Overview

overview

10

Static

static

1

15f780c6af...8.html

windows7-x64

10

15f780c6af...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/05/2024, 04:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    15f780c6af7991e8660b23ac04d4b236_JaffaCakes118.html

  • Size

    116KB

  • MD5

    15f780c6af7991e8660b23ac04d4b236

  • SHA1

    adca67eb4b50c8c79d8b6d0417d71090532ab622

  • SHA256

    08444fa484b5554a23b85f4e7dd85163aa9663aec4f3241e5dd451637470ec5c

  • SHA512

    dc1dde98bf4cea726d5b3eeeb42ac035bb5a1774d2f9b7b5776d2287f57c82e049e6df594d2df2994688a5753afeb43aadefeb5679b3bf348e53907c099f7ad8

  • SSDEEP

    1536:SJyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGCsQy:SyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\15f780c6af7991e8660b23ac04d4b236_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2908
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1680
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2420
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2316
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:275466 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:240

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
            Filesize

            68KB

            MD5

            29f65ba8e88c063813cc50a4ea544e93

            SHA1

            05a7040d5c127e68c25d81cc51271ffb8bef3568

            SHA256

            1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

            SHA512

            e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            588e6156615bbf14df272dc71aed0b16

            SHA1

            b829bbcf9bef2c47de7cfc9437066ce3dc11b3c0

            SHA256

            dbd7e1e5e0c278f3b36cf87c5a2faf9e2379c3b0f238d78daefb26bc242bc8e5

            SHA512

            dcbeed536864e97bc568f74c346b22c824caa75ac5ca192c9eefb54c2c6c889ef7bb0f79f58ff114fc1eb6b52db6f684a55f4917393e2a6074d2a8ead000328a

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            9988e7efafb23006c606ce1cd323d3f3

            SHA1

            174d43267f4029187053fb6fad5f8d8ad3df04d8

            SHA256

            1c96a53c43f855d8b72b8419972d96f71dfbaa33c8574bb785a6c5cee95bc028

            SHA512

            72e88d499b50a55f3a9fbd6b977e0e65c86c1f6f1f5b4bfeb1f129e5dfabcb338bc0384cdd5ea51eed54540229f21b54094a68c4b296f7a927211ecb3f8ab928

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            905c0dca24fab30aef3efa7f172cb612

            SHA1

            d19754aa91a722d87373bd0a40040c74e8deaa81

            SHA256

            cc64f59ad31f1c72b61a7ef9f564c82ad046126289b743b368365c3c63e75a44

            SHA512

            fd0abaea0e42666042a933d64832edfe4ea334afa2545198c79ce37cace022216fdc56e5b668a36ad1f94091b637bc806abbef2c6dc050534affa663490ae44c

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            3a587f0144491a5a9e8be66b365431d5

            SHA1

            b9b4e58359ff92436b5136e538925fe8b7991e28

            SHA256

            fdf5a03ee71894e9e5f4e8f3ebcfcf09dbfd6cddb765f6241a38abce3cd16760

            SHA512

            962d3ad1aabafc122f509e1cf8b01ab60a6f6863b1a01a02beccb5b71bf5dcc9e6c63bda56515492e62bcd6ff60c787275d9fb8a285e421639e00476ed501be3

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            ec78098fd7b2448edfc4ac71b656658b

            SHA1

            8c407416d228d126fb451cb555e9ecc115a64717

            SHA256

            4cea8aac355e23992f21046edb5a2e7b66a54a1ae50843817c433a5bafc667e3

            SHA512

            2180f339c19f2bc7370d37ff049049aa8eb66722a4436f1c7127cc6b43b30d17d9b741a0ab6b1fcbcd66a2974e6cecc3bdc4a79cac4736bb7ddeb25ba3afc400

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            bcdec8f67e62c7fb21464c08ff050c6c

            SHA1

            1db1275bb9b0c250d56b17d4b26a4f7c408f444b

            SHA256

            6de18e80cca78e7e7f1d8007078e00836bb6387c804a68ff4ec9581141fdc32e

            SHA512

            76b77117513cd5540c2037451fbfd4edcdfee4f4160c1fb51bd8fb382f97d6dd8c2987ebde9b4d0053c58197a10aa2223a8750075c9c2136f09664f5ed7eac46

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            9802e78e9b92cf8f384f8c27f1baf87c

            SHA1

            7ebdcd046e0a98cf932f130946b4f0b9b04b2df6

            SHA256

            f23ba2a002400df0b3d5263b6ebeaabcac2f57e4e68928ba2b4d5435db58f249

            SHA512

            bdc7c6657065fe3a6fc183a08286fe64813f95139f323680b4a11beca9bf6081b65ad7f6d1090f6ed17f376faeeea78b67d3dcbe3430f8c56a2f172c77bca9e2

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            fc9dfc4ead1497bc6db745b86e2dbc15

