Overview

overview

10

Static

static

1

23c1c06e6f...8.html

windows7-x64

10

23c1c06e6f...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08-05-2024 07:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    23c1c06e6f365462a328244a31c6a81c_JaffaCakes118.html

  • Size

    463KB

  • MD5

    23c1c06e6f365462a328244a31c6a81c

  • SHA1

    6e4249fd7481753c0b0ec8ff215702e2c612a144

  • SHA256

    0bde47ee190d9e38f2a41286f35bf88f61b24e06ca9b07033bd8db57cc7eaf1a

  • SHA512

    6aa44b0c274ccda0c724cb6e507a62edeb6af7d952d468551c31b223b6174d1642f2f399bd656dbd67c3264da6abe2648e2e43bfb12153c0c3c4e3926a8d117d

  • SSDEEP

    6144:S+8sMYod+X3oI+Y+tsMYod+X3oI+Y1sMYod+X3oI+YLsMYod+X3oI+Yu:/q5d+X3055d+X375d+X315d+X3I

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\23c1c06e6f365462a328244a31c6a81c_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2552
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2728
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2724
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2652
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:209933 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2596

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      eeb8680b4c222be9f8fd09890defee29

      SHA1

      73451a2c3a0e42e1db218e55ce9e301ef7d92840

      SHA256

      bc1031b2a7052aabb1b744217b6799a54687544af3a25f66b869cfdb66f96f77

      SHA512

      0512978c979893ea250fc039d3fdc010ed980ca5dbf5d7f1bc810a9e982695a5b4ec902b3ef498cf4c0a9c571b67bfb079372d68eefd2b07554146938cbbc7ae

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      00839aafedf0d55b028d849e2edd329a

      SHA1

      405f9e215f6d13403c052cba7a7c4e5c4a997cda

      SHA256

      e31909488befdbe4593fab0b8bff49374dcf551628b35c7894268486e1dee481

      SHA512

      87c9935b7ec40279407d12ae491a325a29d7a13d19e9bb3edbd3391a7ce02f6cc7f90b7c93d65ebf7d35929e1513bb2fd3e85d2dc98e9c993c3b97471330e8b4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      736d5f4c8192c682279238d7c8c48763

      SHA1

      e00be284f5cf0399d0747fd1958521630e3bc224

      SHA256

      2f1d46ee86f17a92d12ea16d2e7095287f3652984ba948e4b15622184c76b654

      SHA512

      cbd4cd099cc193ee6d211c900d01dda26e89ff4fa210626f084efafef33f8f93669f696192e3744677e9c14ebd2bf28ca5dfaac91aede789a292c57caebc0c73

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f058e76f7dc78a940c880376ba4ac0bc

      SHA1

      c02facf265294e80c3cd4ceaf284eb84fe48bf96

      SHA256

      17ac0c0e7cdac87c349538e2e47d57fbf38151dfaf0cb9f7c0ed48463787ad84

      SHA512

      706a34f44ebcda7de9adcb4c6b81fc70c5fb5773586511a15d6612ded1c3dab4181f01df450efe3e80d27b9cea6a4bb99134328389dee26f5666de37e72e9dc3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      58da70c09aa435b4fb05821a04e1c5c3

      SHA1

      30a130998aaf27bbcbe9a129cfb284be3f2fdf32

      SHA256

      9f3328135936b9cce2b06b069f0fd831b4813d13cbccef1e6a0f6721a872edb4

      SHA512

      22a74e942b98b8f554c6af7136e97e927d3aa006eed5ce5422c09543f1ab5ba028a927495a608e76bf21155730b4c2b1224bcd2944e8f52c7bffdcc801f2e47d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9959f44cbe759a6e1efbbdcd2ea124a4

      SHA1

      3450499a68c4704f95051a47fc9bfad1f233fdc6

      SHA256

      82c190e0be77c70832f3a6588d04674cbd93f6c628e76c43249239c3af212df5

      SHA512

      159802a25dfb5e1ddb96435dae54b29ca74e765c4f1de0682fd8c4997ce3d1f20a6577d9d07b666de4ecfd9cdf8e391160ad871c169ae2bd78444573324d0122

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      af77bc11ad94580009b4c070744b32e3

      SHA1

      e2a7582668bb02b11cfc55aa6f02af4cee13224c

      SHA256

      5f5999f49e9eb545df54e14c09218b8cce61bf4c926f2e66313daa3b7bba0afc

      SHA512

      330959984080a6d345b84139b0ec21719c41747f307c443f98d15af0dd2c4ce81cd696736403ea6b0c3dc85a1bd3c2c5d53958e1bb91115758d428b187cfb82d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabF3F.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarFD2.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2724-19-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2724-20-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2724-16-0x00000000002C0000-0x00000000002C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2724-17-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2728-8-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2728-7-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download