Overview

overview

10

Static

static

1

168d8e16a3...8.html

windows7-x64

10

168d8e16a3...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    136s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    05/05/2024, 07:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    168d8e16a3db6327170a35fab2d8d934_JaffaCakes118.html

  • Size

    126KB

  • MD5

    168d8e16a3db6327170a35fab2d8d934

  • SHA1

    d695cffe04e2172c80847e37d8611e2a0102c2b0

  • SHA256

    3923c230d23da2956f36f92f29d2f4beafc5049754210e876b9763c9727d07df

  • SHA512

    1f2de255ebd9d01b3dcc06ae4f7b351643fb1c30b16feec244a04c0d6127c6256cca6cd9ab4579578b85f4ab32b320e36ab51ac0a01c5ce70ea08212e47914d7

  • SSDEEP

    1536:K/7yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGCsn:K/7yfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\168d8e16a3db6327170a35fab2d8d934_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2860
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3024
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2508
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2768
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2704
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:5911555 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2392

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c8502d6a5d16adf68632160265b5a9e3

      SHA1

      616e7b9e35033c67d9057c2693ba865dca31dae8

      SHA256

      03437b6e8c2fe3242ebdaa561a3ddb33fa0df8c03121648ac24afa94c497a069

      SHA512

      ff2d972c2531c6b857d58d345f062812843becbcd5651e1ff52b56dcfe6a7a80611c89f67d1d31c5a38addf0b972b796542148c543d6f801053260f32cf7379d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ccfaacc5288d8413e1085f090c89d9f0

      SHA1

      99aecb74e7e267099dcda6735f6fa9aa54b06d85

      SHA256

      23a0fb123f0e95b30b9a134720f33b6a901c0984026f726d43520a2bf4e80ef0

      SHA512

      8513932e3b7490dabac34f2795f20b51198ba0437bb61b61a7daaf6bab745bda5a062844bb123695ac1ea94802842be6aa0420000bb5274fd608d1e1f0e226a4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5607e4fce5e4f82ba668bfeb9c6ab814

      SHA1

      5b349f41e9da9df74a80f669608ced061c266639

      SHA256

      26bdf37ca950939b133cbe2c2a9b8f59099faa6637f1d277a4efc1940a8a8585

      SHA512

      6bc6434dad30d1d030b457f3f9c0e83bdcf1cf4e9eda1c9ee70f9c5bdc2295eecbe63ded251b3223bc183621815f6cff2f1804b7ba0a3e800c4bb3836fbdf5d3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      41f5baca0f66fff6f40097830f67511d

      SHA1

      66e59a12472241c511316d764e748cd4c37bf852

      SHA256

      3af2f537cccabb49d9d16f87fb7ba27a4c8e71e924d689f8c15a4ca780ba3249

      SHA512

      5d8885d40caa80924aeb751415a2c563a58ed217685ac4bb780b8d397a6f4566c33329da5eacb2488ac589a65cecd7ba1252720208fe9043013f50c8ed49d914

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4d96d684ee1f17757bd0a4e237ecbc28

      SHA1

      8a61d2aac1af8d46fc738b5032836593daa069ec

      SHA256

      b9b463c000be966ac3662230bf0d3d59996aee163ae3f0ca5dbff1a4a7605e06

      SHA512

      8307a79d44e6079427e6261be97eb9905dc63c5c216f866bd00710af4754d3d30a0cfc9c7b0f705802f0364418eb6fe6b455d8c25d902efcf68a00b21b4101ca

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9a3eda336f3b8974f0010dc153001da1

      SHA1

      db171af06e0381937eeacb4a2827b559a642b3fe

      SHA256

      34b6ca3b64bd1290885b139ef5406015ef588c823f25100ecd5981a37cd1121b

      SHA512

      c014b361f3f4115c987c2c4869c0cdcf7f392eb402ed0e2a02de8adf79fdbdaed049549037466916a1577ce4d9175a75824b41dc811b59f7c13f7fd073ed2076

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2d4a6c4443b30973956adb6ccbf29bd7

      SHA1

      71ddaa07e6f6d7febb95c1f5b6ec45865ddcb551

      SHA256

      fbeeb28ac9ef2a92b71c83e5f16d2231c90c46503e35dc1210b7afc19a59a13a

      SHA512

      fbcd1b26a7febb330763978187730d71e1357af741a2423d1cecf28e6914d0e1cca031f69970d2727a2753e49a87867160ddb2164d493ee887e2e2046a3b77bd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      673c5fd5d942427f3d8c426e30f9a98c

      SHA1

      064ed00252ad534bcdc387f86d54c73314dd6007

      SHA256

      0c6a24ec8715554f2d7928fecb0aecdfc7fbc789f4951691da92a9f0958a29ee

      SHA512

      027187af1c44d18640be10bd32b57dd4f6932dba8fb3bcb64c053d0c7eb22a91920898928a39515cb9eb1612f561fdd1b030157d77af5c9f1b840d9e6c995b6d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab140F.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar1500.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2508-7-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2508-8-0x0000000000240000-0x000000000024F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2768-18-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2768-16-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download