Analysis

  • max time kernel
    120s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    14/03/2024, 09:45

General

  • Target

    c84f0e8f1464b22c9b02b37ca29ad9d1.html

  • Size

    185KB

  • MD5

    c84f0e8f1464b22c9b02b37ca29ad9d1

  • SHA1

    efebd9682e0c832a8ef6717d92134ad535c1d754

  • SHA256

    8b0e694a72ef4ae4b6b6227cc4877c4657fa55b65deb83b150d5be8756927d5b

  • SHA512

    27fd8990625289f622f44fe84f5bffcd30ded59576436ec79562b7468d33c08c45a4530cdd2fbe209cb16c39470a56e01e5ede535d45d0857acc7ad9a46e8893

  • SSDEEP

    3072:cBQ/6ijbwEayfkMY+BES09JXAnyrZalI+Y6XXI6EyA8:AMsMYod+X3oI+YS1tA8

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 23 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\wininit.exe
    wininit.exe
    1⤵
      PID:384
      • C:\Windows\system32\services.exe
        C:\Windows\system32\services.exe
        2⤵
          PID:480
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k DcomLaunch
            3⤵
              PID:608
              • C:\Windows\system32\DllHost.exe
                C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                4⤵
                  PID:668
              • C:\Windows\system32\svchost.exe
                C:\Windows\system32\svchost.exe -k RPCSS
                3⤵
                  PID:684
                • C:\Windows\System32\svchost.exe
                  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                  3⤵
                    PID:752
                  • C:\Windows\System32\svchost.exe
                    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                    3⤵
                      PID:824
                      • C:\Windows\system32\Dwm.exe
                        "C:\Windows\system32\Dwm.exe"
                        4⤵
                          PID:1164
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k netsvcs
                        3⤵
                          PID:856
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalService
                          3⤵
                            PID:976
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k NetworkService
                            3⤵
                              PID:284
                            • C:\Windows\System32\spoolsv.exe
                              C:\Windows\System32\spoolsv.exe
                              3⤵
                                PID:852
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                                3⤵
                                  PID:1088
                                • C:\Windows\system32\taskhost.exe
                                  "taskhost.exe"
                                  3⤵
                                    PID:1100
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                                    3⤵
                                      PID:2000
                                    • C:\Windows\system32\sppsvc.exe
                                      C:\Windows\system32\sppsvc.exe
                                      3⤵
                                        PID:3032
                                    • C:\Windows\system32\lsass.exe
                                      C:\Windows\system32\lsass.exe
                                      2⤵
                                        PID:496
                                      • C:\Windows\system32\lsm.exe
                                        C:\Windows\system32\lsm.exe
                                        2⤵
                                          PID:504
                                      • C:\Windows\system32\csrss.exe
                                        %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
                                        1⤵
                                          PID:400
                                        • C:\Windows\system32\winlogon.exe
                                          winlogon.exe
                                          1⤵
                                            PID:436
                                          • C:\Windows\Explorer.EXE
                                            C:\Windows\Explorer.EXE
                                            1⤵
                                              PID:1196
                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c84f0e8f1464b22c9b02b37ca29ad9d1.html
                                                2⤵
                                                • Modifies Internet Explorer settings
                                                • Suspicious use of FindShellTrayWindow
                                                • Suspicious use of SetWindowsHookEx
                                                • Suspicious use of WriteProcessMemory
                                                PID:2968
                                                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2968 CREDAT:275457 /prefetch:2
                                                  3⤵
                                                  • Loads dropped DLL
                                                  • Modifies Internet Explorer settings
                                                  • Suspicious use of SetWindowsHookEx
                                                  • Suspicious use of WriteProcessMemory
                                                  PID:2104
                                                  • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • Drops file in Program Files directory
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious behavior: MapViewOfSection
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    • Suspicious use of WriteProcessMemory
                                                    PID:2612

                                            Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    67KB

                                                    MD5

                                                    753df6889fd7410a2e9fe333da83a429

                                                    SHA1

                                                    3c425f16e8267186061dd48ac1c77c122962456e

                                                    SHA256

                                                    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

                                                    SHA512

                                                    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    21fe31d9dc7f2ae99b13feda144e9e0f

                                                    SHA1

                                                    9e781d4835f5d18feb208bbee299f11f3c905e48

                                                    SHA256

                                                    dd7d36b91487107386391591a6cae1beab65a1764beb1cfec334afa68636d62b

                                                    SHA512

                                                    a3e2f1ff0997529e60fab0f3d21e2e958d4f7bf60b0bbf01f082b2954727018d97fcaff8868f3655d806eb83437387ea0d6c537b5500e3440d9d6cdb88872a59

