Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/03/2024, 10:00

General

  • Target

    c8577b0dfb9e59173421fe935ec010db.html

  • Size

    177KB

  • MD5

    c8577b0dfb9e59173421fe935ec010db

  • SHA1

    f531c1423d4c7ea627502787f5d451249fe1c727

  • SHA256

    dd82ae54ae911af0db4e3b36d8249d09ccbe53ebe807cf25e8c944be25ea826b

  • SHA512

    c335da28265e9dbe1da41f225c57b4c1d82f3c5b4542f2ad37cdea16a20df3e6b13e8aadb39aa384c716d1a08f5ac5ea47292d81e87282cccf13ea30ecee1191

  • SSDEEP

    3072:SL957QJFySM0yfkMY+BES09JXAnyrZalI+YFrGOiDXev:SL957QJFySM5sMYod+X3oI+YRGDev

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 23 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\csrss.exe
    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    1⤵
      PID:396
    • C:\Windows\system32\wininit.exe
      wininit.exe
      1⤵
        PID:388
        • C:\Windows\system32\services.exe
          C:\Windows\system32\services.exe
          2⤵
            PID:480
            • C:\Windows\system32\svchost.exe
              C:\Windows\system32\svchost.exe -k DcomLaunch
              3⤵
                PID:620
                • C:\Windows\system32\DllHost.exe
                  C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                  4⤵
                    PID:1608
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k RPCSS
                  3⤵
                    PID:696
                  • C:\Windows\System32\svchost.exe
                    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                    3⤵
                      PID:780
                    • C:\Windows\System32\svchost.exe
                      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                      3⤵
                        PID:828
                        • C:\Windows\system32\Dwm.exe
                          "C:\Windows\system32\Dwm.exe"
                          4⤵
                            PID:1060
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k netsvcs
                          3⤵
                            PID:860
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k LocalService
                            3⤵
                              PID:980
                            • C:\Windows\system32\svchost.exe
                              C:\Windows\system32\svchost.exe -k NetworkService
                              3⤵
                                PID:296
                              • C:\Windows\system32\taskhost.exe
                                "taskhost.exe"
                                3⤵
                                  PID:1088
                                • C:\Windows\System32\spoolsv.exe
                                  C:\Windows\System32\spoolsv.exe
                                  3⤵
                                    PID:1096
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                                    3⤵
                                      PID:1176
                                    • C:\Windows\system32\svchost.exe
                                      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                                      3⤵
                                        PID:1872
                                      • C:\Windows\system32\sppsvc.exe
                                        C:\Windows\system32\sppsvc.exe
                                        3⤵
                                          PID:904
                                      • C:\Windows\system32\lsass.exe
                                        C:\Windows\system32\lsass.exe
                                        2⤵
                                          PID:496
                                        • C:\Windows\system32\lsm.exe
                                          C:\Windows\system32\lsm.exe
                                          2⤵
                                            PID:504
                                        • C:\Windows\system32\winlogon.exe
                                          winlogon.exe
                                          1⤵
                                            PID:436
                                          • C:\Windows\Explorer.EXE
                                            C:\Windows\Explorer.EXE
                                            1⤵
                                              PID:1136
                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c8577b0dfb9e59173421fe935ec010db.html
                                                2⤵
                                                • Modifies Internet Explorer settings
                                                • Suspicious use of FindShellTrayWindow
                                                • Suspicious use of SetWindowsHookEx
                                                • Suspicious use of WriteProcessMemory
                                                PID:1584
                                                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1584 CREDAT:275457 /prefetch:2
                                                  3⤵
                                                  • Loads dropped DLL
                                                  • Modifies Internet Explorer settings
                                                  • Suspicious use of SetWindowsHookEx
                                                  • Suspicious use of WriteProcessMemory
                                                  PID:2560
                                                  • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • Drops file in Program Files directory
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious behavior: MapViewOfSection
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    • Suspicious use of WriteProcessMemory
                                                    PID:2620