            SHA1

            10fdc2b7d0a60efd66efb19988d2e712ca27a6bb

            SHA256

            c78f37741a026edaca687a318d16fcc9657b2ed5bab0dd911d73fe47043d4206

            SHA512

            740ffb9eb7c45432b87048e91e1e63e8f804e0ba122348e13a70c0860389c2c8f701233dee6b8520996cec7d914617411b5b0a25f2ec6dc19959526fe4af25b8

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            418f3cad961c1a19a60810447bbc3e2e

            SHA1

            9c80ac3feac3829a8ceba2efa5581d976009dbac

            SHA256

            227527939e559283d196f270cbe9b275f33c761c4956f32d180b0d4874a0efa9

            SHA512

            43dc2c9152343ed9e40082b4d46f8f75d62d205bad6fa64fb724705dae33d7bf9efc728a10490ff8e26e1ca395264130cb4963ace75bbef68213850d8af68cad

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            1730b6fbdd7b98cccc11428e627f4262

            SHA1

            cef35f1b10faa4906512ef79f8bf4596a5ad7e0f

            SHA256

            806616366021cb04d7817a8136b2873eb9e1516bda0fda69d5e0670e06bbbcad

            SHA512

            59c1589ced145bc07e7f538c5b08d4af3c581098448eaa09b5f24a8f9d116c1b9f408af4d12dcdada651b5d1db2a4be1126b50ffc07ef3254cce5d80b34e62b9

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            673479c2f9f1f66e37fba333bec0578a

            SHA1

            2ca3c724e345beae8d1f83abb0616e03ddf9f5e2

            SHA256

            3e88db7ffa96c0269ecc4bd46b28780850c12ec9cc5bf86c7a6528479123e565

            SHA512

            fb3843cb648dbf0ac6b0720d4b162fb511f4772e78de85ab94252091c11a84649fc820eb4b7e154e96400ad87106636aaabc62847cc9c263e1edb3440c125e16

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            f435173580038fbdd8fa30be2dbc20ed

            SHA1

            fb267517703153b62112056f301559015ce0286a

            SHA256

            3ed6bb5cc866ea2fc1309accd1dee1312bf898fc1e5e6ee90c0338956e58a10a

            SHA512

            d848eeebc8a1754b6da73115ce9991201c9dfb9d5db3b5f74f5174f873b8cc9694dfc49d51468a4057976d531f8e82268046738d75b99b6e305dace3196ac1b3

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            dfc72241f2e5fcffcc7819219aa842c2

            SHA1

            e26e08264b4158826ad50bb8e4abae139b079efa

            SHA256

            d18779866a664932887254789a6f264a5d39a66712069a4c138382a6a4c9633f

            SHA512

            43c3f3521c04d569924ef7b8728439f1d12408fd324470e0966d0f47ffbf1fbb889319e097a781ba875013080466a5ec941ea3110c8a1c8a37712491d10e4337

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            7e1e3ef2e695c725116dc1c165f6b883

            SHA1

            b9aa5baedffbc978bc6718e875db498afc9cf1a9

            SHA256

            2abc751a53ee5c19773e2be9a032c8b95f47bca7a24d57da5bef443ac1973f1c

            SHA512

            154eb61459b723d037e6576d3e179e56ca85cc64ddb49a2f9fac0ca67d961ad146ebfa1216578783e39cd4cae9230f34e949523fcbd1a93990bc343287ce522c

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            067311da1553c2ac642876eb867fcf61

            SHA1

            e79edd278ac6153b2a320e3c07fa4c3b37e0864b

            SHA256

            6e05bb371f7ad0ef1582bf49893bf9662aee8b00c34a1aaca03f9674884c5a81

            SHA512

            45afe320cee55bb026f473c83297e20b5a6e80b07c083eb283fc6d2b96bca9a4d0ebafa7a30cc1fa026bf14525185fc517d674d2d92917422c17213fb0e1a557

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            b933e176758032c90ee9498d782b6f8b

            SHA1

            485a39ed1fe3239466e6bda08bc1b853198e0f7c

            SHA256

            45de5f417633a0c1738dfb6fb58daa1c7abc735849d13e66a0486e1a0d8618e0

            SHA512

            c86c312f0d952e3983606d1d1aebff8571d240cf1d7813393071dce017a78a94c6bc1563b2485e43a75f6f540802f81c06919fb4c86305ca1eef36ee4ac8e016

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Cab3CB5.tmp
            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar3D87.tmp
            Filesize

            177KB

            MD5

            435a9ac180383f9fa094131b173a2f7b

            SHA1

            76944ea657a9db94f9a4bef38f88c46ed4166983

            SHA256

            67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

            SHA512

            1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

            Download Submit

          • \Users\Admin\AppData\Local\Temp\svchost.exe
            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

            Download Submit

          • memory/1680-7-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

            Download

          • memory/1680-8-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB

            Download

          • memory/2420-15-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

            Download

          • memory/2420-19-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

            Download

          • memory/2420-17-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

            Download