Overview

overview

10

Static

static

3

10f4d9fee1...9N.dll

windows7-x64

10

10f4d9fee1...9N.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27-01-2025 07:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10f4d9fee143ebd90f09aa727a82a960e19dd11249198e948b15df96747d4b19N.dll

  • Size

    176KB

  • MD5

    241647abf8171a2eb5de0e90d76ac690

  • SHA1

    443cf7badf17eddab5d8b7b8963a77f6a70a7b60

  • SHA256

    10f4d9fee143ebd90f09aa727a82a960e19dd11249198e948b15df96747d4b19

  • SHA512

    41d37758f6bc1884f40690f6450ae41d3329b6f2bb5b25dffd8553cdba9097570c0ba47ec791d6c653219c70ffc8e165451ad28c18ad70fef54b1e9689ff9fd8

  • SSDEEP

    3072:4N6BZXWUlCiyYKyCsgTu7oMXOHgB39Ga/MfRP+tKAdNcGrV3:SIsmlay5gAT/Mfkx73

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\10f4d9fee143ebd90f09aa727a82a960e19dd11249198e948b15df96747d4b19N.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2572
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\10f4d9fee143ebd90f09aa727a82a960e19dd11249198e948b15df96747d4b19N.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1396
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2396
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1296
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2752
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2752 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6a73767fa08ec7ecc8cc20847520fac

    SHA1

    3df36c92019a0822cc5891349d403965c663d600

    SHA256

    1e01442321e95a2d86e75924829efd3c21e1f2860278a3840606cc5a3ffc2bcd

    SHA512

    f08df272a30f1822921f0f62fac7437228c3b66b1e094b5f35ca46de2826f4919c87a443191e6ae909d0e55869620562080e98111a0cae58cd4fb3d69a5befc3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    35ef29d8e73b570ffb77f062a9397c45

    SHA1

    11fd50a45443cea83741c5e2c54fd0b9bc3ea7a8

    SHA256

    32235bb04e0dd59d95ec6d63b38eb95512664d900618932fffda445222fe0b37

    SHA512

    002e93ae486597a04d0613317ad7365e35fac48e2d8a91bee30f4245282d238bef62d8b8b642bedf9a85821a09993f693488fef646f14326a3d2a9de1769c918

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cd30d67ebcf89f5104050774c7f5dd5c

    SHA1

    e067bcc4bbe214069d53e61c92786df5bdae8229

    SHA256

    f5d70a34267fc29f9227be3c9b5276430002f9aac1aa9d1791cb5a0fd2a2eef6

    SHA512

    c4e2deb85d87ab412509ce15b1fbe2b104d1b4ae9546947938bbefe5aeec5e658f4ff83175a72d2f0d66ebb9bba280c63dfe554b94934bd63cabb8a29a2bb9c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c8760da0fc07af67fca23405d53c45bc

    SHA1

    60f741b453e28ef9cc7d86c218bafc5f398da3c6

    SHA256

    b2d62cbfc405df7feb2d4b5aea332a30cd02ad3834908ab933516c408541da20

    SHA512

    03ded176e1f05d33bb88a086e9035695839df1b1409a3c900fcf793015d540c88d63c16ca6a7b53dc2d88498ca8be69489dec637110661068c679719da34f7c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3194ac4fcc45261b1b16f3195c3767a9

    SHA1

    05d744986c7e71365afc7d14e6d073a0b0ac2b50

    SHA256

    c5c670ffddb698462738666c0708af9bffb73cbbaf7461fa35c05c78f3984dd5

    SHA512

    d244e5c34530cc5bf19848f36d03440b6246994d80f15197833f9d58a30f3b50247aa9fd84ea533041af517e0db8d23abdcb9769dce45a3f99b23afeca05c9f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eb81a5d91397f78a29aaa3c5adedebae

    SHA1

    13f8c664d5971e67ec61aca5f756350e069fa017

    SHA256

    01dd18ec00c52db18e8150de454fff84b74bc66bb7c555fe964fc61fb94cd046

    SHA512

    0b9612705180e3490f8747da1911510f28fd2f6486d4c30cc420b4d76d70d537f5a48d5604be51b301be769f38070ce19cfba911de44698c097d4fdfa252b1ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1af94ee7dcc6dccc82e850075712f53f

    SHA1

    554f863b7fb401c7347f40a948132183f4eb6953

    SHA256

    67ec35722e0ccb6903883ba247cd3348f201f7001f805994957bb0c0d14b2ce4

    SHA512

    fbfb3e36f08fb17e40fc2bdf569bb85911c49b5879c521685a5abe9481fb84ed34143d203d91d0e22a067f4234981c362049cad62f476dfa40f09d4502f5b588

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2d035815c0f21c16b4957e9ab989992f

    SHA1

    e35db2b69805853524bd840791e01c613ad3ba35

    SHA256

    58f20b41becaaee9ca87d86b42e83bcc630a3eb88f1b42ae72d2c9adef8f024f

    SHA512

    8b6ee464697a22430e30a3b37c6d28128e6d5f7e9548ffa8efc1d13fe5b016b57a9dd09b1c17821c680c67c7996d67ffc3f985169ef345ed858dcd4c516b4c03

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f6299ff25a5359fb8c8c6dd74880d483

    SHA1

    b1025581a32de045e0670f5f1583b8adac3b7c6f

    SHA256

    44de9bdf36da0d97187e270c71b66b7f0187258952ffdf96c459b829a1624930

    SHA512

    f079ed5387d0b4ac3de475817c0fcab58be8582b86d2a149dee70bc41d3b0b104a50ff7e9652f115fd7154e8c22ca33e58945e56d77c54ba62637ae7948fafe1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6117056f6eed570e9c92863d1d420710

