Analysis Date2018-04-20 05:06:04
MD5a36305e8861807e5f7a7e79480b7dff3
SHA1b4bf5478ec06643ddf60cb22d04ae8778914dc62

Static Details:

AVArcabit (arcavir)Win32.Ramnit.N
AVAuthentiumW32/Ramnit.B!Generic
AVGrisoft (avg)Error Scanning File
AVAvira (antivir)W32/Ramnit.C
AVAlwil (avast)RmnDrp
AVAlwil (avast)Win32:RmnDrp
AVAd-AwareWin32.Ramnit.N
AVBitDefenderWin32.Ramnit.N
AVBullGuardError Scanning File
AVClamAVW32.Ramnit-1
AVDr. WebWin32.Rmnet.12
AVEmsisoftWin32.Ramnit.N
AVMicroWorld (escan)Win32.Ramnit.N
AVCA (E-Trust Ino)Error Scanning File
AVFortinetW32/Ramnit.A
AVFrisk (f-prot)W32/Ramnit.B!Generic
AVF-SecureWin32.Ramnit.N
AVIkarusVirus.Win32.Ramnit
AVK7Virus ( 002fe95d1 )
AVKasperskyError Scanning File
AVMalwareBytesNo Virus
AVMcafeeW32/Ramnit.a
AVMicrosoft Security EssentialsVirus:Win32/Ramnit.J
AVNANOVirus.Win32.Nimnul.bmnup
AVNANOVirus.Win32.Nimnul.bqjjnb
AVEset (nod32)Win32/Ramnit.H virus
AVPadvishVirus.Win32.nimnul.a
AVCAT (quickheal)W32.Ramnit.A
AVRisingWin32.Ramnit.b
AV360 SafeVirus.Win32.Ramnit.A
AVSUPERAntiSpywareNo Virus
AVSymantecW32.Ramnit.B!inf
AVTrend MicroPE_RAMNIT.DEN
AVTwisterVirus.60E8000000005D8BC5.mg
AVVirusBlokAda (vba32)Virus.Win32.Nimnul.b
AVWindows DefenderVirus:Win32/Ramnit.J
AVZillya!Error Scanning File

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Windows\System32\rundll32.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\b4bf5478ec06643ddf60cb22d04ae8778914dc62.dll

Process
↳ C:\Windows\SysWOW64\rundll32.exe

Creates FileC:\Windows\SysWOW64\rundll32mgr.exe

Process
↳ C:\Windows\SysWOW64\rundll32mgr.exe

Creates MutexuxJLpe1m
Creates Mutex
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden ➝
2
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableTaskMgr ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableRegistryTools ➝
1
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride ➝
1
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify ➝
1
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify ➝
1
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride ➝
1
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify ➝
1
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify ➝
1
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc\AntiVirusOverride ➝
1
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc\AntiVirusDisableNotify ➝
1
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc\FirewallDisableNotify ➝
1
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc\FirewallOverride ➝
1
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc\UpdatesDisableNotify ➝
1
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc\UacDisableNotify ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\GlobalUserOffline ➝
0
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA ➝
0
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall ➝
0

Network Details:


Raw Pcap

Strings