Analysis

  • max time kernel
    121s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    14/03/2024, 06:21

General

  • Target

    c7e7dc7b210213bbe0988713be7d2108.html

  • Size

    129KB

  • MD5

    c7e7dc7b210213bbe0988713be7d2108

  • SHA1

    16aaef8a7e3eefebf8097a4701e1e0a3bc518030

  • SHA256

    b42a21b6581812007376102f51d8d15177b2b7cbd84bbd5b9e52497898bed4f9

  • SHA512

    3f694ca45709e62d97a935cc7d61aa5143b6760c02ffff28f0f9ea021e26aa3379abbb2de2d704fc3e4e18e9399b4543d509bdceaa6a77d42fe0c54c158637be

  • SSDEEP

    1536:SlTW4HjyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9a:SlTW4DyfkMY+BES09JXAnyrZalI+Y6

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c7e7dc7b210213bbe0988713be7d2108.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3044
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2788
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2652
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2864
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2844
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:275467 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2596

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

            Filesize

            914B

            MD5

            e4a68ac854ac5242460afd72481b2a44

            SHA1

            df3c24f9bfd666761b268073fe06d1cc8d4f82a4

            SHA256

            cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

            SHA512

            5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

            Filesize

            67KB

            MD5

            753df6889fd7410a2e9fe333da83a429

            SHA1

            3c425f16e8267186061dd48ac1c77c122962456e

            SHA256

            b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

            SHA512

            9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

            Filesize

            1KB

            MD5

            a266bb7dcc38a562631361bbf61dd11b

            SHA1

            3b1efd3a66ea28b16697394703a72ca340a05bd5

            SHA256

            df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

            SHA512

            0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

            Filesize

            252B

            MD5

            40f041945de419d6395a5757f7d9c7f9

            SHA1

            4b21004cb2858964b27a2090632f789108c1e627

            SHA256

            5f0c169f80bf0d67bd81f841b3d1cfc0a68514db5592ce6890943b5963f6d145

            SHA512

            641d3c9b5c184eb1dd481cdca6f96a6ab87c62346c6425e039f64c17caf831e7c6ff25a537717e1a7120f6e5cf316374d6facb0f20416266140f40358d03afd2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            048d43b6bc517d08fe9d651608bdf24c

            SHA1

            9ad5d084baf20a4babf99fb91fbfbdd922728f91

            SHA256

            71eb5a861855b16377310b68c03c9c22a526c5b02ee62e26e54683504fbb9ba2

            SHA512

            86349a23d3c58d935a89de3684bff6164bf8913b72c0146d20aa8467e2233e18d09dd14cc89c036f9163af00f3d26d5275f3af97149087927868fcd59a66cd25

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            578df400c8466410bca2cda075e292ce

            SHA1

            0dd1cc2a54a3540ef1fe4b8643e04a7b542d05a5

            SHA256

            66c993d2e11164d3a1df4e251b0a02f468e7cf9ea3639aed363a929364c59a26

            SHA512

            9fa40e3e3559d42c8288c1506f0e00cc4c2421fddbb0bf530c30007651f70617b96351ca189075ec3e3c507c0f9ebfdd04a9d7e9d28df87fd0b7f39ad3d53af9

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            10d09fd17f901f0d620fd2863293eab0

            SHA1

            aaef616b8e8d6f3f1ae1317a8802c979c5828afc

            SHA256

            b2c3e46c4e920dbb72bfdec90dc5ade0b8f8c0ab06395a4dff1630077dd3d291

            SHA512

            76d88354f0509f59050a60b24d816a45c2cbb7dec5710e1f68a8976e3430b9038a3881b17d3173feca3d8fbe9d00a85f3bc92f7c064e851623dfcd89bc6c7e1b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            6c167b383e271d8848aace1e7d4490d8

