Overview

overview

10

Static

static

1

0f50fa12b9...8.html

windows7-x64

10

0f50fa12b9...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03/05/2024, 01:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f50fa12b90b4e680c2785daeef14202_JaffaCakes118.html

  • Size

    130KB

  • MD5

    0f50fa12b90b4e680c2785daeef14202

  • SHA1

    fead78def9f907731f26f9652b6cd1bc759830b5

  • SHA256

    95e51887f91a073c9e50f9c7470fc79f376f584d48b308f08ad495e6daa578ee

  • SHA512

    417e5c58188f93fbe5506369e29225cdf8197d28e4e0511c424ce942848eb424de9db498a2dfa1cc2746ded0b5a63cce74bc28afa8466959a3a68f11fae14601

  • SSDEEP

    1536:S6cMM8yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dK:StMM8yfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0f50fa12b90b4e680c2785daeef14202_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2104 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2624
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2952
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1612
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2932
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2104 CREDAT:209939 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2976

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f016b4f8be57645e15c893fcba5b9d1d

      SHA1

      8fb083ac538cd88fb5f6cd9047771b9a7617a634

      SHA256

      96f46ea1661ac95bb2d2dbe9ce4fe149074e2aa26202c01485bed671c308b3b3

      SHA512

      52a5686ebf2a242f7bc38486b5476b44b3ca3200ee82019095a9776ef674d93f4c908bb22e2c1506588e42dbeed845089f47b5b4822df7236d65f59fd5081342

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      df2785cf0656ee1e9fb8fda24d1df540

      SHA1

      1e1d99b25fb5a134f1e84f0ab915dd9476fe6b67

      SHA256

      1bc0c8bccff22dd22979a54514db89c5464bd51294f4458107d64e7558eda5c0

      SHA512

      5a58eeeef0cbb7ee02e121665c60c7b5ee26e6aca25e5038947dee8fb6cbe58ebdb609cb4a3efd1174f4f9634139719dac816b4b806e01921f1979bbad0f20a3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9a18fecad1a8c7a0520b013e38a6dfc8

      SHA1

      010373f101793312fc571652eafeb260c0c0c626

      SHA256

      441d66ebaec17b994c8f3f8f78f6e67d4fef1d8ff029c12b27dc0c8caabc4e77

      SHA512

      df61ecf36b064dffb3bf87825b16e0c98b2600861470b4566f68faea27a909efff35f0f96d55f6e59baba778b6609466e2a188efaaf610908df245068c42f0bd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7abfa4eb3a5b58250d6e391726a449ec

      SHA1

      175edff4008b08f2a20c747e62fd63157a6c4278

      SHA256

      3fa166cb85f62af6c9a884a3d7fbb976604c145dfba7f776a7d2ee0c05e14900

      SHA512

      abfc072ec3184a19c0c8ba57d7a38301df2570a534d5997418b4989db87eda0261c9c3b4225c5937403264be04edbe0892cf2d63dc1ce938bf4f92972927116e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e640421eb3bf4da57e2a465d42e1cb77

      SHA1

      1422c56f17cebe78708a9e2fa0e8888502481584

      SHA256

      feee039320acadadafd87c90b04f9b8f1cf2e8cd9bb043d0ade54f12a6fce14f

      SHA512

      65292a7b2a4de842b1e641b2c811b03974e11c097e4888fc2a297fab8534c198e4933cf23446b828175fe4566f6876be3432b559ed5b266cb22b87302b5cb695

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fc66cec11df54450f7772726ad105376

      SHA1

      6dc00cfe2f8d368f6897951fc5dd9b94842db93e

      SHA256

      64717ea835e70f0bc623caf44965ce3aec88f1d146b67f2208737a794ee91fc7

      SHA512

      245c082c8f88ab0eb6883aec38f2d66879c1b6410b33c70b27f713e5de8e5142ac70e4f6ad96de2b7a68d82d1bb1147fe96b0a86f07345fbff5f1a0fae2a8b20

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7beebc49674ef1ed6c823960431fef94

      SHA1

      0f2ab052983d9a6d2855524e988dc8fabe97bfe3

      SHA256

      7ef16da4e4205589702ef43396be46cc1640ca747b1f066bfefd348e63b2fbfa

      SHA512

      eea897dcc39ff21ddf089ec4bff0d85a639c619ba911ff032af9be77ca448b49789df5f3403991026e73743e903b4e2ec86c5b2fb23c3bdb1ebf3c21faa0badd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      44f685620bc3229394bb4933d97e8e00

      SHA1

      8b7d8892b5b02d77c2aefd6ce4997af015d2e8a5

      SHA256

      bcc24ee25556d683e030d6d05ce6d4b215615eb57fac59e03fbb55542f99be15

      SHA512

      ee6761d3ec91375a3b2c56943f056d82c07a791647047b29e83cf24c0a272376306c49884b4e0b80c7a8b823a42137c3422943fe34c92a02abf4dc0b6057a86f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4ef76fcaa0aa63b6f49f6f5f23f17d66

      SHA1

      dec62cee6ced8fad76ea2292e1e4fd0aa4db73f6

      SHA256

      b9a9084d9ea5f1a3af70fe2c4979dfeca64cf2e6fbade037a2e9101ed50ac306

      SHA512

      b069979337d17fbb2bda4f3eecf187a50645e24141b1dc33e4308465a42e2591f78fe2706addcb6b39ca0f905600f1f2254c101ad997fe290a52dbebac707a48

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a870741f9deaf6e592aaae1b1d416165

      SHA1

      57559e5af1ed037dca3075e12d8c0f0e5c95b934

      SHA256

      2e7bb28a5ffe606c4c8eb9bda9b3771db14a47c5e5f2df2583955dc65c3c3fb5

      SHA512

      fc8381952736e48b72e03153d99a6d0b6f70771799680671deae8151fead1f40274ead32dc16b8fb2e6678a3627b4ae2bab3cc707c48ca2ec6b608e7cc041db7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      661be5a8d826ffc760a6f7e1016d1055

      SHA1

      98435643996536e9e39e7bad8e32caef0c4ce23e

      SHA256

      26b31f855a2c5d205cf3715eca9025146486b6937849b91fc9c6fe1be99de145

      SHA512

      9e6070a19a4502a634c05c970eb839468a32301ef06f66019d4305779afe0a713463a1c28cc93de2937eb0c52fef0370b27df4f6726b5154217bebf920be312b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3e977b5b5afa784906579361a6c7b610

      SHA1

      3b4a4327705aa778dd78c51431998ec45ace71a4

      SHA256

      d36ed9118f556af12646d26b148be8e3e728c8eaa0ee5d9973262912ee727205

      SHA512

      b44d9b2435101d9e108831ba23a580d28cf7ff0420d13e5bd2946c903317dac2660ad4c943691778140d74412f92a9f66ade5fde77152611f08927f8eb0de9e7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      626804d9185ebf67651e307b025704e6

      SHA1

      c3744da264c42c41448fa8f1828ef3dd4fce542a

      SHA256

      690a5e0c21a41b1beb1767143add3f7f54a525e9f6b1bf2fd449e0c928945be8

      SHA512

      a468ebb5b948bc97b84b415e3537b7b5cf9af08956f7d8b2920b529ba2bfaabae910d6de5799d35eb796217a05693cc0e51f54d4b9ae78585e924d0ed3718545

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c109cd8aead9405b92b3897789916e9f

      SHA1

      7c4dffc7e5776aee007b3e25a985eab8ef0872ae

      SHA256

      70c04ec447ec01349d162e4c29409f5b02e8329a6c9e58f94b0024c0e0b93807

      SHA512

      7309aa16f2ae53479ae6f83d56f183edafc87063523279ad74b834d2aba58b3b9a7555a3ea3c612d45f4c9d872b649aaad84f0d86eaf6d7b37df9ad5202d860e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fcd76d4a2432d3756593fadac0f0a346

      SHA1

      5aa5cf83b0427e327aea385e9135fa0af7da73dc

      SHA256

      6389b80ca2f203b23ef482e1d80ce20475df835db578ea1260124d96019414b5

      SHA512

      66df9de3e3ad69084670c5e166a2ec5d0de54de8903058ba438eefe31828321c0854038f84dd00ed4f712440a66388af0e3492e56691e15c8d780491d657552c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      80d3e0e2557e41ccc27897f637f22538

      SHA1

      b05201960323181227e414ea912f55a311b24374

      SHA256

      5edad9c3684b38df01348a106abd93bbb7525e4b497cff1b10380ead69ae024a

      SHA512

      36e8a716ba1e604d3d714cc5ec6268172b1585a8a6b67ab7fcb41e4944e577cc15f108deb87c2288cf9deeb6fe1739e4639d4d6170160b657325ca003852faa7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f854f642429e51c38f64432fb6284af6

      SHA1

      2dc8f1c02c78089e1407e9588e7bb9cbb670f448

      SHA256

      8151897012160b66f64fa61ffbc57cde8085f9ac5aed7fd7644cd4e6aee28b75

      SHA512

      02236ece4f0487d9a2619c6df48d2adb1285d537b10ac70b22065b5c54c8e200d721094e0154d629d0961a324c2a9e1a9e3bdceb0842af926e252cbfbc25649e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1d4264475e6609135a229dd6fabbf346

      SHA1

      8ec3e1613c6c95bf9e2cedc64142613ca86583db

      SHA256

      94ccd0b9a401fd85e6684834f5d3eb2edc0174c158ae95e53966e4d3dfa4953f

      SHA512

      db90cfb2bff90bc36883913e3a4f0cc5e5e9e6c2c989d1b12434ed527e351b3c6c87b7bff4e32291b1b1e8209350ccb161c91164b1a5f4383c454b7a1f43fa44

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e2ab9ea3e2a65754e1bf8540d89684dc

      SHA1

      58a62963b3803708391bc3ed0526cab6c2a88ff2

      SHA256

      dfecefd3c9f1d7b0bf4e0a069bdb34bf394968c458237ecf268a2d81abdfd4fd

      SHA512

      02821b57db433b2927c1b96eedf0258ce060890b402621d8e72212f9058826ec8dbfa72a0ab6bc06f9684dd0ec01769f60a6104bf2737007a239e450df2521dc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1a374af87a5521c1da612f02b1b7eb3e

      SHA1

      b104da489898ca985889e95c3f633df887e06d84

      SHA256

      92a66e04409d8c83f42a40687c61928c40fd1895f69b27a2bf723cebf00d684f

      SHA512

      cb7e547e275b137b0e884264042866d7f608bce246f560ec696ff004f42771d86cbe3fa184bb5055596d5d3185272bc54544737e4d65aeffa119cec2785f1c8d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabE053.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarE135.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/1612-20-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1612-16-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1612-18-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2952-9-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2952-8-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2952-15-0x0000000000270000-0x000000000029E000-memory.dmp

      Filesize

      184KB

      Download