                                            Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    67KB

                                                    MD5

                                                    753df6889fd7410a2e9fe333da83a429

                                                    SHA1

                                                    3c425f16e8267186061dd48ac1c77c122962456e

                                                    SHA256

                                                    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

                                                    SHA512

                                                    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    89e2361f8b75cfa718494434d2fb3d0e

                                                    SHA1

                                                    d7685da1ac6bfc6b4db9613725326858bdd9dc98

                                                    SHA256

                                                    9749cb42440e468f97d44ee50aa68608386bd46beb69a4a16895eec3045716e3

                                                    SHA512

                                                    debe5b9c389f8f133c4a6cf57cb925de216063efbe358a91b61bc94018e9068e6159bf272934acd29a4fdfbfd9b89b2d7f745a17cfdee8eb7c53e1eec6ee5e4a

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    7874f756d595ac1fd8354d9c85b8466f

                                                    SHA1

                                                    d496ce21122ab9347f56910a552e0886e1e22082

                                                    SHA256

                                                    eca1490cad9a80721c287e549f591e75d81d1a3ba6ebffc7b537ce5ad459633b

                                                    SHA512

                                                    52b8dd74676da708de1d8a8ed4710697575695b4fcd6790187fbf97ec5886b6f6ad7d21f08275ba26facebab07e7394e59f4d2ae617be6be5bbeb2c9600ccbf0

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    d7e3d57584275e92f020b1f2d873b96b

                                                    SHA1

                                                    42b8daee16e5d57a327a3b05b130edbe4249e5e0

                                                    SHA256

                                                    af1a2f7fa83daa54a72c4e8b769f88ebb12307223d86ce23ade189eacbf13d68

                                                    SHA512

                                                    b775e4cdbe8de3c430bc7a6d67302059a8313d9fcdbcf0fcb5770433c4b8ad06b948d0d97e634726dfce4f5b49b54612c1701254295eb1b14d30c68fb579bd81

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    9126d954a652abae44c68c0b3a608bf5

                                                    SHA1

                                                    25f9921f80ec5e605b5aae333b964e13fb0a3e27

                                                    SHA256

                                                    5de99a94ca1e3fc700ca52c26e4e4b6aa47cff0b222442e225a1c4f2e9436973

                                                    SHA512

                                                    2216d6e77ad0a09263a37534a304bb3448b0da8694963ec60785324d55e0b2b8fa94d4670696dd4ad60e631b3e33d388388b20d1b07c809914f113541c730b43

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    eb179845b5314008319b8675d3620ec5

                                                    SHA1

                                                    d7041083942010fc1d7287190313f231e4578fc9

                                                    SHA256

                                                    0cc168aeea550f9537d7c8b8ae7280c52cff160d9bacb0147b691520d8f32107

                                                    SHA512

                                                    4fb9b2cbfadbdc98c7419259012852319f63a44b861cca563a4c07a5bc2b057791d1ae30fed83120ef2912edd6a6afb2afdc12a68e3cf6f6de2a65366e9f088d

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    58b4a1e304e684be225dfbaa732bdd1d

                                                    SHA1

                                                    d69466fb90d2052ff2434436120670ec8a57d37b

                                                    SHA256

                                                    b2779a47461b75f86c45ea79e6213f3ac46533483c6f8735ca99bb5c1c38d111

                                                    SHA512

                                                    e92361acc03b46bfc8f11474b1e1c48de1b3fb0d92cae3a5beb4c22d4d4df05ea827c0cdb2545e72de51f7ffef3665e185f4f651c7851370291962112ced50b3

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    4d2a1f345e05ca3efba2ce0d50251bc7

                                                    SHA1

                                                    5a5750a1d3d6689ac4ed6cdcb482604fb710e027

                                                    SHA256

                                                    b01845e71dca39682c56b23b8748a5f99e146342318d9de74215314b248227bd

                                                    SHA512

                                                    fc412bef59a1996364c7b19b14d77923220ca5e0be3782dcab0a12ca282a9a231771a38521a2f4aa5a4cf9741b565e02ee37d8cea2d3ee6cf6f2d4d69fe0ca5c

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    87c7b9799b03a62dbc7ac11499ae435d

