Overview

overview

10

Static

static

3

62f05542d0...5f.dll

windows7-x64

10

62f05542d0...5f.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    70s
  • max time network
    74s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2025 14:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    62f05542d051710e7061bfb175d3f399f59279eb97180d2203153e11def9ed5f.dll

  • Size

    2.1MB

  • MD5

    1fea49f81c98ee014c7d3df8bbd2e378

  • SHA1

    02c52bc3db9a63da2344627a190b43d087356c02

  • SHA256

    62f05542d051710e7061bfb175d3f399f59279eb97180d2203153e11def9ed5f

  • SHA512

    85d7e78dce34113385cca3d6f834db114dce507b4b48630d174591decea566c0bae15643ba9669f309ff548fb1c9f8e12d76f489a06d0815b55a764f222b6887

  • SSDEEP

    49152:2EpuAFRtLe8b259nkryxnd+EaXHOltbtRVINo2ECRR6Hy3:NpDFRtLt25Pnd+Ea3wtbtRSNo2EOR6c

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\62f05542d051710e7061bfb175d3f399f59279eb97180d2203153e11def9ed5f.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\62f05542d051710e7061bfb175d3f399f59279eb97180d2203153e11def9ed5f.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2448
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2240
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2980
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2852
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    faff050bd64956d1f02d24f1eae4faa7

    SHA1

    7e3c0d1ea404a6090c4a2469892d85b7b78c2baf

    SHA256

    37e4fe940244b060b05bd95d53e60a5c3337f98eca4c341808d2aa49674abd9e

    SHA512

    d7d111fa886521a4d4632875f900b0c55292328ac67c4feab614457f37fa149e8da712df4e8aac305d382bcd06c7b1bd08582c73b8ff1db7959cb82fc409f0e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cf5203d49422542856a5cd3b395dfcda

    SHA1

    d068ae5f76d92602f4cb308334e58342844a2dac

    SHA256

    10fb98b6bfd90163355dea5b265e36d29f0472b6a4baee9ca3fec5760c40e90b

    SHA512

    ea617a89187d1905e1a9644abdddb9ca69da51adb942a060b807a03c6d32d83dd89567acd859576ea6509a072e061ba2c96d702aed743e9b662ccc5ff8124420

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56774914353d55d1de68d91de7027481

    SHA1

    41c0fb1657d710e463fcde966bfca92e92c74cd6

    SHA256

    c7a838f75eff5d072d410c4a0d8486f9ebbaeb1762e98bbaaf1677345828a621

    SHA512

    2caa029fd4de7eb8d2b659e8a5c684ac7e3df3b725126e15ee7699cad0b043c00ff7f23d33ac4e9ff6a2adc588a339860d998e5aeeef95c3482f0a2c428b3288

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    601c002e2f6ddbc39de096301c8aca01

    SHA1

    c4a9a690527d0f48f6025db04c39deccdd1b9e29

    SHA256

    7fb142b3a84d971ef70364ff6a614d000e72767a2cd4295d0944edab23487e4f

    SHA512

    e9a64dba16e0d4e99726c62ec910018410122f1d1ba1fade28f45fed7570d30b0a3bae3f23c8766e1106d2e4daf4ba9389f5f1aa1798fcf0cc107709223556aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a58c42dbb89fa9158385959fef53ebf3

    SHA1

    658f12100024c25fdc09697f022addf346dfb6ae

    SHA256

    b92e591a13d7f8b30f526f25f8bba5a76cc50db0380979e83aebeb0be7af3a4e

    SHA512

    549960a979c5cf78d0a53ea299520919e5e96d8d908fe5aed2f9b762641b32588a8b1d7cdbd2b65a91056a22d6b57518dbe38e0b889ea0bc6f5855cba0bf2113

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd531b4a6b5406dd75d8d0bb49192ede

    SHA1

    bd08b72eb9b117f87871671dbbd76713d254621e

    SHA256

    a60556b208f016603c4589a241cb665321a156455bcb72d2205989d2c72bf721

    SHA512

    f14eba4e6e925353ee978e724ec933074433857d4e28e3cf0f897b4015e3bb4406b2edb18d2c5fa57a44e0d3f91f72d432b8772351455505b0e4e5de8596a673

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7dae1b05533234d871d83df0d44091db

    SHA1

    d728f95a56bb563f3e2b74efc8c4b379df816766

    SHA256

    6ea1e32a18c65e284540a226c468ceeddd985da6669c29d063d97dc16bfca6c4

    SHA512

    b042947babb56f80632897bd27576a95594573a0f1c7dcbbffad48f55e3b250f645c3fd14622a8ad3f200f13510754e7f4539bf2959b35d70e0dfc4ced7cd278

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5fa979d50751c797e9f6ce2479bd75ac

    SHA1

    f52c852f19e50be071281c935161ffa20fd5e617

    SHA256

    9b4bb9b98aad61f4681bcd4a6570c1ad34a1d986cc4f210b33b849b6005aaeb6

    SHA512

    0268e3dbdbaf671dda944fe684691116619a502109b42222b5d960205d8714aad34644745818b2c29e1d0da64223266d65f3fac6e78e0f3c5b47437d51b4c669

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c096ad90390d306d90afe88c3468d823

    SHA1

    9990f55f640a5e50180396bdd2296f5f9c17d5bb

    SHA256

    fcb309535cb84b031b2e721f7cd611de1108a0166e25915c7aa3e6904727006a

    SHA512

    e57c4c0b0895f3d7aaa963d99b62d516f833d7b2e25c820d2a92bef47228aab7acc5fd3a141e1ecc10f3cc54a07052b52121b7da84e599a1adda2b725391ce0b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d74123b0831b89915e58782b0e30bdd

