3367adfdb23880f52db8fdd1604a366adb85561a924700ea714d2287dde42ce3111abbcfa2f0b2c32fd48d4a870a20e0e8ece06c6790c402df49010a0f97f06e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4faeeda226e13474c7afd9ace8b34ea9

    SHA1

    0b31c8be81052ce6eac25612d53e8ae6eee80c6a

    SHA256

    0f1e626112a12c9ab8cdbf5e940e036eaf95c9fda2bd62bb6fe3422dd0b17f0f

    SHA512

    58f3b43a0ffeea37d23482bceafe93312a6218e323257821ad03a3d1870923a08d1b6491333984dac91ea15d2984e4da1ae3b21d984fac851e8b00380605b978

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a0e85693073058c32e177bd860c87a5

    SHA1

    243621e039f02479571d6d5dacdddb961995e815

    SHA256

    85417a79a1a4dae822cc79a03651bc8e262a4f6748c8f85eb2e67b16e31e278e

    SHA512

    cbc5b05003a5d9ed626c436f150c34e24dca05d4d7647224af83550681e5f7f90bd7ec8dec82d9235de7c04b4f66920e92e918006e6b6e40e10089884732f82c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    426cde1a95c3dab94908856cf1cc7142

    SHA1

    575a273abcff288bd151114a7457121a260613d0

    SHA256

    bdf1fc48c33386a30430684337d1689cb279c315a36fddbb948da7175fb9c3d4

    SHA512

    2d353956755a221065bca280240181dcbe0127c5a21827f8b646a69351e17c2e56f87e54f6f2f0a82c6f82b57635678686f2a522db98ac29688dea27f1df4b1a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    66e45b59fa97a4c4fc95329b7d1f79ae

    SHA1

    25ff0ec82326922866e9ae929989a84da42043f9

    SHA256

    a23b7a08921c0bf30933d85f69bf68a50c4fea7fbd018a624f50ced1bd02f0be

    SHA512

    4740f505304700cc6d5581d07789dd52d8fed2b734a04f81de92a10f7a473bdc517eec62b8acaeadde727a7c5e594dc416631a1256f673b089ac344295149bb1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f1aab1f12d77c70e002db5bd86a4dcd3

    SHA1

    faf3964dba2c7ec7a570cc815d8f8090e97721f1

    SHA256

    eff31a13884c91e0765172047763e0cf65163dbf11d5adf8765e444fd47cc0b9

    SHA512

    8960cac899809cc2d7d26657c2c87353d18581d4a3f0fe09d8b957c6e3d8e7437b08084edd8c96194324b3ee88e136ead5d4de35971def3200a20f2d99d433ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94afdefc4758c2b46a4dd465d9f4cc32

    SHA1

    8f930d404096c9adb9d826ea21855251aa7c87f2

    SHA256

    9199a259fde05cae8f79bfe7eba6e4519d8ffc44e75f124b4ea494a8b9a5ff28

    SHA512

    e33cb040f034949efa0a216350cf5b3eaecd0e8b6d8378c0561c750f8e2b33a3122980ea434d11af37f88ab01b8fc996d6f1f2f92725f9d346fec864010a0421

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72ce89087acc41479a59ba5c73c18bfb

    SHA1

    84cb69bc10065e06416b5e053edda10a32b118f0

    SHA256

    ff325f4fa8cd0b6680c8ad8cf0bf71fa321adf97c50ec1674443bdcb317bf2fa

    SHA512

    18b5aac6e2a04b5664b4ab690a4c5cb1571225a82288eb3f314b33db245c01920ca29d13d3823b6eaa33df91d1cc667d55ae24c6ca441350650ceaa77f48a029

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    54633d2d0924fb120eaa10d278021486

    SHA1

    f04588262f3a290f3e9e8650d97cd5eaa254264e

    SHA256

    83c40510b3fcb47130df2913dd1c21842e3b206301202e7adfee32d075caaa40

    SHA512

    690955709a047d462be36ccbe0b9e2dabfd9b982aed6ca7359d35407c8d4d387c7e65a4b5297dbfd8f882c1bd9394eac4922b1eb1c0cf65c873eacd1cfd05a6a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F982ACF1-D77C-11EF-A094-FE6EB537C9A6}.dat
    Filesize

    5KB

    MD5

    8061e50133a82d3063d7428b1a8d20f7

    SHA1

    2afcbd2baa7394c5756b08c59c8095b0b7f1d4f8

    SHA256

    df66ca223c0bc92d47bedbc3af761ffe42be00ab7c9e63f8d462757f42c95297

    SHA512

    97e037df3d97905dafb7b760cfe768dad7bc7cea3ecf4647e49d24a5d95befd826b454b155020370005a09d7624dc9b6a47d29b656fdb7686c7522cf50ee931b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F9850E51-D77C-11EF-A094-FE6EB537C9A6}.dat
    Filesize

    3KB

    MD5

    218a9fef3f95b844189295ff4b9b0ac3

    SHA1

    a2310f4a414ad57bee7ba7e7e4d532a85bab8923

    SHA256

    36e0fb0f3f12b3d39571fd6cf68ff89129b3de90db5b26adb131092e09175fa8

    SHA512

    f578396a7fafd8fa9a6132ecff8ba73f76bdc392c99a54f58d952f43dc444a30b8d062c7de00bfdbc3a427e3393ae370fef0ed31eccb64f2eb52f3541fd9d2df

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF0E5.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF148.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    106KB

    MD5

    7550804dcb2dd83c3383835d26d750fd

    SHA1

    fc22ba558f6251ced1b9ba0117d23b8cfdcc8f2f

    SHA256

    22365d7b52523ed42509ed9d80eb32a1094ffe39946e6016ff678713053412f5

    SHA512

    01cd7e614c25c9213ad439d4996780d510107ab9ddb904f78d19b2c583d22901fb29cae5459a8203214b968736403d9f5ff6adf94019186008f4b9806a28e884

    Download Submit

  • memory/2164-16-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2164-12-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2164-13-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2164-15-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2164-14-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2164-10-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2164-19-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2164-11-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2216-1-0x000000006D180000-0x000000006D1A4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2216-8-0x00000000001B0000-0x000000000020D000-memory.dmp

    Filesize

    372KB

    Download