                                                    SHA1

                                                    99e9d72603efc7b7df88df69a756bbb6c17d662f

                                                    SHA256

                                                    e143edf1e1e08b36b21d2de88f44982893526cea92e234466130cebb4955a150

                                                    SHA512

                                                    94e8ab8ccc6d564be07529a2c4682cd71f153e7347a8629049016b4a4108f312ed4eec90cf629eeeadf4c964cab014bce92739e88a0fc0927e71e786ecb949e5

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    4b4be3dbd42c594c2734eef5b17136ae

                                                    SHA1

                                                    044676c57398cb9434139279257969202f690e83

                                                    SHA256

                                                    d1aadbde570fa547b4b5307dee1f79c6ce435c48be34c6c1a79662e3d49eb9da

                                                    SHA512

                                                    0bd41b33440332fa6423bab451637b5698875d3d05f22a16c7019902d8509c694c17e9a49d2aab903c1f155b39fd92fd6e7f069d91c2ec24e923ccd6eebfa5a3

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    b0efa189d06bb571533dc3b54998d99c

                                                    SHA1

                                                    b1c38ceec4960b65f746964e804332fa1bb16533

                                                    SHA256

                                                    a2ff6c151390011cd7f7f8e8a530a6e97d17964e791673a1078865afa14f2961

                                                    SHA512

                                                    2a6c342fd779c6ecd8bbd518223de60bd0ee3c72d329f3c03b3e6f4a5082bf1cb913a27c33af5a984fd2d6af9c1ff472a793c764109217d82013b9a95fc50324

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    955c98c139a25f3b85a3b040f457bbfd

                                                    SHA1

                                                    90ec66d8d61dd751969de88636b9a46baaa22775

                                                    SHA256

                                                    22c255c43354e1497d53dd4a869645d214db60bfa323bc9d0bbe9484c5fbddc3

                                                    SHA512

                                                    f68d255cd80aef37ba72b7d81ce7d1240f07cd5124c4fc3a6936ae503139c60e20fcd2377254ede91788cc6660cfe4b0f76942d7747ccbb0a0489f7f20537376

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    5829c91975aeef0383960230773119c8

                                                    SHA1

                                                    1c580a65397ee87cbd63142f9dd84acb405ed003

                                                    SHA256

                                                    eb67a69e49566d66cad190986adbc734b89535048d7f48efdbe1f2e2fbd139db

                                                    SHA512

                                                    30132c8e9bdc1b914a19ba5291ee021aea15ca694813ac0d15bc6afa780bd474eebad9bf8bb946287c3142fdd8d0fed7e6670814b926e26e41517d1f6b41ddb0

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    5983e50642fd9b18b2b254f8b318ba8d

                                                    SHA1

                                                    f8db8472f901d97375bcf6199aa67cc410f8b6b2

                                                    SHA256

                                                    d28f17ceef6094917c556c074152691dcc605868d35b18870095aca1c46d6d63

                                                    SHA512

                                                    8342d9616f255d691d98ac10491fe5a69e03cd22327adc71f855dc695977a355535a32161ac927de12c383b155b9ddc8bf110948751f7b55f9f5ee24ec6fed5c

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    0e61641249520762b3da2fa5883696b5

                                                    SHA1

                                                    4ee4c7d3c51722e1368f061b9fd69c2209e0d6e7

                                                    SHA256

                                                    6645b8ace7ea0f0757ef56bd21162389bba38b48496768ab4abc23cb0df2dda1

                                                    SHA512

                                                    e124dbd86623a95718c84ded0f6227e866ea0edb26a8ae59f972647e94e0a93ce0df43507839f25619cc21081266ddc651aaf9ccff239ac99a74ac5296621c25

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    b8b38309ccf69e23d583ff2bfc132c76

                                                    SHA1

                                                    9c311ba00c4002d8ccc4956b4ca02dad9037788b

                                                    SHA256

                                                    4d5d6c9a87e5a8d98732d608eaf73a27074453ac3f814e5e171a32be6f18fefd

                                                    SHA512

                                                    b73aab6ed907d4877ce8f44f2601d9c8d70c7bfb43de0cee1c4f91293af70c393e29add3b30100901f8cc71cceca9e4b6ec88935445cefa61b16554028149ec9

