Overview

overview

10

Static

static

1

0cc6f4c8e4...8.html

windows7-x64

10

0cc6f4c8e4...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    01/05/2024, 20:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0cc6f4c8e4949a4c95a3b0dbaaafa125_JaffaCakes118.html

  • Size

    184KB

  • MD5

    0cc6f4c8e4949a4c95a3b0dbaaafa125

  • SHA1

    4ed7963c1f8ebb9229ec6b39af1a62ef44f9bc1c

  • SHA256

    62aa0fb28eee4bf88b1267ddedfb1026a416ee7cfbb21a44bb4c7557b4118852

  • SHA512

    df733770b1a75967888f58c2bbca7a847fd53f1e962517a3e6af9166fb35b22ffe77c087b4b580a7f818b550dcd853597e850133bd5fe0145d0f2c3b5d230ea7

  • SSDEEP

    3072:th5oyfkMY+BES09JXAnyrZalI+Y5N86QwUdedbFilfO5YFis:bsMYod+X3oI+Yn86/U9jFis

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0cc6f4c8e4949a4c95a3b0dbaaafa125_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:856
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:856 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2352
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2660
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2584
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2828
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:856 CREDAT:537609 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2480

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e2ebf7ebeca370da0074940bac6d7e03

      SHA1

      5fb377376b629c85b4e0b3eb880f6e4ec5b88366

      SHA256

      68a872d6741480f251f5c358f12438a29c9dbe451e611ddc3d0495ede5ef237e

      SHA512

      0334725dfa8407a670597c2bbebc0077557b154967acb0a35d5ecd31883cf2b1313b1c762c21d5c4597a456ba9253969a9a50a8a942af767a2b09a6735f81614

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      15cb90f61e639417a70fd66425c5516e

      SHA1

      af618f24d02bd6ee7ac7fa51873ae6cc7c8ba1f6

      SHA256

      a050da822f4409b2724689f11ed1af4733c895e5b3c2b32f383258b83b56610d

      SHA512

      6a298bc5433d72ee6a3d7a8df501f45bf9be85d2e78e09abfa26a53d9d90020efc30f6a00557a210498189dd9fd75c108e5c4907642a1b8c6d85c213eb1852c7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e862285b8d15d15f46aaa9306dbd693d

      SHA1

      ad8b6f349504556e3c22ee189c07b83c32038ac9

      SHA256

      843507a59ca0ec5e0d31bcd2e9350082799810eb85db57c3a12e10ed25aeecf9

      SHA512

      3d8c3d08c512b5995d7bc964cab64d6b12341fc2fe9f0f0b3385957438ce5b971cb71d1392be90d81441961ece3ea076690875e085ee20493e739980d31c3a23

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0bca76964d32ae96b6d9ee9ca8886387

      SHA1

      993d698c5757df0930c7ffb3af01b175e8af4454

      SHA256

      9ae5c664dd4130bb5400497b02a728344248d66860185f3c741f2fb1179a5df5

      SHA512

      bd5186a8326027ad953ffcde823b24275dadaae9b817bfc8c04e25dc95c4132632b7eb4b96e82a3628e0060a4a975224084b05b31d51d78875d27a6fe5c3832e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5110ab9bf236e5ef1c691e975add1155

      SHA1

      88535561b0d6f3ee1913f8b776a4bad615e35e1b

      SHA256

      082aa7a0fa2a6485d08d29210dc8cf60bcfc644458d53348b658c3ee8ff1578f

      SHA512

      67443dacbe14170a9eb14b1ec5f54e472f1f8a7faaf68069619232a674d590a6ffa03f5ce119e808685965ed846b2aaf566fe17240b644ca10c18ce5bc913cd0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ab300ab7b9b083e4ffe6d070ffd693c8

      SHA1

      a41bc6422081e28a1de8fd401e88d190334fae28

      SHA256

      9c06abe365818e7d2058870fbd18118e1c1ca82fd01dab059e3524a08a898ca3

      SHA512

      f1494a28ff4e73548a1e4518284b9d427873ad105c558cbf30a15d547488d691b627bdd80bdd80b46c1129fa683cbd1ddf1956fc9e5f6be39f665019aa4eef52

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c2b61dd1913ba27af561c0c27e63a3d3

      SHA1

      22d115357c1789309be29165ad5f4a23fcc7a51e

      SHA256

      9c84b82ab4bf0ba63dc686e4820b069f25be60f3a93f785023278c17e5e46761

      SHA512

      2f3391167fd7c30bb40394aafee5fe89bfbbc1f50f365dcd240c6097967cc2bbdd9586b46373b652817177c40d87f3eb045bb2a757c4520e9ff211684afe1e2d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      947ac989440637aa77ecdb0683512eae

      SHA1

      feb79e83e13f7aea6506723ef465c8aebb0889e0

      SHA256

      dede56048337e66bb9f306bb5568d60864b27feb0bddef589c3fc5bd36bcef1f

      SHA512

      d51e099f335fa6f3737ca6f574e932936cfa0030dba7ea8002019e07781aba71ac70a695963d93fa7bdf1fbd2ce82ac751babef68a77d873c1bb9713f45abd0c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8c8618449a1d0b97e55ced903237d5ae

      SHA1

      8e01d2d763e5a3a047dc4808f535269d2ef6ea42

      SHA256

      981043cd5898132228598d83f9a0761f36e3209e664e16543c3b482c9688fbe6

      SHA512

      12b95eae8f2876d0504d9fdf9d09f9ee4d1bc7ee059ce6c22fd62ad2068bd29bbe61783469b044481714c3059fada6aecb080c2ee0ab770f3828e994b82a8ce3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      70261582fe03f9e3b1934bd176f70c43

      SHA1

      9279e8b5b49f5613ed859a9214e2a2d62d5b8e8a

      SHA256

      0827773650dfc4961b9310a12d783e8592a59dea069ed133292b891bcfaa7597

      SHA512

      3e10f749c8b5ebcb995ff3865969c5a4fb6a9da6138a0c14907fc4122103300508cc5b33288398ebe884d3f0715e72355407728482c7b94c4de377913022f183

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabAEC9.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarB008.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      83KB

      MD5

      c5c99988728c550282ae76270b649ea1

      SHA1

      113e8ff0910f393a41d5e63d43ec3653984c63d6

      SHA256

      d7ec3fcd80b3961e5bab97015c91c843803bb915c13a4a35dfb5e9bdf556c6d3

      SHA512

      66e45f6fabff097a7997c5d4217408405f17bad11748e835403559b526d2d031490b2b74a5ffcb218fa9621a1c3a3caa197f2e5738ebea00f2cf6161d8d0af0d

      Download Submit

    • memory/2584-18-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2584-19-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2584-17-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2660-9-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2660-8-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2660-6-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download