Analysis

  • max time kernel
    122s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/03/2024, 13:39

General

  • Target

    c8be8afdd4bcf7b0ed782dfacef84b56.html

  • Size

    113KB

  • MD5

    c8be8afdd4bcf7b0ed782dfacef84b56

  • SHA1

    88862e4a0b5989e667a7a57e99943284d9559f43

  • SHA256

    e78445eddceec43eaab49b950361df76fbf71d1dc9a1d526c5f3c2abdd390de8

  • SHA512

    761c2084649607fa1df8910c7d9c2085fe79fa76697be4978bdcde8527b5dd31aa515ba9b504de12e06e8de98cad7ef60c8439c9e0359adeb9b4fc140fa4b9cd

  • SSDEEP

    1536:BtJyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGCsn:B7yfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c8be8afdd4bcf7b0ed782dfacef84b56.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1888
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1888 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2496
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2720
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2420
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2504
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1888 CREDAT:275464 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2464

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

            Filesize

            67KB

            MD5

            753df6889fd7410a2e9fe333da83a429

            SHA1

            3c425f16e8267186061dd48ac1c77c122962456e

            SHA256

            b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

            SHA512

            9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            4aa703332f19b76e78ed60f96d6dd579

            SHA1

            0bbb19fc8981471f16c1b58a825de81945bb9db6

            SHA256

            4404b791b9a62fbde59b3cdc3fd0ac21d430de17a16a685bcf49c3254b55ff18

            SHA512

            c40d3de6bd0d7530eecbdaac28c91207ee6c1a518ffdbaf561f1f338cfd097e13f6e71252f23d3b3f620d7054d1d50e66365a74f88631c3d71fd96c2f65c519b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            e00fac724a641e61c59f04a8a5459c90

            SHA1

            6def59db54eb3b5f83572cc03432200ef1f0e185

            SHA256

            21fc7947dc4ee663495e7a7774242667276be6b3d6e65359297ece1268661745

            SHA512

            9374ac60aa08b5716f92cea756aedf1cf2bc2be228a5ab5244a00e194df2ddd5121caba9aa92109f3ef435a7e27efc60170927f73efb93a9d8114a01b9dc9d60

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            1ebccc0872a82e09b56cbfd9300d379c

            SHA1

            b280b8769e76b5680d6dab90b62b47a668d9d0e5

            SHA256

            8a9c2d20589f0e3dd4283b35e7358ff8bc4cc19f7363d76fff8f0a7669a1bebe

            SHA512

            495145dc6fa7fbb7146255e8c91abd8cc153809d1ff6e3d739a27f7d7c98f8ee7d1ae5733cca3313838dd1262457bbc0c9748d4643b738935e3d4d0894e4d528

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            69364a777aa17e573ea8ed35c9222b52

            SHA1

            0f0d6fd657a08e3a1f19777cd85547a96da4f044

            SHA256

            ac55c8969027f373909ddd773e586e47c95cabbd04cd2e7efea666758da82c74

            SHA512

            fce9d8e64932cf2a5e5aca1f3de434eac19c8fd44c836bfd1fdb863e33bf8ca992679f69438a30625ca6e719cb7f09cddab1979a4b343e7bbf2d04c015040a1d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            a1f840dab9d41dbdb6d98ed39f6e7b58

            SHA1

            90f25e7880e93ff6e7dd59faabfb9dd4a3de886e

            SHA256

            9fbd3961b2ecbe98ccd52c8dd4804e3524f3a970e7c977815029dbb0e17366c9

            SHA512

            5c2029aba2dac61711bc01e6bb2af16f942c09dff730ba0c099f849234a603d078616b01cbffca390bc656bc0fc8e8fe0de849e66931232b053a6491855c7093

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            c59e16a6bcdfdfe1e0778fb912c53d30

            SHA1

            24fc5c848be87bfb01d43f9328ebbf69e30c2870

            SHA256

            c3858f34c6d22a6e8c1d2c3212e191d8657b2744a45669a8604b774d34fe308e

            SHA512

            a9e6034a8022d044cc32dfc65ace21f6de8035a13c56325bbf83b5a62b543ffe36458df11b14cecfee1922ccdb4de3619c4dd0b5aeb79541449a0338f6584f7f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            bc534b2884b2166e381dd0da67dab8ca

