Overview

overview

10

Static

static

3

1ca3e95625...d5.dll

windows7-x64

10

1ca3e95625...d5.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21-01-2025 21:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ca3e95625babd3a1a3c4d4f12cac3d4114d9a57b7307114677b1512b82824d5.dll

  • Size

    248KB

  • MD5

    4019a364b7f2ae74ccb5d32723f8ce0c

  • SHA1

    a364e4ca9e57e4f8c9377f1581e0a912c8dbc057

  • SHA256

    1ca3e95625babd3a1a3c4d4f12cac3d4114d9a57b7307114677b1512b82824d5

  • SHA512

    807741bc1f70f2698108ad0697e94a6d20b5676bbbe7d968028108b91e248c8c7c0e6a2cc13bdcd3b4f55017d0195df10d4b5fc8c7ca800998f44948870c034d

  • SSDEEP

    3072:tTNHkK//zNkgc4TDx0CBf35l215OzoKnItkWRPcv8uv3LlsAEQiw0p9dJ6:xlzNcCBf3r4g5kvuv3h5riPbdJ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1ca3e95625babd3a1a3c4d4f12cac3d4114d9a57b7307114677b1512b82824d5.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\1ca3e95625babd3a1a3c4d4f12cac3d4114d9a57b7307114677b1512b82824d5.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1252
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1432
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1424
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2924
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2924 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2888

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1df41132c3edffa960e52f71f9d3fb2b

    SHA1

    611f0f4b91b81fc890c6184f00422048275e62fc

    SHA256

    443ee3b2387b5e64749a11ae2c46bc5d378bd8aea83bad4d157fe75068505643

    SHA512

    a542ec1e35884d0c0d033f75abee4b6ac5ffe77717bf3bb4d3ad6fba5c3ef401fff9e8b1d07b10e782390520be6cc585841bc8dbe48c18d568bd866e81587631

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4fb563146dfa1fe67e3d923fb74918b9

    SHA1

    ee84809667091f4c4af8de45b5f4ec92e3efc053

    SHA256

    da1d1a38bebfd4863287842a80c5f39dd39d869b3a2e844c7b1dc0214778ded3

    SHA512

    18b3f30a2c3486ef0b2fd10d63c5f71f1ff7b5fce7c53198edcd1416df2e3a230eaeac582f891fa9a369625896842b60805caa52c16fe449fe53302a86cff6a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aab1d7cdc1693c4cc81473bbba246f01

    SHA1

    02ab9766710b222ed087c2bcf1dd89a136974560

    SHA256

    ed78f7f1309b7fd6f4d49e111245d564e207548970ef501a3b8078b8627b2b52

    SHA512

    c4d69f5d6a039242d969c3c4e02ae691030769992215c8b6d87034731aa49e8f70e642deb625a9270ddb6f60eb8d1288cf9cc16361c41e176530a210b7d322f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2cd5d8e03c1e13d7edd9dc41b8f9f6f

    SHA1

    ee576b177ebb231759635e0168082f096613f491

    SHA256

    fda87b436288ffadee002c7e4a04aacbed8bf2f1c5b105ff03cb255a65cc3261

    SHA512

    ba479546367ce5d8159221066bade5f4a3354a61f5bf4c55ea55bdf478863cf7e1c817a3d44b397176f409ee06fb3b1e6c9aa050193fe36647d477998b1eb0e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    88f29e5dba771a71e9fae99b239b6e51

    SHA1

    cd393635d26aa414c52b843d214784aeb0bcc582

    SHA256

    baa66838fdb1836d8b5146ee6893b60db45e5e39f3da088108841f75ca6bac51

    SHA512

    18009fd1e73e6c4540deea8c1afc077c72c7ab01a2d114b5b7c8cbc739f6ba92a8af80bfc22a3d13e246946284ac6b6f06a8860c422a26593137e1ba684e7a1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5e2becf3fbbf1ee86e1cf683083555c

    SHA1

    279fdcde2e7e0f8b69be13220398ed4dd32311b6

    SHA256

    5581760570968a9660bb4397a77f4fda66c8674420a8d346713e6513c1193501

    SHA512

    4368da0a2cc74abf953a743b92062a1d8a98df30ee92bf85f3e9a3dfb3552d26f526e9e57368db0b3c3b3323893b761bd364161282d36f3ef9f57638c44544b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f0c597271c9644d198453923e31bda8f

    SHA1

    fa9960fa8d7f51670237a850020efad68ddfcd6c

    SHA256

    e8eb1872a3c621e569b3bf00207566b33bb3c59a3d8ff992f44b0a7cc2e9f8d3

    SHA512

    a0a9d039ed650f5a7732d1b4a17bbdf40420fa9c74bc4037e791b249371e8b2740b272671ef31a2005bbfdf46143f752600da6593f343a236c5d2e45ac73976f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c4e047d6fa927774bf451172375308a4

