Analysis

  • max time kernel
    145s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    14/03/2024, 02:27

General

  • Target

    c773258c2475d860f0bf42292a9b5ca7.html

  • Size

    132KB

  • MD5

    c773258c2475d860f0bf42292a9b5ca7

  • SHA1

    412edf71111cacea0f072df5b21f6c1f9d1529d0

  • SHA256

    caed9bc563556bbc81055e55f1cdd1149af5da87e2e6c042c1f8f6163e596e2b

  • SHA512

    8ec06dda2480e29ae51b0b9e026631669961cc668a8b84fe9b5261fbdd6a1145c0e1d3c4301078b6a56c1b6e2406ea15bf7d01051c03869018a8134b53698be5

  • SSDEEP

    1536:SAAlVqbSOyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOZ:SAAcSOyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c773258c2475d860f0bf42292a9b5ca7.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2368
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3008
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2712
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2832
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2496
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:209934 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2460

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

            Filesize

            914B

            MD5

            e4a68ac854ac5242460afd72481b2a44

            SHA1

            df3c24f9bfd666761b268073fe06d1cc8d4f82a4

            SHA256

            cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

            SHA512

            5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

            Filesize

            1KB

            MD5

            a266bb7dcc38a562631361bbf61dd11b

            SHA1

            3b1efd3a66ea28b16697394703a72ca340a05bd5

            SHA256

            df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

            SHA512

            0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

            Filesize

            252B

            MD5

            f23b07cf43aab19eb08500104de9356e

            SHA1

            b60e93e5d4c5480db5a8809737a959b8f878cb4b

            SHA256

            739a76f34bdcee99fcd79236bf3d3ce94817e81b7a06250e1de2aa3fb3db4388

            SHA512

            cec7b6b504b671de52e53f1c68bd206cf948f4b12cf67d22ca3093120d0a64f6514b0159836207d79dc9ace5a26eb3a5ff3504f6d3c7c39ba7d2834f9ed93eae

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            a4ceffc77de43f047700c174a097a920

            SHA1

            3337fd1ced3adc8484e406863f512a34b6eb6dc4

            SHA256

            776f3bfa8b5bdb94faf68388887e32ca8fb6733969560e4ae7fd4257ac652e70

            SHA512

            698a192c12c429631b45dc34b091dccfc038faad8bf1bfbaebc86ee19ccbfbe5c451bf15688c7fca6841f25c733c8138e55ba5537ca6766e0bf477b383cf7baa

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            4f315852f4762263813a2b220ae6a940

            SHA1

            5755185ea9757d007dd6acbd60ad83464e731372

            SHA256

            9904487493d23284a6fc175c4c4971ed4872ee6484f7d92f7253000bf62d6a58

            SHA512

            895c7b151983e2bf7b23b5761dfb19f5c89d7413433eb6d65a79042c3cd2beac5f73da93aec5cd9dea26f58fcb6e61c4a0ff31d3e8282a512b695c6c58b861e5

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            868b800f201c6f1896aa971372168595

            SHA1

            d4441afe7339a0d3e478d719a09bd24bcc0ff2cf

            SHA256

            97e9d1b98f1b80b73d913352f087ee8975f59fc4c0e6d867d3ad463ae5e0da17

            SHA512

            9267e4ba6972707f028de36df4979f50b4ad09abd0852c20570b9c776f771cab2555b30113fa4c1cdeff4d3676995e2687f5f2d3359139d44d2a7b02a2c5f6a2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            1212b903ed87a69614fa3a29c1648997

            SHA1

            ef927619f96207aede99893b0db6ef6d6bee7a00

            SHA256

            b7caeff2777c8d0fd20df966f9e6d5f9d56f7a9e526cc4b66b9d7a60baa2e8c5

            SHA512

            03c519b02a72706b489c01f8e62b240b4f4553265a73476aa907e2cb9dde66cdb856322ff9ea2499bb8e4a18ebac8c46c57cda5f33d92fc0b016d87954ff17e2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            d234521180b13f6d41b3944c9d19693e