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    05bcaebb93c3b157582a9be839de565e

                                                    SHA1

                                                    14701fabf3d25e77feb79bffd495915c7c637469

                                                    SHA256

                                                    f30b373a1323cfcecbd82433d0594d0b2dc06e4cbed09870b41799b44ec9536d

                                                    SHA512

                                                    2c38471df6477b921f075eca4dd14638787f88302f1f366752f22b635688536f4c582d6012fbca77081aac8968454f99d657aa37eebccebe6bc9b8dadc64ce29

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    ad65a5a69eb629c32ad3d5f3e57a30ee

                                                    SHA1

                                                    71a67715ef06f0e660134d5b200ffa6a5435d416

                                                    SHA256

                                                    357d21cbdb1ed24e64b6a87efdf3e17509bb4f46e3dc7a8610dc9c7b7d1be180

                                                    SHA512

                                                    5576ccf98bcc53e6cd09c999302912479098395ddb7693dc5f001c7aa5cfd000f823b0c48be0656047699c01b57959f5d56a06836d770a1173f172a22dd11269

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    3800cd9883088368c8170f256eb421e7

                                                    SHA1

                                                    aa046e908035c60214723cd9a79ae24d69a49b65

                                                    SHA256

                                                    915127f939fe2a4d146c690394edcaa4dc4f3c5205bab594e66bf1fe7c7b24da

                                                    SHA512

                                                    5c3ecf5e258837805c2cfb2562fb3656de68e371677fea4ce529051f9c563c0ce024c56fcf0c505feda3f83dde3d861594eeb2b681b123008ee834363c018c8b

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    b84540a27761411c20709b22a6d2826d

                                                    SHA1

                                                    238c866494cb1dd9154f7ed4befcfc5c3e8f73e0

                                                    SHA256

                                                    6596cccba7ef4db6db77f42b54049eaf33aad71fcde6f6314d8e868f55c0e618

                                                    SHA512

                                                    ecd0165e847575926b2824d0a8058dcc0142486fd78d28d8d9914da345895194645e75a99bc975e5dc8728094a3bad99934caee685b95416d8ef2432fe801417

                                                  • C:\Users\Admin\AppData\Local\Temp\CabD461.tmp

                                                    Filesize

                                                    65KB

                                                    MD5

                                                    ac05d27423a85adc1622c714f2cb6184

                                                    SHA1

                                                    b0fe2b1abddb97837ea0195be70ab2ff14d43198

                                                    SHA256

                                                    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

                                                    SHA512

                                                    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

                                                  • C:\Users\Admin\AppData\Local\Temp\TarD5A1.tmp

                                                    Filesize

                                                    175KB

                                                    MD5

                                                    dd73cead4b93366cf3465c8cd32e2796

                                                    SHA1

                                                    74546226dfe9ceb8184651e920d1dbfb432b314e

                                                    SHA256

                                                    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

                                                    SHA512

                                                    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

                                                  • \Users\Admin\AppData\Local\Temp\svchost.exe

                                                    Filesize

                                                    84KB

                                                    MD5

                                                    03451dfbff127a5643a1ed613796621d

                                                    SHA1

                                                    b385005e32bae7c53277783681b3b3e1ac908ec7

                                                    SHA256

                                                    60c6c49b3a025dbf26a1f4540921908a7ea88367ffc3258caab780b74a09d4fb

                                                    SHA512

                                                    db7d026781943404b59a3d766cd4c63e0fa3b2abd417c0b283c7bcd9909a8dad75501bd5a5ff8d0f8e5aa803931fc19c66dcaf7f1a5450966511bdaa75df8a89

                                                  • memory/2620-6-0x0000000000400000-0x0000000000436000-memory.dmp

                                                    Filesize

                                                    216KB

                                                  • memory/2620-10-0x0000000000400000-0x0000000000436000-memory.dmp

                                                    Filesize

                                                    216KB

                                                  • memory/2620-9-0x000000007772F000-0x0000000077730000-memory.dmp

                                                    Filesize

                                                    4KB