    SHA1

    fd41fa945031912638b987fdeff0e967dc75a9a8

    SHA256

    6c56760e4d7531f242c95c836f291d7c99c59ebfd6d37e78a0c0d66933e3c4ba

    SHA512

    e784598a2f5b49eddcf768f3b563fbe7f46bd5ed6c51e31ba4357c5579d14e6d38add4098ae47d79de47683ec5e3f13092b0dbfea43c2c0557527505d453b819

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9abd62e9e4e84a74f50e711eda3fe10

    SHA1

    b52b89bb5e503ec65fbfbfde7003408a5d1a99eb

    SHA256

    5c762e1427a88e9d0a03e666f9b87e259cbb8dab349929e344351c169fa2d56e

    SHA512

    62df4b66554075df0b0e816ca77d3448e6f0ee55c9c054e7a50b7a0a8bf47809da2fe080c3f01717bafe1598033d17c3ea059f0ae837bc9a858260980007678c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3341814b78a2607fdf3917bd314867a6

    SHA1

    a922f7360ed4f4e472c76073bc4860e250697966

    SHA256

    cfe4d5b1092bad59d964e1437c9392e05be96f8b1c861ee650b61895f590b361

    SHA512

    7c0fa6ba6c772e987bdc4f87a36552c9595968a6275f59a3018dfb06fc14c147c7d343bdb7621fb088f5c8b1a229174cfd356315bddc2b5927bc00f47c01404d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95dd08cdebfda27f0a35ace80e5d5063

    SHA1

    ce7d91e4fb6449630fc4c2b3f050a13e23b4afb5

    SHA256

    2bdff7fc0daee43adf4eb008095a2431c30438abc139946379e4044eaa474c42

    SHA512

    2c2f981c8d0c4e2dfe58d6dde4a8dec49b3b4905fde4d514bee7c373b14d4b355616b2318e32f3fa6f659379a70b237c3e929cf0132d964917077480c718e5d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ddf5fb0c171936f5bd3121702d434eb

    SHA1

    e6313a24ff6fad1ba87af6cb68ea986900b3616e

    SHA256

    099ace411c78e5ca63fa77d6eacd5461dcaa22b3f0cc32c4ebebfc91fd3a0949

    SHA512

    e9401b2e1c55e0d9499c44bfd012b8fde63d7f4fb7f4e70fcec7eaa38e7ff6d34d2936f1d13279a65dead1ea120063dbd9be0430ea4ce9a21d21a06fb0b2a5a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a68e729a27b5f466eeee2a41a225911

    SHA1

    98ae6b001d62231c87deaf1862cfcdd6a54b28e1

    SHA256

    ac7760ab77a7512c5f30abc8016118942ef260663814da5fbb70951fca0643c0

    SHA512

    13914868315152011120a72ab922948310d7bb312062b8037a637d9942eb3745a525adec14fcf4eac06a8a65084e23a5dbd27616b9dd2e7869af8c34ec4e2371

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9623f09d0587afab88fd21671faabc8c

    SHA1

    4e9f10837bafde338768ce9d5e2d77b37ec372d6

    SHA256

    533d72430dc0b4aeebe893ea4e1535dfd469673d33101e5055261e4604401e90

    SHA512

    b1bc2f4ec7a3a9d243870d8eff52100112cd6c452e7587a639dccacc50fb71d0eaf624caae665bbfbd3f91cccbdea3282b6ed78c8a4e4b1cd470de00630efae8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9be8cd2a2e90d8b28c15a7a553f1189

    SHA1

    8856ace8fb40e88db92df239f5d8469e982aabd7

    SHA256

    674b7ed1b7b094668e32a6408f32e5e170de5d202cadae43838328db88c7ba90

    SHA512

    592a64070aed008196c87f993e7c7cf06f2b9e8202e1322f75b924e123b241ab5e74a00fa913b81f04d541b9112e177b9c6df7ae668de6bbe72869c45ae2024b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    24e1097434ab66485c38321e141a3bc8

    SHA1

    cbad4c6614566df883e8dc1b103bb9bb241d9090

    SHA256

    5cc42ffd2a307c1b7309b6e782f6f2ea7247c2db3247e69ea9a003aebe3562f0

    SHA512

    4eb3ca3888360aabd17ea5aed01059b7a5f4607538a3bd6c54b2657b4f3da4531536b8cb81de29c4bd825c22d5d61f3c5cc82ce602e3a4d66c2e4267bf53ceb8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9cf3ed486e7c1dae89deddc911a22e1

    SHA1

    e9cc47779ae19372f43c1bf768a545759c7aacae

    SHA256

    7959187f92877ee75daa5bf5d51bd921522ef410381327f371a8c409cb9cf88a

    SHA512

    709cef696ac0f09fe271192ac978ff67b712f23fba9b6ae586a489087757c9873e5da04ac274a214c25b2a93bbc70bd3c96d07cccddc82ba38384ed492ca589b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF5D6.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF6A4.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2240-13-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2240-12-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2448-1-0x0000000074920000-0x0000000074B41000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2448-2-0x0000000074920000-0x0000000074B41000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2448-6-0x00000000746F0000-0x0000000074911000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2448-11-0x0000000000190000-0x00000000001BE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2448-10-0x00000000746F0000-0x0000000074911000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2980-20-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2980-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download