            SHA1

            ce5a9ee51c6f871fa236257548a995806321827a

            SHA256

            22d6680b6aa783c167cf987b25ac6d3fe329325278a71b050a3af75186476bac

            SHA512

            8b5d94fca4421ee795191653eaf5d389f457e3c295c82c4be4044b04ff965504a2774f86666e7253692f7f6ff5219ab17f66cd464877252a7f24df8981be1fb3

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            adf8c387c0c3e7e07319af576b96ef18

            SHA1

            73185413ef8d79fd99b94696cec16c15ce4e76b3

            SHA256

            4e36ead9eb64ebb7571538c3ccf8ac45b7b54d0368b829a9bf9b3e49f96fdb48

            SHA512

            33c0815901a54b8cfab6c6682264e843d03bdc0f69aa6d67b26b107e96784ff15d15ffb232bb3de527e9ebeb3debd79c372d3d27f2075e509c53478092cc6f66

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            6347f5fa393f14eae35b5bb19045870b

            SHA1

            674529ef01ac8287374b2ce3bb51b8c009660e69

            SHA256

            bada9b5cb4eeba712f7de02d46fd8c84eff28be06257a819b5db6e9ea9856dd4

            SHA512

            4ec753bfe66df284505ff963bae6f33d67e2384a9ae19db753bbb8dbb65207e7e179b74588986efc8aecf8c1a843636c2ca832e6a9887efb0ca3cbdac2c6f9cc

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            960b9336824ab2d41b72df652682f38b

            SHA1

            28aa1e469d5e6783d2ef7fef1d5a2da5b29cfb32

            SHA256

            dfef8a7532628dd45489cda905d98315ab0a2fdccd744da786a3e3de5e527047

            SHA512

            611c84d1b42711c12adab1ea6bf60e9111db18b31d028d018246dc533682c88db7f965f8d16ef4f8c3faf0b8eca737f4a4beb17e737db7d141ace3269ef8a764

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            0184e23806c1b490ab8f2f08b08c8d8f

            SHA1

            b36ff4f5de3057bf5884a2b5b991675299f10f0c

            SHA256

            50b369705b20bc06cf812944b898ed46c34b15ca05a4b1f9be0cca28e16c712d

            SHA512

            d909082f054e7191e575998e47ba47521fcefe46861f1b03939d2248f79f50d7ca6814acd0894ed0a9d2060a8df6034c073c6fee14911de64221222fe4397faa

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            fd18ac17e5d6a5c01777a477ce84b8d8

            SHA1

            83bf90c59d593a21a9d5638d809aa9c29a8e9e71

            SHA256

            3561cf8a4a41b1d334902bcc779b827af40fd0b80961a6463f64afcf59682c0d

            SHA512

            47aac86c9a7de6d5e16d9aaa3b943c2616925eab2bf466420fb235e667e53a7586a5e1c65dbfe47aa404c6c721403f20351f830bf9078c0f13a8a396352cb0e1

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            91ff170bfdbabe70e04627e30b33926b

            SHA1

            f81c9cbbdc1b9d6659b7094e9b4ca6a7debabde8

            SHA256

            118ac4260b44c1ff3d8178f186190bb7891688b242cc14ab239d3dd6c87d2b2b

            SHA512

            ef42ce6a1fe512984635ca7d86274fc28828457938c142cb7d1c53d8b79e34f512517ee7c2c3a7cff534e85a32b97dac26b5b7a503e2cb3d7d086bed1de9d178

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            3c530571c2a44fd7f3a71aac820574bd

            SHA1

            76b4086fb5b17b8b8f27cd50fc76d7e9cf32ebfb

            SHA256

            bd6ad362a1413547eba19b9fbf65f13c487c4e11b3e403922da771c699d8aa3b

            SHA512

            d7c9f8fb7d6f4c3083972e3b71654979e2ff2ef123a4a02f291aad3cd705a814ad72f7c74764a1c4a124cca116bacf0ac0d31625a1a8873e15b9a73fd2cefa29

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            2f3f2352729e94a79373243eaf56b35a