            SHA1

            2c54724c8da04e07fd6f1af938b8e826299919d8

            SHA256

            adffda1261d4d5738c86063eeb2994c0d5aa79ed53f36784c9a6ed631cda49c5

            SHA512

            23bca9c19e6bec848fa4556098fc6b007b4e832720cad8a4f92c8f221ceb2abc7a9155581c0d56de6d4dc7185a0792491f8b52c0c6cc66c04b1d9d58fda997e6

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            19e0ae7acff1f1d04bf02a7eebceaa02

            SHA1

            65b1283e9f70c79a0dffd20c4e55b9e8d552f776

            SHA256

            fea9e8df7e0453a48c3ea062ae291209577e39d3e5d153b7db985d6a15bb8d6c

            SHA512

            8ab2f627b4e99643915d1579797951214f66d4b05391bd108dd7bc1d6b7c99f612a14d206fe4b24ff249cc6f79184552733bbcc969c5e54e631fe343de139e06

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            78e8f7f4e898bc0e64c331a911f6e8d7

            SHA1

            cee33643247e02a911469bed408d3f31f1e98cfd

            SHA256

            cda949a952923eeab9b02563ad8f3e7b232ede6e17a6a0fa8a2bd9f905262458

            SHA512

            4ff5bad6eb68f25a9f445962cb2919cbc542ecbb6a14a9c3047072fe90e175911d601995d89366a378b20fc734ba44d82636fbebca823b8ba5207d9d6b8f53bb

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            349d5715c9ca840c6f4bf8a2ed6fc7bf

            SHA1

            82e2106bb0be3a28144d28c473ca4e7d3730bed5

            SHA256

            4f93edc2d71e2b3f55c6512e7c4f658ac1cf38bbd46fbe9165f31aafd0e8db3c

            SHA512

            9492595425c5b54c2022e7f4f46cb1dbb5192c1671ab0c3bf8fbc2d5511469fb3c0a0b146e55b718b752f2ba638480435973f1927f677056d7b519821191e4fc

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            1a32d529f44523adb1889adc3e98df3b

            SHA1

            989448e751552b5690fba5c91a6d7c473cad2b0a

            SHA256

            9a2e0fa31a8c03a8ce32aaf24458686c3eae57541169a7ccc34c96b10957c44e

            SHA512

            5fa57bfe7123c31e194f6d2d22eef6d07e167d0e7b2e04ee1cdb765b4466a43f89b0575fd6b44f51e8eaf568ce5631f0af2167690718fcd4552775fb80c4c33e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            05f092bc11305b8ed2460d77c114ddb5

            SHA1

            65717e6702d85438cda6b8ec1a2e9aba16f5216a

            SHA256

            80964237d7923d60fbdfde109b99c97a54776dc5b0ff1df92933ed3ba10a3383

            SHA512

            30cd230bd0009f6df09999168f02126a0156939bca78ee75ce22dbea17af405e8f2bc14fb332c2d475c9d4c11d51bc5553667acdd8d578d2ef26c580a7d1eb8d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            c5a5da4ad70cfe0493748d6de8a034a8

            SHA1

            2ce8c65cf15c54bdba3765fa3fd71a876e27b57a

            SHA256

            b8a6d500d0a30f13cccab8235105b50726e2aed51a3279c6584aea1c682b053d

            SHA512

            426e9ffc6063acf4b53a7bc27953e35157728853fa7367ddf05a10445c7b255b2b6a9bb76e9021fe2d773cee6dec7e263fc7e9bbff6b3307fc7bd21f8359b812

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            340fac76c12b8f9d8be019037538d5dc

            SHA1

            4fdf859532ab8fa1e5a6aac4e649ae5c7624a475

            SHA256

            18725f266c8ca5a5b1a3ea712c6abe7b4b306eea290b968465b375ac348c9da0

            SHA512

            af28742393dbc736c21becd5ee8c626dd86aa1c4c4f47bce4350ae30193053c8f098270ba87ae0b7e83422b1e9343d47c6336c279d1892b806bd802fc693883c

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            99b25355aab5fcf7ef694cde04930b6d

            SHA1

            1515fb6a43b5a4e770ada66c4ce0a5b1ec67504a

            SHA256

            c56f59405f8d3b2241b713d90aa53163a1eb995eb7e6e80dc1533a36e8205ae3

            SHA512

            c7a53783c1038a0ceea0e707c06397bbfd5b1e72b682c2a803ea820f295633b3cdfe5f144d68952c24cd5949654a33d88ebefb92571a914f269a45a01337feaf

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            1134fe4e3a552ac5621da7c7063751ec

            SHA1

            a900876d559edf6e76ec1915baac4bb1c709dcf6

            SHA256

            6fedbdc4f21f7c188afad3e985036c4ec3ce44b6d5dc58396aec76ca0781191c

            SHA512

            6939e2037d85e4de8ba1a6f5176ff74896ae27fe552f4800e250ac87d5f08ba56edb91ddbbe077d5646fe18fca28420c6e49464a97c5cf276338d99c86c48eb7

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            c8db50706f7d1917eb4068ce22799614

            SHA1

            0020bb01b2c6e26356f90c5063cdbadcf99a4075

            SHA256

            443bd6e0faca6eb86ccda1736f7d6dc00184dfdf241ead85957a6148575ae4dc

            SHA512

            8a180448aa0f2e2908669e91cbe10fffa2da30e550e07ab6736b19e6db631608a2158e0230e19fb84dab2b56dbe0646e32125b7636a59e6dc3de17019dc828f8

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            d2f75f135d1cb92396444acdc7e71a08

            SHA1

            21dc33ef5626a14435a2cc3b4fbc4d12f2ffb8de

            SHA256

            23490844045b16bb7f21870f1d248bf3f45bbe573c670ff65ab8ea24c8ff9eb2

            SHA512

            7948d8101454d2f0ba1f31a744ffc17cb8ea9a08f9cc341bca8615413371e98b5735323a1a2767b5ab301b115669ac77848c0c79b476adac5c805307b14c35fb

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            9f1801bc01c05065a17c638eb35c4f01

            SHA1

            e06820392beae24c5b62763833ee0266a99bc1f0

            SHA256

            4878506a74ed0b62176c0b18e51a6835072e4d1cd410c385a28be26f0b62e42a

            SHA512

            00f70fbe5bb7de0eab43263f2e229af2e63538d8bed355d3bef50d58e5371dcd5fd91733a805db7fef311d6f7abe90e4d63113d5e3e697683a447a008e6f4200

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

            Filesize

            242B

            MD5

            9556c8c00135e21e90525c7c36936948

            SHA1

            1550e400607014b6e14ed581b0571d480de82433

            SHA256

            d721d87cab5cb8d9a7edc4dcf35b0c506f8ff33fe418a4de7fcc39db7722863a

            SHA512

            f3c6619bad243cb518339d18db3cfedb8c6f4b52da8a96b3d11b81c3cb44961dab3f04e335748b9f37c07830b80512a156522d1ce38dc2079fc93eec189b14a8

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NB8MV7II\favicon[2].ico

            Filesize

            4KB

            MD5

            da597791be3b6e732f0bc8b20e38ee62

            SHA1

            1125c45d285c360542027d7554a5c442288974de

            SHA256

            5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

            SHA512

            d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

          • C:\Users\Admin\AppData\Local\Temp\Cab32C5.tmp

            Filesize

            67KB

            MD5

            753df6889fd7410a2e9fe333da83a429

            SHA1

            3c425f16e8267186061dd48ac1c77c122962456e

            SHA256

            b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

            SHA512

            9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

          • C:\Users\Admin\AppData\Local\Temp\Tar346F.tmp

            Filesize

            175KB

            MD5

            dd73cead4b93366cf3465c8cd32e2796

            SHA1

            74546226dfe9ceb8184651e920d1dbfb432b314e

            SHA256

            a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

            SHA512

            ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/2712-603-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2712-9-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2832-17-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2832-16-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

          • memory/2832-18-0x00000000773CF000-0x00000000773D0000-memory.dmp

            Filesize

            4KB