    SHA1

    118a7501e4a9acc7a26a94445d71a344e6cd1ffc

    SHA256

    2663fe2e8c695d187ad11b340e9c81a1ab768bccebaae9a38dd6fc1919a454f1

    SHA512

    4a39c4eb54f37d8bb5cb583f9ca818848453b35d222a60a61a7b6c20a62db3a661f7bd8ef39984102fcb2f75cfdfe724fde1b024e6dc192c445fae4ceda60f65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    927de6a39b2c8d27860fa1ce9a0318a3

    SHA1

    4dc0101b3d8a177eb41f774a62a76696f093e8fc

    SHA256

    ab8562be93964636706d769d45db760e2f014eed6c36328cfd24471903bb2181

    SHA512

    12b566c8db75a506a0b3d9853026e6c794730c37dd49b9a2d0c937200edb0b6e38617bcd1196b9253adb016a99b302c3933b7de0410a904a9713dc12c4eb5bb3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    115483f5fece92d3067c46a39dfa1f45

    SHA1

    1afc575f56a9668c47b66d0f75974b0513156f26

    SHA256

    190567a33fd008d7994af249f4a017640a227b394b338dd14d7143a021782d47

    SHA512

    51b69fbf022f352a13140c38373be20b52132e33dfba210b783cfdae13dea217599251fd2d994a1f6c416328c0f1dac72c333ab947a3fc4849a35fc63ca01a13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3395432601c8cf04ea607615e95e656e

    SHA1

    30838a30fa3a044628d037eaeee2498236d0f151

    SHA256

    9ee98e79cf772ec12968b9ea3c1665a41aa1aa41f22ee668343c659c71553ab1

    SHA512

    ec889f1ab963394c4d9b4285b16f2aea1df5b40fd3bc4ca5f851bce7e6e11374267d924982463b2134c6f74ccc20e20ce427e2e7a7c822fa800e76916633b8a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6deff496220de926790f364f508c22a1

    SHA1

    4b72b6fb08971a4540542221e963b71e69105f2a

    SHA256

    f15603374a9d060d0e7ca812cfe5cdcc51e096912fa5f215b30b3cd16934265a

    SHA512

    9de48c2c70172dbab1e405485cf398d2dbc84892122147e89c1be85bc3639c74d8fb206575eceda505611aef4678d89eef2953502e7678cd36edd6af8d5606dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3275c19141866b1f3b6179ae1a782d3c

    SHA1

    80349ea8451941e58de057e2415f920f2b3f3dc3

    SHA256

    5f6a0fbae36b75b56ae2ef43cc16f75eb73937a2a01fed86044a9c546178dc50

    SHA512

    a404123ba0ab9aec03ae3255dff692441a40a98001e5f5761b710c4f066a2dda5012042e1c93f63f891dbd5981827a2cdf98480bae67992566ac5aa33acbc119

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6ef21e17262c5a3250fadff8f309c62

    SHA1

    c1e43c4755f82548015b0651df6a01dcda27e61a

    SHA256

    e1ee94a21e2e1f8610d81dec4dea405fa0cae1977d44ae92f89a766332c90ed8

    SHA512

    0cf6c2a8a331f1d3b3a56fc9e84d0ebb802af8365ba5e08a73bf99b9651654fc9a3af940177abe5b26f306ec86a16fd898e95439926b4473d828d3351d99823d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ed44085220d7511d241c0af190eff077

    SHA1

    896af1db4ba3574ac0aeb0e51dfa66e15470dca0

    SHA256

    da39df5a6f2504bbdba1a61d00b732e73bec36bc0a664fd67f6661b9c8777dbd

    SHA512

    8e2153bb38f6b22b753373fc6b65a1cb33963539476f502fcb9f8c9fe65b6ee42dcd3206bdc6de855f81d0bfe9a40a726afb05fc0e93a286532e2f2676c32ce6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    79dedf96e62d30eddfa42088cad5c89a

    SHA1

    17e6559a97009f898d62172ba608815613e7f7b2

    SHA256

    fbcbbc994e3410b12981405b548a03f389a79ee3289a7efec0babb367ee65d8c

    SHA512

    477d649514c00176ebfc41d6111ff3f0eaa07162eba56a444b57a1ffb9c3c5e96e712af8b3b386f44adf8e432844d4b1b74f57eb1102e587dd9b244d483ebd74

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB261.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB2D1.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SysWOW64\rundll32Srv.exe
    Filesize

    52KB

    MD5

    ce99b549382dbfc4f41efe99b5dbcd54

    SHA1

    66905167920ece3a0bf65441d30da72ad25b7475

    SHA256

    e26d8f6a9c98b949d1f58c97c2dbcf7d90d7a3c3d2f06eb9b6033465d493322d

    SHA512

    54447bdddf475594a4e8f5ccda131190e3e858a02e0147aee7c7b04ae54812b18aefdbdf5e59fc3005686b06fe938b904b2099672063738898f4995fd4bab1bc

    Download Submit

  • memory/1296-24-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1296-25-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1296-26-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1296-28-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1396-0-0x0000000010000000-0x000000001002F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1396-1-0x0000000010000000-0x000000001002F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1396-2-0x0000000010000000-0x000000001002F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2396-14-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2396-13-0x0000000000220000-0x0000000000233000-memory.dmp

    Filesize

    76KB

    Download