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    090959353df35c9466a668ffdba31fbe

                                                    SHA1

                                                    bf6c82436fc80f0cd617ab02acc289f4e1f48c7e

                                                    SHA256

                                                    8ced44693324f2a0c09ae6417f6de9552bf5fb37a3568f89d4a409a5c6823a67

                                                    SHA512

                                                    9cec4daab00bbf4f5d4cb92ef37c0067832e7249d4410b4c58ff19a713684cde2de465ce40f08a0f7cd227d73653601204b8c913d203189256c0ee37473755e9

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    2386a743363e687754a631188cfd901c

                                                    SHA1

                                                    bd704343da7a1a73efbc349b0abbb5401a9167b9

                                                    SHA256

                                                    22d0f804ad8e4adf58e8a11bfe36d90daca749aaf827af5a61113a7806b6c70e

                                                    SHA512

                                                    cf95ad32b7652659a97b143c0caae88f73ae0e897a517f71811f854567042fbf2df12b7aa9cbde99bb445892839e6fe055c68c0895881b06e7553fa5dcbd0ba5

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    a770ad56283760e6dc8c91af38128605

                                                    SHA1

                                                    d6d6c7a75070b97bb94e288f055bfd319d1a364d

                                                    SHA256

                                                    07c9919ebe11f9acb3e34b89cad482ae45375d77c5aaccfe917dd09d444b9ec6

                                                    SHA512

                                                    b5777a07291f1efe501dc81a176718226931e28d3f644745a4d9d50d449370df8188b54a5ecc0f4c2627287fe5ef3ca7b9f2ae54b44fa29640c9aa54155f5d86

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    c5e5aac3702686202fd531270200d111

                                                    SHA1

                                                    27853ccecda40ae81272d4b0c5586ae8a948c4cd

                                                    SHA256

                                                    7d3e7cd93cec1231594717dec502953bd2b7d30d09e57a265a2c6a7dcbdfe032

                                                    SHA512

                                                    a0173f2c341006d20d9e3d165ae4ee00bce87134a9019ffc258b81702d932e5d0a801eaf1b71d7105876a4a529c0095f73e2a08724449c3300166e8e09033701

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    d3737e7d5210b06f11f92fcf2a08876d

                                                    SHA1

                                                    ce0cab393f391a82673d1de10c5f8d232cbdac8d

                                                    SHA256

                                                    055b8849f895e6cc5342dca90df613ea67f4eb1a54c1b5203e7387d9970fd193

                                                    SHA512

                                                    b52b7b5bd3ca5e84a8aec7562a0f83e10d692316166e2b113671ad363fe0521b2f71324d36e8404504a2ae55d90213d521a2fed40ad718ca1af6b75a3d2c3daa

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    3fe539de6bbc2f03bca2c75c61c99e31

                                                    SHA1

                                                    8e912cbc39dbeb50ba25789d3bbcf49e60352e47

                                                    SHA256

                                                    5d294cfad686ef725f5fcf174fd2d1bda67cbc4bdbf38d652cdcdddee068e8b4

                                                    SHA512

                                                    1f3d59dacd2ae4c59ffa783cc16abe74257eccdaa4d6bd6ef558a1958b60823118b4f66d37acf0ac6a67a9acfef8e479c9d457c297b3d22286355b877ab843dc

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    d833414b29d1e7479bec49a58808f5bb

                                                    SHA1

                                                    96959095db7a33b44f89ec6c9cee4cdc98d2bc5d

                                                    SHA256

                                                    2c77225913929a92a063ec10d447fd44640cead45bbfaefa4b8b0d42f9956e0c

                                                    SHA512

                                                    415120e3a416fd3eed12fe57b2b609943b691599cd361d77ac0279ca1deea71aefbc2cefc17d0afd0bf103e93e7efef9b219c4d2cbb3e6fca9de8fb73d2c0722

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    38e94f3a170d47d4ff9db10be71964b2

                                                    SHA1

                                                    c22d0f1fd37b4da1170da3449408d9376d52f7e2

                                                    SHA256

                                                    2b62867a6a04becb8b4607c6b03847f18c68245fe365ff6b4ce824a225827dd9

                                                    SHA512

                                                    13c115e40cca5c51ff4b66e6d2076148e4b3c967baefd36c98e0fbf0b47848cf91973c695d0f7c9d53d8bc994514d992b18b25378b7a05e50341d5a8edfd8bc0

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    9d229844ce47a8215d10445558e6d114

