Overview

overview

10

Static

static

1

3c9b5e5eba...8.html

windows7-x64

10

3c9b5e5eba...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    13/05/2024, 21:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c9b5e5ebaa11c4427d5b870bbe46392_JaffaCakes118.html

  • Size

    229KB

  • MD5

    3c9b5e5ebaa11c4427d5b870bbe46392

  • SHA1

    5a7ab4a9efa676b3813d96c51e853b38413081ae

  • SHA256

    363e708658e0e098fdb285aa3d8ac1f907f33ec7ad58fc7297a644a29c91a35b

  • SHA512

    e88ee3d0f97b7be185fe1c1abb9779318501a430563476cfd2e3ab6b128894504dfbfe2c25fd58a36e50c777cb24f7459ee5750c0dc32156cd1f922f22733ff8

  • SSDEEP

    3072:vyfkMY+BES09JXAnyrZalI+YxyfkMY+BES09JXAnyrZalI+YQ:6sMYod+X3oI+Y0sMYod+X3oI+YQ

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 3 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3c9b5e5ebaa11c4427d5b870bbe46392_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1836
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2736
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2900
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1804
        • C:\Users\Admin\AppData\Local\Temp\svchost.exe
          "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
          3⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • Suspicious use of WriteProcessMemory
          PID:3000
          • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
            "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
            4⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:3012
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe"
              5⤵
                PID:2824
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:406533 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2880
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:537609 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3032

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        Filesize

        55KB

        MD5

        ff5e1f27193ce51eec318714ef038bef

        SHA1

        b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

        SHA256

        fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

        SHA512

        c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        0ac5c05ffe3dc073005c40927441f34c

        SHA1

        1a8b602783d20a35698f382018b45e7971f06157

        SHA256

        0a86c2673dd7e06a5c435c629e9b93247e6052cd23a4b65ba534d8c2a23f8469

        SHA512

        a74345dfbb3b3f23bdaff7449d65dc340b82d35d7de98475e75934dc5e6ef674c9efa8df5e825e939d86737f9147f9cfd5540624be8132a8945ca6a8be4afba5

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        f9f01099ff39561a2094f9712fab831f

        SHA1

        7c94d95c87781e30d200c60fd2bbf7c2be2c385d

        SHA256

        dc69727d27b3c7c147fdebc0f561ae66e1cfc3c4e13cb73a2c0902adca8b63a6

        SHA512

        f9e76648d033ddcf7506e5d6a44b32658dd808b52d94820fd02e02c661b24b70903903f4f090cf94f6ddb3cdc50501f4e4f096cbf07f2d39bf3a9137804e53b4

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        10ab3c2041dfd4fcc9424c860b0b3239

        SHA1

        98a95e28a22258dd76c676e5684ec43068d6ab16

        SHA256

        1a2e3693df1586218ba21523bed8accadec43e4b92d489474c253e45f3d4808e

        SHA512

        c85bd59289d1ac0b592d77b0218bbbb323a38c584e7f40aa1838140e59d48d942a2bf33eca28883713f6b546a3c14bf67c0c4adb41489d64657c21c652d548de

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        4d4c5e76a22bf0180dfa1f21e3319e94

        SHA1

        4944e35ef39b65761952bfe1a2af90f425fab31c

        SHA256

        a2dee77570b3f2f605cad9db3ffd3897ea60b828f6b5d98fa05f2d923d786e93

        SHA512

        bd6b38ecaa6fa8759b7cf2b8ebec4c00ba982b7d19e4e3751d590bd71af520489117f2fe7f7b09bee1ed03e029b6f719569dcae78f5685908c4b75b739bddcdf

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        8cd0c0abf34a56f8898654fe64375b57

        SHA1

        96051490245e4c3bc87a4cd5f938ee54e42ca2f7

        SHA256

        0fb990b69f44b2197dc8a7a0e96cda8d8e955da1bfa4118ae07d3f186bfcdaaa

        SHA512

        aeae408f0e8821c2a7bd4fe4d0848b9c0acb4816a32547507a66052756c9ae8570632bfa539f708d7695adae169f84fdf1d794f185a61315025b3b6d9071291e

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        ea7cfc4203e1b810bfd59c088e43a2d9

        SHA1

        ece3ad705770a2fc79bbf029ab35a9e9f8220717

        SHA256

        71c94219df3422623fb612956921ee936db7849d596af03c93722ff2228e3e51

        SHA512

        71f01752960a4c4bc281bc0dbfd1dc71061a885ea2bb7037c05c767ee9d0a0a3fbd1f098210b1d9eab19b16bc3bdaf87440e9717e2b2608a360ef2de10612769

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        c17317065679799257dc6b365f4a53af

        SHA1

        989192471a514bcffb50641bf2b9f4f65a7da00e

        SHA256

        235cd6985fcd06692d20002bf82108c6a4227a5317510d3b8ec8388a10d54c0c

        SHA512

        8ff1fb9102120d9d5458cf88b55c357289938ae4212362d9492f43735b3f215f9079f29190c37d5e5b7310ac65ee6b41655c7177f41b43272c7969c36ca83f07

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        ed279915920775ccaea304c45649d241

        SHA1

        cbd487bfda48470493a2d9aaaa7d9dc987e0cad3

        SHA256

        6e3d0b81c4ba108bc18be1db89f9fc448bc5b007492884a4ee8da343b9345c2a

        SHA512

        968bc67fe3f16a302be63132505368393d1b924e4fe1d157aab7970f8addbcaeec411912a56f05e6a8c8ae4449bed5f92f0cb1199637cbce77e7774e225a6e2e

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        21136d6be27ca79b3075e744f494848d

        SHA1

        889d100e8b31ec893b6cbd8b76f2b0e22d759628

        SHA256

        947f74c54de16bd1ec19cad04850a9d5c268f759e4d1ffd98df13c5a0a11befa

        SHA512

        be7e0f95a96e8d327c72c1433956c4c02556b8860feb2ace6b64faff1b56b83ce1b75471d894e4245193a3d581832cb0b07ad4e949c83f964118970f0a7e87b2

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Cab1C47.tmp
        Filesize

        68KB

        MD5

        29f65ba8e88c063813cc50a4ea544e93

        SHA1

        05a7040d5c127e68c25d81cc51271ffb8bef3568

        SHA256

        1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

        SHA512

        e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Tar1CB9.tmp
        Filesize

        177KB

        MD5

        435a9ac180383f9fa094131b173a2f7b

        SHA1

        76944ea657a9db94f9a4bef38f88c46ed4166983

        SHA256

        67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

        SHA512

        1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

        Download Submit

      • memory/2736-8-0x0000000000400000-0x000000000042E000-memory.dmp

        Filesize

        184KB

        Download

      • memory/2736-9-0x00000000002B0000-0x00000000002BF000-memory.dmp

        Filesize

        60KB

        Download

      • memory/2900-18-0x0000000000400000-0x000000000042E000-memory.dmp

        Filesize

        184KB

        Download

      • memory/2900-16-0x0000000000250000-0x0000000000251000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3000-24-0x0000000000400000-0x000000000042E000-memory.dmp

        Filesize

        184KB

        Download