Overview

overview

10

Static

static

1

5f267088dc...8.html

windows7-x64

10

5f267088dc...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    136s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2024 12:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5f267088dcfb171684fb7ad3f5db2194_JaffaCakes118.html

  • Size

    132KB

  • MD5

    5f267088dcfb171684fb7ad3f5db2194

  • SHA1

    e1ed2e753fc9ba6baa2ebc89203f30248b60b5fb

  • SHA256

    d1606a3c7dd67d114aabd9633310b37338a34abe367713493d2be1e3bfc1104f

  • SHA512

    32362ef0fc13457a704e20535d30dc511edb7d19d35b2dd32acce5c25d00092afdda5867e9074ba76a36e1e9df75fb60c46671c50b3868acaa1f8cfcf83b3f97

  • SSDEEP

    1536:SSitqAL8yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy+:SSitqAYyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5f267088dcfb171684fb7ad3f5db2194_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2468
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:3028
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:276
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2176
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:603143 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1760

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      940e55bd4ca89492cd3dfa8a3d7e4f85

      SHA1

      46f00ff1e7764daebf659c980d05e6879138d027

      SHA256

      bcdb617d17843de019a73eb675196046fb9427f1568de293e28c07f0439e3794

      SHA512

      f3579963e995416eec6351b0ea562ad0f25becec2f8f85d2702178fdce435c83cb119685ba10ca82568fe6c732efe494c384651577da0fb33d5e85bd4a357908

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      69b41a168485b9c02e2348e904a4320b

      SHA1

      4c3818fc847e8124e95cb4256f0f7b57b8ccf21f

      SHA256

      5bf4e37eb8decdb4966221725d5ed47269de13b33f8c42c1f98fc5adc8d13007

      SHA512

      26b96a75751d5b6eff2f353b85bf5f901860aeadf1b7bae94aa37e7d7ca176af5b5b173e9efc50b35d800510533e82253da25e5c835dcb96f240fb27dce0a065

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f9845d291f3739c4099a52106e0535e9

      SHA1

      cfe0ec8bf764d83ee1dcd5d0df8cdbd5272ea68d

      SHA256

      67c38807783611b54fc44ec449e2f9a4bb33dd361a7e71b53969e520cdc1b568

      SHA512

      b0b08777ea5b759607e7e9c5e75bb362bf21782840aa812d97244818b026378ae11cceb5dc2f7ac00de0a5dfbfc0b8cca2fdfb80cc8499866f2d42c385fd1539

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8936812bc30c603a8792bdd1be015a1f

      SHA1

      589aac29f76008522bf902c808ba51c80f05f7a3

      SHA256

      c9e82738e46d58371cd8d6b97b44476e824cd863c1c4bb10ab2de890e74c950b

      SHA512

      b1e3f34eea3335d8a2c5e546cfb96e570e3e07c3980f2d4f2d6d26276381ab609b5d01a4d57801926cc944c75b64825c37dce3c8bc377d17c551c8be8e115aa5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      79215d742e19b51b61d53259b5504743

      SHA1

      3b2d08f3446f2722dfb1f65e1face21b387e4abc

      SHA256

      433641598fc117badc564ef97444b1ae97784ed9647a564b2cb082427af8452b

      SHA512

      bce88f472b058051b4900777135e82d8644ecb5bf08ed251ce858abf80a1a63d17f9ada3635a98ca04c19553b011dd82179a5ae74486b1ccbe9c4533a5f50b89

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3b1dec6f92cf223cf42d4d6f73b18908

      SHA1

      cafe836a9b900ba4a801d2a7750b1c7d1005361c

      SHA256

      43cc4392ab1e81d02452685e6635630eac620f6f6a56f98fa05d5c7cd9e1f271

      SHA512

      280cda413228b71a3e5f97acb3a76ec8ec417c9cc91c883d64e90fbf153c2fcbef8b0fb25e7c6760809b891955b4c4d19826b189ee66ede52ae7f447d06253f6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      19a6d153f42c83a391f047ca63be8efb

      SHA1

      2598fc79e78abf04d63ea37d845cd38f79a1b99c

      SHA256

      58c9af7e6453f49d066324adb26ef9d9a8c97b93b0663f882018980f79e86159

      SHA512

      41d43f2e706f81b372bbc7727ef15d967587b789262e2c5fd19324177544263353fe19e195df505405420bd6552955337dfa502e7cd1a0136213a638061663fe

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e211ddfb5d3ed36ae2d7ef31198020f3

      SHA1

      2dc44008546eef23ba0efaff2f23ca28b33abc28

      SHA256

      0547fd3e1d9ebd5055d609f67f33298ae03f14917b8912f3397d0c53528d744c

      SHA512

      75e4efc9c1ed9d291cf213b991ac875856a7f271375de378dc7a8f3c16a6f8b732fb4388ffa4ba6134f2a8ceb41c8aa73b4952abdc988ccf7d456cfcd0c23870

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8b188e3678e5c9064ae6857fbcbdedc5

      SHA1

      78a8db8f25ecd581f786b9989d8ebdef53116438

      SHA256

      a40a33f600071c0bc050a243e0c6eb0a998093d4b01616536d842cb4a2681b69

      SHA512

      dc7146dca56a2e41a1d7c84b3420542e6ed243ac7224c383d165dd81ce01f042b78d1969019114903e834e18a45cbf70a68f5010f333a6a4aef99cfeb66f3e0d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      830f8306653152c4530f734b1d59b0d6

      SHA1

      43ddf253f596f5f3d4021eed05c32ffb7946e716

      SHA256

      432bd44bef14e2aecf792ebba21937407b0ab212d6e2da2e3c490fd6bac3de21

      SHA512

      4c1e7fc28922e02e98e46591d364d5dcd2a443768a0b0647b28396ae21fc2c6c99aac0c11d56d19049fc22a53cf751667fed6e236f418dead18af7a46a1496d8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ba161a66cdb40e76460518cc314d0136

      SHA1

      30ac862f5539833eaba32a9448d44817f7dfc1b9

      SHA256

      175a034f9d0d1b3b154a0a3088102ad3100f78bfe515bdf7bc3ac00fe3b87c91

      SHA512

      7f1d2b4472e77d6fe1a8b35a49d488087711ce6e9077acebde9a93bafe38ec954d62baaa0ab83fff64a7327b8e3cb71d4f582a4ff6a75418a41cdcc41877d646

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ebec71794328be6f0706c7bf3da70972

      SHA1

      7b3db44748bd9d4bcbb2fd46a215b630c8003434

      SHA256

      144781830cfa08804774ed637009465d4c60e7547d4110fcf82f278e41bd5c29

      SHA512

      1da2add8c5a38951eec2424a04446155b2fce4f70a580ae1e79eead0cdbbd081085f3d6b1878716881ba15d5f3b607ba7a73b4c11f76b319bbc1f83d50db64a6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1649ec657532600dd7070e7d52b2507d

      SHA1

      879045644949f1b0ba6f4ffe860ad57d551df589

      SHA256

      98b1dd77babff23e0241ae71a876390dd925ccd9c7a1a6b7cb7e80b31c024ef3

      SHA512

      94e6a8641f9f176f29b1adaa9f247cde5f53736d7173520bc80a24150c45c9dbdb9baa7b32882e8d5d0eb76cbdc8c0fef91de890a126c2830a7e4f8947b518fc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9c96bd01eafcec2e85bec416ce9b2333

      SHA1

      619e5b7a8b355d559c7b6b3bac350528bef525ff

      SHA256

      4e653a3310aad8746bc58779c16f1b597eacb61b3c38d16407ae9b5bd080ab34

      SHA512

      b12c8b3acf68d2dafd75fe4c990a99efe6f50c4887268c96e8c917f78566abc375d852e4393bd77e59a8239c5bd040d7c9f8de2c58729487546b4200f70fef50

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      870afd6d71a1a25898b8ee4ea991cc27

      SHA1

      7330c66319f3feec3486de3898b3346d1303ef57

      SHA256

      b851cf3510a7d83954ede1f94339ffa8cd47358a4d33d647304142b391f040f9

      SHA512

      fbddd4f049e3eed223057f5e52741ffa0eb05ab493cb3279bef6b8f4aeb0c45ec0f1ceb1f08984ecc6741126feb8b11f1ad85dd9df4a63b5043d75ccb6c192b1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2fab0715172a9496e94e0360e6d4d1a3

      SHA1

      679503e1c12237e3d543d5a3605d8b7721832a0e

      SHA256

      3d1f21ba7d82e2c0929eefdf72c0f7e3decb5139b86232719843514a9b65cde4

      SHA512

      d8b5ed4741c52855f47f533e16453e73dbfe3be0059e2d5d1d2ed06e74c6d653dc757c19243b7e869a092b61c647ee39ae77252156c1de9b3367244f46bcd48d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0d18921d4848722b0fb2194fa0166576

      SHA1

      c95e1f91ea3f21794defcd4d801e22f83c29431b

      SHA256

      e32c110c129673ec42a887c4a971496b12aa829ea27c74c81eaf113079d97020

      SHA512

      337af8c854b6374455c968f278d6836af03a6d3de4148cbcc24532ae2930f4ade3df42a8a4e0e11f119d0873f2435a8d4c0c877db55bde1368ac5c5396983f27

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3bb8e4335d277a762e29e70932621a03

      SHA1

      4708c4cb4869402f6514e594f505bd86446227a4

      SHA256

      d9b42fa0d3896ac10be377bd82b5cd9a45fd7b0f26197609c01c8749439b5276

      SHA512

      e1d3f33bcd053f1a4f0e756443125eea8849707aca7127c7f51a6f603d16add6a781985c40696a55ed750bd54472a502bc6760b28f06c1e6f5e579b162619296

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1c052de2aade49c673517898b221d41c

      SHA1

      c59f566df4eec28ceca0a012f48463a6cde20773

      SHA256

      e4be06ebc16e44c8f39ffd9c4ab57b40cb0b2f6377c4e5a8e9e01cc92068fcb1

      SHA512

      f0155537062a0cfb4ca7ba13c838db23d91fdef1fed1c8523624f2f207db092925d5fbf8fbdb06c4828625df27367713f19f6d6c926e1e9c18fa2e4d4097532a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab32B6.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar3317.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/276-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/276-445-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/276-446-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/276-443-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/3028-435-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/3028-436-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download