Overview

overview

10

Static

static

3

48d83455b9...d6.dll

windows7-x64

10

48d83455b9...d6.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    67s
  • max time network
    68s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-01-2025 22:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    48d83455b9131fac7ceb5db5b90844b72e44b0250b6a9a57ab0716caceef4fd6.dll

  • Size

    2.5MB

  • MD5

    286c871bca3610af9d52823235e73816

  • SHA1

    44efc89e8f8c59aa6c099aabeb477e26e76de7c1

  • SHA256

    48d83455b9131fac7ceb5db5b90844b72e44b0250b6a9a57ab0716caceef4fd6

  • SHA512

    9987011effb55cb7ab8cc9a3ff3846bc9693e17e2fb9b4cf7cddad71a264c06d687e21990fbe9b5c14454bcc6bb2b04fedcb8975cb255c25f1131ee44c803404

  • SSDEEP

    49152:lrjJBVKYHRK2AE0By+HX2E81fREZh2YF2DxoSP0WqxwLc827MGk64A9dF2yL:lhnKYHU2AEStHX2PfREZh21SS8WqxP80

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\48d83455b9131fac7ceb5db5b90844b72e44b0250b6a9a57ab0716caceef4fd6.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1832
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\48d83455b9131fac7ceb5db5b90844b72e44b0250b6a9a57ab0716caceef4fd6.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2592
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2536
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2112
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1032
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1032 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    41990fc8bb9ed401647660224a3f50bf

    SHA1

    7cef9bdde97cab7cbc4d926d62f96081267d75f8

    SHA256

    14a0013fc0840f6ca504a3898ab4bed8bddb7e84d623292235b9da3ddfb295b2

    SHA512

    1df7d4313bad1a33ea3f512cc608eb16ed1516101df0c8c2c33ba2c9d4122546928a2e2b005c3d18faa95ded056d834e722a5123e4cc911eb41c375a1d4fc10e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a69aee8781ff1f9f8ea3dbeaf90f20a

    SHA1

    128bedff0450e65abb6b39cb9b208dd36acf3d69

    SHA256

    a139711926b5857790ddd01dfadd68fb0ddbb63c1fcf87c32ffedbb26adfe213

    SHA512

    c83bf4345622eb763a018062d91d8b1f284eac0ff5c58c3f3e1e4d3bd155b8e66476cd2608b3aa2bd800e3985bea8dd98b51abae39fe94fcd1ce349d11f04f64

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65e7bc49878b39b1eec9938b4001c10d

    SHA1

    f75d3726f1148862bcd71d7c64b9cc4c815c24d3

    SHA256

    70d95475a19db9b4c4bea75140e4cd45953c6200c4cd45ba023a965bffb842fe

    SHA512

    ff314441da159bd5a72bf2729009b56c80971e85901601e230f84b7461fea0c0386cc676d4cba341f70c1a7cd6777da8a120fe0005fa5d256d4925d6bbeb1ecb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    756c1171d362b960721375ce173687dc

    SHA1

    b0d912323df5cd4be7aa9b7d61b44e72cf084184

    SHA256

    a9007f297aecd245c2aa4d6c600cf5bbd61fe045ff310156192f239ee8a79839

    SHA512

    2b2302bc9278beea00062ac014e97d29edfe27d3344e4246c6189a43fce799fb53a4d414e62fc728a28fdd10c387f32d8582bf1505573b846e4b3c60ec914985

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b4c645d63718c33d13a97fdbd0d32314

    SHA1

    1c80ffa4df5b5730132f818dfd8234392aff6edf

    SHA256

    3cb09cf6ae36c9cb506089756bdb3e639668ff958d72a2e781b9fa7fa4dbfca9

    SHA512

    0f081188a04871707b6cdfe523a4c7acad1b19826f9c25160224de500b6ed25895f13657c57a7215e792d7609529180fc29154b829e6e3c385ed2fa3b1adf631

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6385fcf75165f8bc9338094293c7b405

    SHA1

    2660be9889101281ad3bec3fff903625abb1cf6e

    SHA256

    fa61d2b6132e5e8125b09139a1923e54bd6736c384257404b4d8d1bdf5f35e32

    SHA512

    69b4d8a4080f777383a708ed0cfe946c801e76c2790cc6af8ca8b2979f38c39ba7e43ed21df7b668ee3c0328d51b915a80d3d3ded6088ba09e61abf0f881cf9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    175aad5df2ffdfd374f5fa9738e33be6

    SHA1

    f9e64dfed32ffb48a07ab0630840d3cc05e10839

    SHA256

    c8e89d121d22f6312373fb776a5daa8368cebf0598305531ab5f486f3ed5e489

    SHA512

    15ac49527df64343025fb98d825391e8d5b649b7e16eaf1c840eb3f54c544e89c93d65d36e2e177e37093eaf55544b8b97ce2fbd03a4dc31d30feb765f0296ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3abc2844ce7027052956b30431f5a889

    SHA1

    1dd00814f876b033d6ab637d9d18237c7eafa94f

    SHA256

    99f75fc912756f03c916895f6bdb75403a3f335002b2b70da5aed80041e43112

    SHA512

    97e3bace57179780f689714cafedac902111da757f1700a6980d41d531768f9336b668aa1a7aa57f0f4d1bc065787bcf47c895aebddb6f8f30b12ff88eac1eed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    407a568af0fa1d2d45237e85367c4f5a

    SHA1

    5a1b72d2a698a71a9d54a7c3ce038fda16e7a6f2

    SHA256

    cc93adf1764c763c0c2a71e645a2d9ff9d47b24b2f730482446a58a2e3eef958

    SHA512

    8d6eee6c3008e8f22673c23c9c45dcd3261a413a24ad4530de24397186afa4048652ce47f877cd0c6c50968bb81bb9f764871aeac2c358f36b5959b3ea9be1f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    807cf7973b1d28b615a3a740babf68b4

    SHA1

    2517762ed98b77faca4a521318cdbbd8c0422a94

    SHA256

    98e2e8ba95bc6c5f1586160b187da38d64dbae2b1d8758d3bb284d15695ed3d6

    SHA512

    a030d6a88baf91062ff9c045af44699a7474407d9a86bd671801dd918732787bf3f8f64d9b84a348db6006fd1947d458402e3d8c41896216fe1f2c17a0ba010b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a897626a47a61c403b038c728266e1df

    SHA1

    d6b9efcc0b6dd1e2406903a5f6ecd49dfc1fcc5b

    SHA256

    737e94f67193d679b0bba35472f5e955c07100cc612a1ae2dff39d8db01c3d51

    SHA512

    c155f719800368f90e48d9b23db20f40ab928df7078a83688dc847a0d535ebd6a23fb31f50cf56f5eb94e3f1d75fbf52849e1a2e6714cef58d8362c15a5241a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e1d5558efbfa21b9c90980f55cb118b6

    SHA1

    2ee88a0b98c96b41e40f3c8de91551784300fccf

    SHA256

    be7e5e763c533aca43127f118371aa38a8b34ac337880a64c4cce86d1a0b5710

    SHA512

    51dfc357c9e2352923f06325742178cebbd1e8670fad460664349c332f02e1bfcd73b779e20f668030273cc899dafe6e365578b9ba941c81cd022f2d12b23b58

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7d3626064584b5946f4791c7bb34f77e

    SHA1

    1ce24389ae65aa15f817eb273e689d7404c60710

    SHA256

    434633b8fb0f21409daa4a639810d52fb63284d83afba58e5ab430d51bcb2471

    SHA512

    6d292b52a8b68626d0268f24d37379a005f2dd4f9402b3ac0cb641c2ea70d3defd326474376697045e5016dcc3d49fddb9d7c7279f97d7a14e8e36f409ade75b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a62c1ab7e08c79ec70ed871bfe9e3c4e

    SHA1

    4531c442be54b42683f14f4774d7ba2bd24d90d7

    SHA256

    ab005e036c0382deebdeff4e486b3f21b30379190275e94d68b774afe303d557

    SHA512

    81c20c23dc284712bb0e82d1d9c74629906cbe9272040754b2c342464509e94f203f3d6c3fd7fefd4c08fd0a0df99c38118c52bbc345e1181b00141effee9c3e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc860375bce4bb17fe8cf8c3ead2f674

    SHA1

    a62a799f84e7c3ff71588273995a3a5fca759c05

    SHA256

    026e7a999b88518e3e0e682205657cf7cdae1685cc94957c0128c96dc89b3c66

    SHA512

    af4b1e38e0cd08d43b050247819983c3164e2136390c7a25a463fba71c1c632464619d674cd6e3d4751a29037c2fde9122059ef8d5ef34436d920c28d6da73a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    35e395025ae16c3dfd47aa00a6695047

    SHA1

    f1b9770811d0864781da14a62f27fcff9aeb3a55

    SHA256

    199a2d3368b0cb5fc54b9fd1a91970ee68af72690f0a2b51caaeddf3ab5512ff

    SHA512

    364d75e939c71c1c943c5148f4dd797c4e9152550cfc57278cbad198144ece5b9f51bbe942589723fb32a764cc3bf0ae5269c5de50a712f8530ed8adc8460f40

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da249bb6e35b73a5cbe818018272486d

    SHA1

    058d94437dec091e142a2d15ccfbdc68b1943fd1

    SHA256

    383b0cd23085f18003251d6739eaa356ba94dbdc2359642d74dbbca470ca7ade

    SHA512

    f730f47fb5cd63993425a32d7c6355345a4bde4b7ac1c31dce31b331282df09fa57e842414f1e645cc6326e10e2ac8ac5a4e0accd0d9576f25207c7949e33823

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d272a595034d9dc27234b556260fc11e

    SHA1

    76a9759aeb0988608517d30ae30884aec861850a

    SHA256

    44c8b3bd26b8b03c02177dca6fb2287006b9a4617d8047c5288f905d7f82f641

    SHA512

    9545d4a65f9118704d3091dd5acf2b87b4f77b3be80a4b13d25395265323405efab4c852b7e5801b9b423630db96d3e02bcc2a6948760283ad64c2524da15cf6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4d18680b4306e79acfb9e0487340374b

    SHA1

    b0f330e4439ad1bcee4490099671e6e02b59bd6c

    SHA256

    d1d282ef2becf2deb64c63b44ed85cf105326fdbbbf396b084ea9200e5483428

    SHA512

    876e439ecef6f7d07a2e5764af06e150793146ed1ea541876d791c8a361299973668d5f8d11777324e9f7d9e494aef47002e7a2f135e917c4e47f6517bfa2587

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD27E.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD32F.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2112-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2112-17-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2112-18-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2112-21-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2112-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2112-24-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2536-14-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2592-5-0x0000000074FC0000-0x0000000075256000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2592-0-0x0000000074FC0000-0x0000000075256000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2592-9-0x0000000074D20000-0x0000000074FB6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2592-15-0x0000000074D20000-0x0000000074FB6000-memory.dmp

    Filesize

    2.6MB

    Download