            SHA1

            9012141b0821de8788d93a55c9fc460ec9836ee4

            SHA256

            5144ea9d7aecea0c8b2bbf055d7dbe1ef462fa109ac9e9609a194b41f700602c

            SHA512

            6f85c20b0c06459bc8ba308e0bc6d75734230f91bc09e02049b835b7fe40fb5ed30fa0de964276ee82c02a7059c363a64e6d19e523c05662a822a6824c17ae5d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            d3a060faf030c5abe0dd2d1de4266549

            SHA1

            d268d1dd3026482e7b1b797702f26e42025117bd

            SHA256

            4e220f64dd0e09e4402ffe198de1666ad954b873f8d44c39e03985188615cbce

            SHA512

            c6b0e13e27f3006d389186523efaa16abad45dbbb08fd3602b05b8171ee804fca83df23f0c1af7043e1cd05830f0d57f3ec99ca1862fa18ebdb5ceefb3bcd424

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            1e9e4e7229c67e69fae5a55af7f42f99

            SHA1

            aa6b29e35651b18aa68c5fe2db7c5cef591dafc6

            SHA256

            889747aa6d3bc7538aabe32e50d4b6f25760863c36574ce5a762c5766d53afdb

            SHA512

            0293af5b493e3d5c124a9f9ac64bdaef41f2d136aee03d150168b3bf31cb26f7969a94169fc39c402d733b3b4f05d2ed4f504dcc6782949166d0bdc6494c240f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            877dd4aa5c4550541a56ae1852b1fb81

            SHA1

            704a515cb075b29f859de626f11a5ceca64e6376

            SHA256

            fb05fb2f63a99a1656ef3b97edadb7fcf6dd72f14a9ec09391576e18a87d9991

            SHA512

            0e9a82f29f9f510fb8d25e9a774547f32fdb138568e4423fbff328f506dcdb131dec1e80082282b56e5d0da3fc8a3ab03ac88bc53a6da17884682133ba1d8de2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            7b3d7a749ba854eddf033ccc8db3c2e1

            SHA1

            efd7e88b07a5d137a2eaa5cbf58415bfa1dd4f50

            SHA256

            cb48c307ff49c43a37f54bcca9b56216f4cb5dea1f608a8d620ed2d3cfe8bf87

            SHA512

            c16ad8a7d8f96b34a2d10f0c570c2776f1595fa2709c880604c8d8c9279c08d08e8e4de79d09fae2ebfa27e252cef3af1c1dbd1da4fd80d151d1de30ca8d8cb8

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

            Filesize

            242B

            MD5

            18ae67cbeb457be588da4824590d3aac

            SHA1

            147a378132a83cccf6fc27839b6fe65c3cee7351

            SHA256

            31987d1e964a85108cbe257c882548efc9394e1ea960a83de52dcbd39431f927

            SHA512

            10401175baba955371ab1f847f1b048991125d37ace06a38f971e449fa496f24d6508d8481e41a3a2c1bfe6597b8a7633dc1d5e76859fc529ca89d9297175415

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3R3LQI47\favicon[1].ico

            Filesize

            4KB

            MD5

            da597791be3b6e732f0bc8b20e38ee62

            SHA1

            1125c45d285c360542027d7554a5c442288974de

            SHA256

            5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

            SHA512

            d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

          • C:\Users\Admin\AppData\Local\Temp\Tar237E.tmp

            Filesize

            175KB

            MD5

            dd73cead4b93366cf3465c8cd32e2796

            SHA1

            74546226dfe9ceb8184651e920d1dbfb432b314e

            SHA256

            a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

            SHA512

            ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/2652-604-0x0000000000270000-0x000000000029E000-memory.dmp

            Filesize

            184KB

          • memory/2652-8-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2652-17-0x0000000000270000-0x000000000029E000-memory.dmp

            Filesize

            184KB

          • memory/2652-9-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB

          • memory/2864-18-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2864-16-0x0000000000250000-0x0000000000251000-memory.dmp

            Filesize

            4KB

          • memory/2864-19-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB