Overview

overview

10

Static

static

1

2f418bc0e1...8.html

windows7-x64

10

2f418bc0e1...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    10/05/2024, 13:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2f418bc0e195872372723169381c4f8c_JaffaCakes118.html

  • Size

    245KB

  • MD5

    2f418bc0e195872372723169381c4f8c

  • SHA1

    2464144fbd5e43fcdc70493493c12a33897a6302

  • SHA256

    09a13a1003fb64753b73f507949e56468a106cdf525fbf08d2e42df727e5d012

  • SHA512

    cb0231f73f6a8da1af0410b00e74d240799b0de49ffe3801caec7dd532243a1c93fce315daf4c8dded987f0922770488d8c078e1aa6f141a68cc0af68783a4f4

  • SSDEEP

    3072:/yfkMY+BES09JXAnyrZalI+YUYHyfkMY+BES09JXAnyrZalI+Y0:KsMYod+X3oI+YUPsMYod+X3oI+Y0

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2f418bc0e195872372723169381c4f8c_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2364
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2364 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2700
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2800
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1288
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2656
        • C:\Users\Admin\AppData\Local\Temp\svchost.exe
          "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
          3⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2256
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            4⤵
              PID:1060
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2364 CREDAT:209933 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2792
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2364 CREDAT:209938 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2840

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              344B

              MD5

              e3ed023ba0c072b456eb62212cd7bb8a

              SHA1

              0a5fac60e96d8f42fd3f25322bd614a64d6aeecd

              SHA256

              29e6dd7d2a0d6304138159d7e7b822469ad434ea178daf399fe72fb7db7601e9

              SHA512

              22c6f371a68290e306ca15e06eebec64552c735308ecb5bd1a9cc5f405885018afe934308286cef016a1ee601cbdbb9a73ad730df0c0cedc1838d5fd8b626122

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              344B

              MD5

              9dc17fb9f8fe5eae2c72cf0bf093dc25

              SHA1

              879c232e9f231436145c6a53edd0226a6e1d01e7

              SHA256

              4eca5a88ddd950d5b19c770d4aa0a39757ec03dc4d77c7c9bf89d33797bca49b

              SHA512

              0a66452a0623cc7d59a023cbad5a38567313adc33288be0886154bef79593a42a0cb5664a020483dc9e3652e7e3eacab1b34275de43cb04020bc9c267b68fd80

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              344B

              MD5

              05636b5dfe834b5b0d6f65feec348413

              SHA1

              2203615cf5a01eed713217af5a5e98ea921a2f51

              SHA256

              92eec574cdab61630e272074a8d54fea91b3ea80647b42c162405e9888da854d

              SHA512

              dbc596e7f7a36ad37517a05f788f5940dc455e4a76008021ce696f5fe2e4155b31ca9a1bac779259495031cad917e61c41277ed983617d83898bb83cd6758ac2

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              344B

              MD5

              1714037e568d3cdd290d8e0bfd2e307e

              SHA1

              8bebec02435ba2982661821c5cc9ff0b89aea99c

              SHA256

              933ce1301c5824cc0524419a8b6f3e5371e54ba71e37b8bc32ad60be5ea263bb

              SHA512

              8bd21a73a19f4a7328ef7567fed5bcedf203e639a57cbb53d8adb5706edfffde8d083fe6ec53e558731589c26ba6c5ab3253f1480ab392dbb66fcc40b5292084

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              344B

              MD5

              f05c75f3c6f6ff55ef029ecb3c603d68

              SHA1

              da3b79b83d3e93083eb39e06a8be1386f4b6c05a

              SHA256

              fee7083f7072718bd0b93270cd12f1032e726651c1017e854c4a2d80d2de4ae2

              SHA512

              8ab3bd9226c717ef1cd31dea3eb309fb4e86c6f33b18d5afe3e99476bcb3466efa216596630f015166fc32a6a2f10d73c34bf9f9ad4a73604fae588c504b1897

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\CabF4C.tmp
              Filesize

              68KB

              MD5

              29f65ba8e88c063813cc50a4ea544e93

              SHA1

              05a7040d5c127e68c25d81cc51271ffb8bef3568

              SHA256

              1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

              SHA512

              e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\TarFAF.tmp
              Filesize

              177KB

              MD5

              435a9ac180383f9fa094131b173a2f7b

              SHA1

              76944ea657a9db94f9a4bef38f88c46ed4166983

              SHA256

              67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

              SHA512

              1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

              Download Submit

            • \Users\Admin\AppData\Local\Temp\svchost.exe
              Filesize

              55KB

              MD5

              ff5e1f27193ce51eec318714ef038bef

              SHA1

              b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

              SHA256

              fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

              SHA512

              c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

              Download Submit

            • memory/1288-18-0x0000000000400000-0x000000000042E000-memory.dmp

              Filesize

              184KB

              Download

            • memory/1288-16-0x0000000000240000-0x0000000000241000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2256-23-0x0000000000400000-0x000000000042E000-memory.dmp

              Filesize

              184KB

              Download

            • memory/2256-24-0x0000000000400000-0x000000000042E000-memory.dmp

              Filesize

              184KB

              Download

            • memory/2256-21-0x0000000000400000-0x000000000042E000-memory.dmp

              Filesize

              184KB

              Download

            • memory/2800-7-0x0000000000400000-0x000000000042E000-memory.dmp

              Filesize

              184KB

              Download

            • memory/2800-8-0x0000000000230000-0x000000000023F000-memory.dmp

              Filesize

              60KB

              Download