Overview

overview

10

Static

static

5

b4f1d0cc80...e7.exe

windows7-x64

3

b4f1d0cc80...e7.exe

windows10-2004-x64

3

$PLUGINSDI...nt.dll

windows7-x64

3

$PLUGINSDI...nt.dll

windows10-2004-x64

3

$PLUGINSDI...nd.dll

windows7-x64

10

$PLUGINSDI...nd.dll

windows10-2004-x64

10

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...st.dll

windows7-x64

10

$PLUGINSDI...st.dll

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

10

$PLUGINSDI...em.dll

windows10-2004-x64

10

$PLUGINSDI...te.dll

windows7-x64

3

$PLUGINSDI...te.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...om.dll

windows7-x64

10

$PLUGINSDI...om.dll

windows10-2004-x64

10

$PLUGINSDIR/xml.dll

windows7-x64

10

$PLUGINSDIR/xml.dll

windows10-2004-x64

10

$TEMP/$_89...in.dll

windows7-x64

10

$TEMP/$_89...in.dll

windows10-2004-x64

10

7za.exe

windows7-x64

3

7za.exe

windows10-2004-x64

3

BORLNDMM.dll

windows7-x64

3

BORLNDMM.dll

windows10-2004-x64

3

CC3250MT.dll

windows7-x64

3

CC3250MT.dll

windows10-2004-x64

3

aq7z.dll

windows7-x64

3

aq7z.dll

windows10-2004-x64

3

aqhttp.dll

windows7-x64

3

aqhttp.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    24-01-2025 18:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/$_89_/MyNsisSkin.dll

  • Size

    384KB

  • MD5

    a6039ed51a4c143794345b29f5f09c64

  • SHA1

    ef08cb5dfa598d9d5b43b8af49f54b2c7dac00d4

  • SHA256

    95ae945504972cadcf2ccfb2b3d02ea8cade3ee53f2f2082e8b40b61f660877a

  • SHA512

    0ed3d0c070bfd91e2355aec5a30ad5cbaf6949c965af5e0ee1ecf2edd5f5aeba3819b4667a0301f8b52c8fd56d3bae35fa4f77063d56c8f89055784d0c0a30a8

  • SSDEEP

    6144:yOrNKQjNQnWqJolkFucBm1fXr9ICcYerKJbYm3IyU5qVvWIdjI:y4NKQjNQfqOuEm1fXncdrKJbJgtIdj

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\$_89_\MyNsisSkin.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\$_89_\MyNsisSkin.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2028
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3056
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1428
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2044
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2044 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b22512b6f95993abcf801e74d40c07d4

    SHA1

    25a6749553443ea9d3e725387545361c37749249

    SHA256

    e9adb8a1109013f148f089f16e15a83cd98db65aa3e345b9fb89ba064e232ced

    SHA512

    799e5f32a948ee26a2972063ef5269d09c67a34ce75d1e315e079d6853093f917840d5ae48296b314971d13e5136720d99143099f45b18cfb3cdb59ebadd369d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b0c7f2fee5c7ab92cebdc73e10b5734

    SHA1

    88caa98b9a9a62016901410376e40e475dd92158

    SHA256

    a8de50c580b5100643cdebbbc7de33bc574c6a3f377d6a8d5f8078566012f9db

    SHA512

    692b405905611e2d515afb77fa35d9ef7e8883ad59e155b9bbb7e6eb335a78e20891cf4eb5ef2ed1fa03ee25bbc0d76d44f90494f5e4791056cd4931f7e27140

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3f1779a012f08cb3f743b6ed0957429e

    SHA1

    a4a776efa6dd4039a632266bc980a760b234a5fa

    SHA256

    e8f3ad807f2531c69c572f8cab9d960cba1c2748672578c4159f6a450b475974

    SHA512

    2023ac9438d928ae7683280c08badbfe351a752d4fa239302a9fdd2d0c873fbb679ff1178ea9b47a8d0d966c1c43b6d7f5c3bba2c9731e5d62d34040daf41d4e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    efa64c286920911cdc0ea61b7cf3ffc7

    SHA1

    d8ce1927139899465aadce83473e50f86377b954

    SHA256

    d497779a6b7fc912d4d93685c5902e0f950fd29344d7f85bfe36d48fa9056106

    SHA512

    c96d194c2cfa38ad9444dbc94198e8baef59d1f7deada58356a46322160bddff6a4fae6187ae03669bf87e41897d8663b738879ffd7bb696bec2e8c71350423f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1319d84a2d55f20753c081f4ebfb1b00

    SHA1

    6208aae5d433814150bc020d5397cd5e61fef83b

    SHA256

    f4c344a26e708a2a9f0d3f6915e58dc01b58d689bcc07a8540d27d3de8ec12e9

    SHA512

    b058cb5e8d5e4745e2512989f49caa41e41fdbdc93371705cd0689ac5690fabeac2b81a9c391aa0a2cdf7653652116557818a2636f9b6863ddf118dd6a67ccef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c929fe1ee2bb843778cbb14d7f6572c4

    SHA1

    3e5b2dc7019dca89010ce44738d9e4ccba3f71e7

    SHA256

    657051c03d6d974675fb3081b8f31e5a0c9e8c3c997fbd510c3619550fdb16f6

    SHA512

    dab558550ed3c2785fa99dbbe604bed0def63a43c9f3d6fe37f2b4bf441743c3e1df98588e86f0ea493e3ce6fbd6769cf15b0bae9b4b4c9868fff85cee91d5e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21b9c2ce3345a731251796d6936dbaa7

    SHA1

    ddd9425468795484083422ea58f1552ea40b0595

    SHA256

    c75055142dcf965d7de22486de9924018e4701d2c52df4e99549b1add35ce8e9

    SHA512

    67e9d4ca698d5430d1844a4b8731736100b999f47ed472574ecf69f9b6319c72f71bdf425bf53d212ac4cd761b8d40e249d6944a1389c8ce18a7a3ce2ed6879e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47aab7fefa9588abaae841321d9a4c9a

    SHA1

    de5e3f1f687ac2324bd0528a41e73ed1a8e78a88

    SHA256

    15dc38b0957ba3a19d92880d3daf36f2dfac261f52796ff12c639c4884ced883

    SHA512

    f23bc73e39087c25a25c114db4f36276175c9734c062dd34282dbddea70bd3a85e3917f6cba5e5b0f0d9236294901da9e294debd65e73adec0d9ac2523434d91

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce405c02711d52dd122289d933499ed8

    SHA1

    517080f965ac77988dfa9ff633710f92a8e500cc

    SHA256

    8e57a7a115bea4887bd1f2a4efd09e5eb68c19d0abf36a6f59d8551681e09819

    SHA512

    f3d944d2d39286127365a6b73914e0b64ae25995dd9f3617eff49d00dfa42c35e04b4fd73f989cec2661e984289f163f0fca5c8ae74c1d840dac0f3779c03826

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6abc384a876cbf163f0a8f427ce38f1f

    SHA1

    2915136e015d203d94c227f3cda35b0159e70b2f

    SHA256

    1e7056b1b10a1004d2442b6a40ec56e69c6299dc8fc621f70e30cc468f802b32

    SHA512

    baf70a00117f08acf49b9dd53072afe8a601a8ea4fe7072db2323bdd59dc9ec47a3042dedf0621118e7255be94957217e2a86441031063624dbd69de40cfcf59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4566299c0f055703e19c310c2e99b496

    SHA1

    ff1b095a99becad2c971c333fea49178848b8e96

    SHA256

    a90cf04f94c024a37063b83512a24cc6bff8d12046877c450db0031f87aeee51

    SHA512

    ca783f0bc4e107fdc2efc2a2d4ccc141831d8320ac6ba14489136b2a2b3ddc013318629def1ef5749347d288aad9b7ca3a12f8d9facc478272f07ce5dd047692

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b066157aaa8ac481c0fb4396f502a205

    SHA1

    329fb5c0b76d4ad4652bcdd859a2e20b7111ff69

    SHA256

    dda294ca3f276cbec31ffa4ed8d3ab649518fbf8cdb32ec1a1573447260ba0a9

    SHA512

    88cb2d9d89c24a2ae3097333cd7e7e7567f5fbc0df587009cae802ed32e95309df5dafb2c59edaa543734dac65d503c88a70034884681d7a1295d15e5196dcfe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21dea10b04440654d56434a9ae29b540

    SHA1

    67a09fae68a241ecc329d246bf4ce7f38669f8d7

    SHA256

    b5237c1df7941b2cb464512f45d154fa29fbdcb8f8f7204169e3357343560c15

    SHA512

    abefb8a05501496937e12e756e1d64461ca3f5c75e7a6b6f589eb19927a01ecaa2c614da714a5b403ef1a3f7e05845d067ed1678781c3c78a3314e2aa542226d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    14833296c0d73a9091a27aa254ad3234

    SHA1

    043cba65b1cb848a53e3887fcdc8999184efb60a

    SHA256

    e5271e0ae7ce440336dc1ef0bd3f8259baa4a4c33b6f862fc06f096400285cb9

    SHA512

    a5d0cc2a83e739f0cb998a50d472f49d71587122166ddf419ff00e3fc1dd5dcee58bfb82e744d2f7a4a0f5bef569ed57061a37c5aeb16da62d572111cc31f060

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3f8306b1212b91dab445f50765ac14e3

    SHA1

    9d4f28056cd982f2a7608badbea5eca085fec669

    SHA256

    adc158774ead46c869a15cc0d6da66bbf4206a3c54ca0476b2cd9117a078e4d8

    SHA512

    128326616dd76e97d198918749e5a5b6c09d87fddf60ee2d802bf2df23b53485dcac5dda2265a307c484aa2cab5a07d67489b0c4e6b0779a13b8182b43685092

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a0a78f6845161768843874fb18259f0

    SHA1

    1f3ad186ac36ca798e7377a2d13e4200ae0a4a2f

    SHA256

    5d0760a2a1df1a8e6afc1050239a259ca2f14e81587a455008ddc480b998d9b4

    SHA512

    7347d8d6f5ff08a1dea2c81dce2b335a5dbbd9ca2c882609531a8ea482dd6334854a24969f74ba000e289717cec65ba60e326c9e08f1cdde60e025648aa0641c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cba505a4a12b8b7e432b9de5f303823b

    SHA1

    d598dcad8c3d36ac952b3d1468f792d4083acb59

    SHA256

    0d46d76f455d89766a58dfe612d7d734689365edb2c9022026c24fdbdc457340

    SHA512

    3c8387326191b59c1eb75e160455294105e3923e06160f14ac84baadebbb712765016d39b2a268d9e323576ae9f8e46f22156cbdd1fe57bae203775a9e101181

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe6d0b1aa25a3c539d8add974808f4d2

    SHA1

    16f9b98257646951e6559cb1d9139b7faaa24838

    SHA256

    38699f3f026f8aee074eebf3def9c4a4bc81622037e884aeda3583ad0b89651f

    SHA512

    5770bf959eaf1555e17238fb71bc1c5633b9a798e5d7e9d438c9cbb973b3b0c8f31be5f82a86615eeeef35680127451e17d68ff701b01d55fad0aaf23d9f4f27

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6ab3352c26ecd529895898bb5c2e380f

    SHA1

    f2139c89aa13fdc97950b8567b7cfb7284dacf79

    SHA256

    bde7f8ed77fbac5f0fdcc174a9280a91e4d299ef68b9d43feac5d736418cadab

    SHA512

    a6a79532921f2d70c354315fae418a2b285cedfc9b9fb153de0c4f644f26be04fef2d7c021a8cbbd2c2626821a97571f2f55b0962accd9c754022f847a625dc1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC1EA.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC29A.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/1428-25-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1428-23-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1428-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1428-24-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1428-27-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1428-20-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2028-6-0x0000000010000000-0x0000000010062000-memory.dmp

    Filesize

    392KB

    Download

  • memory/2028-5-0x0000000010000000-0x0000000010062000-memory.dmp

    Filesize

    392KB

    Download

  • memory/2028-1-0x0000000010000000-0x0000000010062000-memory.dmp

    Filesize

    392KB

    Download

  • memory/2028-7-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3056-10-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3056-12-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3056-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3056-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download