    SHA1

    3eeaa25eeb0f0bf73627768dbf8ea69539c929a9

    SHA256

    9f7ea5ba6d16675779d446a325eb413763c4192766189618fcd374d2d80ce05b

    SHA512

    8c38e79871382620a08494fb2d0ef9c34d8b9036aac25a78704538069c00d5881739f119be44ae2e1e6f86e0fd8a1deefe4859c697ce3af4927f0324d6d35720

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    914e8ff4192c28e2b79d516d5d65bd97

    SHA1

    472bf6f065bf707d24107302a7fa1985017df0fb

    SHA256

    581b47cf8b3cf412dd693557e691394d5190e0aa270b97091e9f57e43b734bbb

    SHA512

    11c4f05edbaafbd2d56de58b6147938dd155d00427763e82fe1a52c7f7e8937d62179cfc738b748ee876eb455c7d7bfecaf11cb985bb445e68efa2dae1e87ede

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d43d5697e5ebf109d76cac76cebcf8cb

    SHA1

    b78199b29e6176736ba6f57d6a0b96855087af90

    SHA256

    2ee391273cc3356fdaa36ebdfe0db6504b78d2468577fcf530ae2c9387890688

    SHA512

    f9cd34509cf1a208a8518fd42c451e4b849c8c29fd921522bd31ff1b04c1bb798349a911d5982f9d9369fe795d9f58c0f8f4f581ead787f56603d0cadbf349b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    805d0609a71f5c980837c372f97fd306

    SHA1

    bcc0327b5580416cd0c84c4da7bbb37336982eee

    SHA256

    ba8bd89cc0e1f4f8b957762edc8a0bb4f3ce805d76d47ed425b067a08a8a8930

    SHA512

    fb214cc0deee57944104e066233c07d2719f16733563a60baf15130fde311c620023d34d480152caf9e0e72f421449c8a1194c19a8ebb6bdd6b4817c33085b5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3159dabd3a4a0a86616439433a077f83

    SHA1

    40a5d61c5dfaccf22320d8ec556bc4d97528a5ed

    SHA256

    01524a752ab526523934f69e54dca17868d30f2f2e784fd1d0ce3c9372a2b8cb

    SHA512

    a2c5f99cac3fc6161ad78459593831054001d753843e88f72557a323640fe7baf7b5ff44c7310b0074fc119d46837b526cec656fb6db2379a86da803b262156f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94f70be36623d750ef10c488c2ee2e7e

    SHA1

    8da2246f6f96eb32fd3ec56f5dd6c6868d701ec9

    SHA256

    04ed1f13b68538470481eb8a034cebd222e718550d633f1f5db55a25d90926f8

    SHA512

    c21d382494b9ba7bb0dc48c51a045c087adc58b3851bd2b30fafb3ec7351dc82eafb9822807feb5cceb1b6648fec5cf900caa898f131b078b20c580887ded52d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b44b8510d26b97b779b72bd1409dae66

    SHA1

    d8620b103938d476b40cf3af33191649a72c2513

    SHA256

    ef088722072918658629770fa252f7c72e4f5790a5430b205c5ef7ca5bec5cd7

    SHA512

    055b426d68ee4d244fa3b21699115f72388cb4ca87030d096c4b87cf63c82d03660adc968c904d093a2a381d4ee6bc60856ef0af887977ebaaf23efea6c27489

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4dc603f4ffe8efaf5a5b419faa322317

    SHA1

    f9ac3041772484c578e75337752632b98c0b33d6

    SHA256

    3414c778972d5e5ab4b4badce4c94d5ef623c16f6dbac9fb81ba898abc56a88d

    SHA512

    db440bbc48caed69369bac0961ebb2acd3849932ca5bb9cc7255d8bc4b1b19e8fc3786323273484dbb4504b93fb542e50a7e317b4297a9bcf677e31943b083f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    830e1f21bd5b908ec2ba012984375e30

    SHA1

    551cdc283dcb780d52fb7ead47a55a1a948592f3

    SHA256

    672bf204046a2afd0fc9201baa47ec2a1b80420eee4f507b4502f9fd47a2cd8d

    SHA512

    6c5300c63b3100a8c148a312e5be148ff29775541b5e11055ed2016cf9e93b76820c45d35366504567169399d1128fa5d24eb5e44682be9338566553f669c20e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f4c7c1fbe6c81d528d27f623db0e1e29

    SHA1

    70176c5596c556ac8b3426d61ab8a4825a5f958e

    SHA256

    840ec65c2cc939ed106530c28c1a015c4774257ce4b861b819820ccbdebca6bf

    SHA512

    4a0e35b40867912c74812dcbd06dcf1bf6fd773ca928078a9adebbcdac36e01680de7d6f1e9b14388f916e96de0de17850c3e349994d0a85f4fd42f58e6ee507

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB204.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB6B8.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1252-6-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1252-1-0x0000000010000000-0x0000000010040000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1252-5-0x0000000010000000-0x0000000010040000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1424-18-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1424-20-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1424-38-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1424-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1424-23-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1432-8-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1432-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1432-11-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download