                                                    SHA1

                                                    7bcf42908a33fe5577a59c811b96b05dca3e3c20

                                                    SHA256

                                                    eb639b45af4ac817fdbdb39a12fb219ee3575c4de4586a79b51442b778c4b9a7

                                                    SHA512

                                                    410d6457f9ff948219a816f8aa64a4b4f16297d1fc36deb074e133497143faf6d6d8d6c8c87dc9e54f0d75e20bf30c92bd23313b668b6e73178686177a13b029

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    cc38b241ec9ccf29b9e3b9bde22a7162

                                                    SHA1

                                                    fac02a6dcf306fcfa3c3bcb4e78f6f06c564aae7

                                                    SHA256

                                                    6c918a3914cecc269764a198ed44bb3eb13b6f642a809aa809085afdbffaa254

                                                    SHA512

                                                    f4ac2dc9648ad470f97f80ca69f7bcd7d80eb4139e20da6bd7a8977999b4fc95bb4c73c43c9a3834a037ec4f5746255184731eb2d914fb076622b8ea2d08ceba

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    cf68c310efd97f9e4d4a7419ba235939

                                                    SHA1

                                                    508ccecbc8e9406403c24cc96078e2dacef594ee

                                                    SHA256

                                                    e7497125afb010568778340c7ea0641c9dde77b74ee56155874bccbc018c6f08

                                                    SHA512

                                                    4abb24a9bfc576d6e809f8896a15a6fce42de42c469aaf6a15ccec159cd6575c169be88c81192ff7f95df9785e831477e021e84c26028a88b794a67d291882b9

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    41ef9435b63efce51c0936520bd891ae

                                                    SHA1

                                                    7169116ec37fc4a0766f234956a182dd62da1ddb

                                                    SHA256

                                                    8de8985b9cf447769658f3cb460b14992ed8c3fd1d4452d40652e6a63f1c005a

                                                    SHA512

                                                    b0296a1a98c76be6f22aae69654cd7f9fe4dd0f72fe43eec693d7d4e5f3d6112681b125b585c8e52920a24d4b7e3186ae6497d6d95d18245f06c20c648ed3588

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    33dd54b72ce91aa3ac3674af54020026

                                                    SHA1

                                                    a14880d3e3c79304e91344f6ec686262fb603d75

                                                    SHA256

                                                    62091f5546be350e7c302e5bb826f8f4ff19c0688ebc13c2d3bcfa63ce504376

                                                    SHA512

                                                    45104a5d93d753ec7c19a586850c4891015b635ad760e652da55b540541ab5754a200ab3d359bb8728bf6707c2c3ec48d03d4e3dec4ec489796f17a168027d7b

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                    Filesize

                                                    344B

                                                    MD5

                                                    4985927a5687221e948dd320eab11d96

                                                    SHA1

                                                    b14567e162f79653554df185ea3fae42d3fbe8cf

                                                    SHA256

                                                    58af461bd96ff3922a98baa459f9194f351470b828ef5199b28040340109ee56

                                                    SHA512

                                                    1fca8e2acf837852c530ede7ce8f6784e1b33b3bc38dfd8d4a06cfeefab9ca071cd025a9dc07cf59bbdef082648faaef7453bb3139d00f2f496d729a321fef6e

                                                  • C:\Users\Admin\AppData\Local\Temp\Tar25D1.tmp

                                                    Filesize

                                                    175KB

                                                    MD5

                                                    dd73cead4b93366cf3465c8cd32e2796

                                                    SHA1

                                                    74546226dfe9ceb8184651e920d1dbfb432b314e

                                                    SHA256

                                                    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

                                                    SHA512

                                                    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

                                                  • \Users\Admin\AppData\Local\Temp\svchost.exe

                                                    Filesize

                                                    84KB

                                                    MD5

                                                    df455f0fa8fb3fa4e6699ad57ef54db6

                                                    SHA1

                                                    51a06248c251d614d3a81ac9d842ba807204d17c

                                                    SHA256

                                                    15068b86edc0473a4f96f109830318e0540af348197e2b65f2e90ff32cfb14a1

                                                    SHA512

                                                    f69dea5b68e4fc8737fc0e6ef48476d3ed0a5ebd2f9dccc9d966df137f9ffdbb51e413a0852c22399afab53ea8a2755664afdcee6897a1cf387a9a620481b2a6

                                                  • memory/2612-8-0x0000000000400000-0x0000000000436000-memory.dmp

                                                    Filesize

                                                    216KB

                                                  • memory/2612-10-0x0000000077550000-0x0000000077551000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/2612-12-0x0000000000400000-0x0000000000436000-memory.dmp

                                                    Filesize

                                                    216KB