            SHA1

            18fd5e15715ef9b1e4566441303ed64dae0fc17d

            SHA256

            27a6a147ff3c13237d0e033ee8a2c7855504a67cc6da563a1e925716aa5aaa63

            SHA512

            002e3a17cb993da32cbc7f245c579c6d1207b4d48655a096810da17a928b9d895ab695513e6aba26c8454731bd4029fea63c722808985b9df9ee8b31a26d3dcf

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            2857d02724149fd5a392cc972479de5f

            SHA1

            63733fd3273db50c74bf8c04692298c793f6466c

            SHA256

            0e105112ea50de6264cfbde92e5baa2ef4aa70954ad024fbbb8e01919deb697e

            SHA512

            5c82d44b53891b7c3622711074a04f45ddb6c46258d64223d4fc76be16b84f1078cc4bb9d4f34481dbf3b7d4d1bb4d0ffc700d78ae6c2278160570bc4e8e2dbc

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            4fe32ad5330e518968230b829ccbdc8c

            SHA1

            9557cb55aa64d75d800d2c3a5c10c515496226de

            SHA256

            20eb28795688c16cf4eec1a62aa066dfbb919cb3acfc495e4504b6a0248161d4

            SHA512

            3b2eab003457a59cff0728739115444e34c19baa56e3ebb09ab05b238a298ebb65cee0f59dbd8d9a0c16d57a68d7dba72cbed081b0a37f95367def7252199cec

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            33a679ec8ec0d602cafb5349c4035f83

            SHA1

            8d22de2e6f7eebb6aa4d4da167990904024a3a5d

            SHA256

            ce6f4c432b27e4f8260e5ab3963623e0a671d282640034c927ca16afa522645e

            SHA512

            3e25ae10a2fa34057fe6203f22072f7797ba151dcee7f98e12c5735c539a8fa2fa602cc1d1f0144ef1598ad875c615638e81f6f7f5eaf0ac678660e1b81563de

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            0cd8262ad5d56f1172547c6f6f622c4c

            SHA1

            32806c0936a57e370bf85a896441fccf02559c85

            SHA256

            5d3a0c867be94e6afa4361488d6a90bc406858ce55b56acf796f0795bee59c2e

            SHA512

            9afe7ca37c67995783aca3e6c713f510d67f5c1d2d578a398bc558d1337b639204872696c334a652eb4ce9c58166497a3f23c9ceecf23726f89df5d1ad1a90fc

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            e020f2c0d7dd293923b4745bcde30084

            SHA1

            f834c27d2c406c77e98a05cd8d63bb0742df5482

            SHA256

            370f8a795ada1515e09b3874efc33c296207cc22496a2fd882622c4deb491803

            SHA512

            67368989fd67b0ece6f27d974547aee4b001727d3dccfedc5650fff34ae7072575cdc7045942ddaf7bcf3e24a7521c5ef581399226b9cabd01f11cb50a736efa

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            a789f7b4fdeeb63ae0b973814331a117

            SHA1

            c4dba8ec407acbbfc13f99de1408cac6dc4410f8

            SHA256

            a4e723f8673502558e59e39ef70dddcc54934cd1dd07015c89ae3500d94d15b4

            SHA512

            2905c5d78f5c724dff6e3077f73d9f21bb3b0ac3a49b2ea0179e2bf24954c997fb25a142cf4aaa8b8682d871b262100a367d665a9f85e667486a45b7ffa12073

          • C:\Users\Admin\AppData\Local\Temp\Cab4415.tmp

            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          • C:\Users\Admin\AppData\Local\Temp\Tar49E6.tmp

            Filesize

            175KB

            MD5

            dd73cead4b93366cf3465c8cd32e2796

            SHA1

            74546226dfe9ceb8184651e920d1dbfb432b314e

            SHA256

            a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

            SHA512

            ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

          • C:\Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/2420-17-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2420-16-0x00000000001D0000-0x00000000001D1000-memory.dmp

            Filesize

            4KB

          • memory/2420-494-0x00000000774BF000-0x00000000774C0000-memory.dmp

            Filesize

            4KB

          • memory/2420-18-0x00000000774BF000-0x00000000774C0000-memory.dmp

            Filesize

            4KB

          • memory/2720-6-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2720-493-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2720-8-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB