Overview

overview

10

Static

static

3

c02aa1db57...0N.dll

windows7-x64

10

c02aa1db57...0N.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    67s
  • max time network
    68s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    24/01/2025, 10:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c02aa1db579b33539f1c6b5cca104f773b003a0c90fe9eb0b0efc3649a673270N.dll

  • Size

    2.5MB

  • MD5

    f8a274d2e4a49bc5a51ffbf75882b4d0

  • SHA1

    5496643ba5b8e039f862981b67c61b2ca091600c

  • SHA256

    c02aa1db579b33539f1c6b5cca104f773b003a0c90fe9eb0b0efc3649a673270

  • SHA512

    a002bb2a63753ee264419b7f7f12d959514686fdb10c43b43b93160e45801e3d987f441363e670a477b0728d45efe8b0c292795ce4e6500dafe7979b49c6abfc

  • SSDEEP

    49152:lrjJBVKYHRK2AE0By+HX2E81fREZh2YF2DxoSP0WqxwLc827MGk64A9dF2y:lhnKYHU2AEStHX2PfREZh21SS8WqxP8G

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02aa1db579b33539f1c6b5cca104f773b003a0c90fe9eb0b0efc3649a673270N.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2444
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02aa1db579b33539f1c6b5cca104f773b003a0c90fe9eb0b0efc3649a673270N.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2144
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2532
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1664
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2136
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2136 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    decf9fabda1e0e52ea4f35b17dc3d310

    SHA1

    0293ef93e41df4c94838f1bdb7b96c5e8dc51b61

    SHA256

    dae4e74c2799a422c57ae5b98617c08363887042b9660a335ccbfce9d8de5497

    SHA512

    095ca19d9a9cd096a1f471878dfc5c815424e2ca7346a4fa0139ec33a27816690d4d0d3d4b573ae94ef6893e1e35dd0abee66363b3feb97a9cca17a29d3c6744

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9bf6c97f2457e0cfc4fdcb625490dfef

    SHA1

    55cdb844058afe1f62c9afa6b0336dfc38ae8a31

    SHA256

    2d1724d4564f513397233c195b5c8452f1f5a5857f52c62f5fa163b71d5b6787

    SHA512

    a1f1c093302cf1d4b9733d8a92082dfa5de7aa68116fca9dc5819b20fd3e831f814f52f834af992e3137f0ec7ed423b785a85eca68e99730a0b9cd676371eeeb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36035943a536a54f76f1ff4c0eb53230

    SHA1

    bae33ec1d27fc3a03ce53727335b7442d11a7993

    SHA256

    1cdc06e0a32004f22567f0b0768da5c5b181151e495e180fd4e07464ed0d354a

    SHA512

    5af9adba589b606736a236902d55379a1ec1eeb2472ec3754b74ba5395c482b85991ab2b930897995f19ae8ccd8e881b2866b3d3863a91a504c972fc035a2835

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6660672c4f95b05676a7a5c16cb882e2

    SHA1

    9c8642e7fa2e09a7cafce4a7964a61c683fa16e0

    SHA256

    14e3676d4ed94ce1dbc5a8a5c337ffbe41303a7df0d3816b843fed1907bb59a9

    SHA512

    bbded67a84c4fca62cd3b239e5b9367a4b7b3e3176da7bc93b732fc851f165db1028f7f3d39b4efc210e9a4e4f83566eb01e23f95b29a21c1306021d8f57df56

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f1ff54c2b2b2fdcbbdda99908129c550

    SHA1

    bda863b65d344dbcdb065e382c60ebb16327299b

    SHA256

    126862681b66acef48625a0466a26db2b6b276a7388f60146e3673f5ff517df7

    SHA512

    0875f095d844ce43975b7e9e56784fa24b699d5239acd2d32902e538b9be803bf971605cf5b37e6eb80eed9aaf7117402e97bb1981a2306c5f41e6c2626da152

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    030f7502187469788061260e930b0e80

    SHA1

    9fd2da9e4fc7b67d32eea1c312f3cad8253a52e6

    SHA256

    20d9264bf8fc7ba72d292aecc2955e8a7a78be0f496f2a6c2c47e0f94dda3691

    SHA512

    697cae7a659e38c98aa9b12d7fb6703b32f8ea66b7a5053ae2f59a4f3b72d9c8869856ec5dbbaf514133f9e5f933b83ed0f15110a4bfbff35336f6de9faeec93

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    74b6ce65f04e7c6fdc9d171690079159

    SHA1

    631324602ab783545a084ec4cc974b6362e0bad7

    SHA256

    e808e9a96e30b081381e7867da3b06e2153b6b474c2f72e4f4af523dfa82791b

    SHA512

    777fc6da46be42e85e687e9936da6b653b6548474738bd2a8ea4db9b481037d0ba273d71519c0c9fd6cf8ef05ed9878f32a290aeb895468a0f35ea9aa904aa07

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c8100427e2a41fcacd75080b07bfc1e5

    SHA1

    7efeda9051fb10b958b7861cf20e1806fdfb3f14

    SHA256

    b4b50391be75ac1e7fed4f79e2953d68a395a9e181de72b5bc4e3fbb596f434a

    SHA512

    95af43afdac2b1765c2a9705718d2ac067a353c6878fdbb1f7c17c52c370f368de54430033e7e56576fb272b6f12c95c1f38ab68b1a35984b72ff3fd56a7244e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    648f7265d464a746777f68f17205e75b

    SHA1

    d0ff95de406097fa3327a14ad985d38e996e16c8

    SHA256

    549221b47dbec39f578b59ba6b4d3dcddc32a6c975c6dadc4692c3324133d4d7

    SHA512

    79853b75593c48a0c05fdf54b04df9d0c07ce529c4251933125a6126be5cd47d2db809b10a1769615b75565cf4597d1691a270a8a0b1cd38aaaf09a3a7dc0618

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dfe6ac914bd91667c37363d6b20c0669

    SHA1

    fa1bb2cdeb314b179a267a757b28fb01543e164d

    SHA256

    8ef42f3e96d00b25e4dc613ab002518b00a1a1b2662b02401256d42bb004ceb9

    SHA512

    0d382328f05b34247de6916af12bb95e62cb6c1ba116dba3586e97c4872dddffbfc8139fdb79913e07eb9c0f74c8c1a5600a3da616f2bd443344f92a72c5b8a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c145d51a57b879bc04ef74fde69157ba

    SHA1

    73441543f802226d725511594c7df5286e25d163

    SHA256

    f6e0ee6a30b239ea149551efb4ce03c2ecfc45d64ece5cedb2f9460d8a83d474

    SHA512

    6a77fb19cc6805cfb1a96560e18543215e877d02220b3b4faf6b5e94c77331f79b5a9153f63eb456ac89bbba5b30c29471269c99e09ff9010a11e4c82f4d1e47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cf5a9ac52b270b0b918b0e1c4c795e1c

    SHA1

    3c2c55dcc6df8285527d4cc783068d16255af6c1

    SHA256

    0d720b185964b3ef39773dd145128069b1698d2b8593b6dc78cbd63e81e4601d

    SHA512

    9c62c92e2d5004ae5901b09b57caeb2fb65226ed0cc6022bf46f313adf224265d824634ac386a7b325975e1eb78d06ebbcb2bcf98ffd47e97636232f47f3cb37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1dc9996a590530f6fc19062b9a6f2c60

    SHA1

    c6e7e80ed02ee88a3ed1f0c0f19cb44fd0d3e6b4

    SHA256

    6d20934996d511ee43700ddded41cf7f47f45f138f31d3db3a41dc7a7c5ccb99

    SHA512

    4c57f589632f60ba591710a8cce3ff5e17c667af6e64a69dd0e2a302e2f5ad42bd99d447a17978d1e7985cf8e3e1a3a00ad73769a885c159a94aa935cd72e918

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d1e88867c32200e03d97c3b02002432b

    SHA1

    a3af1402cf2d71c8ec8932383daf13397a0cf591

    SHA256

    7d8377e96ae2e65d1e6d0de279260b4f555c1ff201b0b6de9fbe1894f13bc574

    SHA512

    06b92d30fa31e0bfef1ebfbf7c094fb916818a3af7f513b8b5741759bd5165de6e76bd8dcff86e123d8dae2f828e910e66421bd729eba2ea3b2c8e7e935f86f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18f1f253e8dec25ca351ce7f2a19caf5

    SHA1

    211ba9d353295dd0eaccc22970538998a92545fb

    SHA256

    eb4920e05ce86f74b667230ded895ad449806b412532ac564c8e288ffa92fe12

    SHA512

    f59cb9edb00a193efea4615f0c14588541f9d02fc210ae4d1c3e28442a3c30220de74a287f8fc728672ce73ea789270523beffcc3488da56790b2e48152bef83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    54eb357a1fa4970bad6c67e2ab55c488

    SHA1

    f7aa1bd724ab65758f362be9944c8531f5d6f544

    SHA256

    ab92251ac8b88872766c738eef173bc4ae452566aeb0025fdef5d4e4e9312f9b

    SHA512

    deab4cb22ce6e81e57704de4036aedf8e69bcd452324177b6b210cadcdae04eb05c6d9645328b7d4fbf1eb4d19f873d22bf43890a31e4d0fefd9325413d0901b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE497.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE537.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1664-17-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1664-19-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1664-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1664-18-0x00000000779EF000-0x00000000779F0000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2144-36-0x0000000074B00000-0x0000000074D96000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2144-16-0x0000000074B00000-0x0000000074D96000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2144-8-0x0000000074B00000-0x0000000074D96000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2144-3-0x0000000074DA0000-0x0000000075036000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2532-13-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download