Overview

overview

10

Static

static

1

6aa1f02a06...8.html

windows7-x64

10

6aa1f02a06...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 10:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6aa1f02a06b33c282526409be9ae870c_JaffaCakes118.html

  • Size

    112KB

  • MD5

    6aa1f02a06b33c282526409be9ae870c

  • SHA1

    bfa08a2cd296eec5a687c585ef7761006dfcc1a9

  • SHA256

    2f95d6c0f05b00480ede6ce11f22e027f3c085a8c70da639db8b36ea8f4dbd1f

  • SHA512

    7f3c4bcbf0dd37e976de01df1f1c129341ab303a2234509721b0135057b942ab20feeb2635f7919b28c83033d95b996364ae1a6a49b3b9194d8e48953305b27d

  • SSDEEP

    1536:S7s+EvyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dK:S8yfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6aa1f02a06b33c282526409be9ae870c_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2704
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2756
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2788
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2804
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:6435843 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2548

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2f62b93af62d93b240e891cdc09bd956

      SHA1

      c4057f890f89e0c4cc4f9213a6725f75f8c59153

      SHA256

      a7be7ba5ae34baef3bb98a1863d3d90f3921ca9491bf3ec939c8be68cb8d67f4

      SHA512

      9931d13ae5a2a5e91b40754d667059c74296d9760894587ed8efa6c86503899b3ce549307748fdd60d47fde86efe17b0168571a743c5feddd1e2bed3a4748003

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b23968f63517d93e9614d93a9958cc9e

      SHA1

      028eb3c9256f6d34621131320109c9c5c094dbae

      SHA256

      c879e8a62a0ce0ccdf85418d9e0af54a82f12bd031e36505615abd88f801e80b

      SHA512

      ab7b895d2e682b0aa4143596d296d37fa4e1826bc6bc915f2e663de61b45abd89a539d83e9670f387efe109ffe1b370c7e75f9f83e5e1dca6ee1994fde9f5fe2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      52f058548b7e5d2a7e965d083e15bc9f

      SHA1

      20315ca700ed4b23ebc048660bd01584d6b1859c

      SHA256

      2b938f5a078d0404ab833f5229b708335d7db6acfa3adcae9caa513fa871397c

      SHA512

      b12df87bf3423675d012c72aab273356cd0643055eade185e16c1d539d2de73a0e3ee336c53b6514a3d3151131270f335eaae7c8300be277e8f105bc768ae5cb

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      85d750febdaa7be7d3f0af1507703408

      SHA1

      5227caad908347740a58d9b7b8e713896374b374

      SHA256

      ba61aeb991eae2e7fa12548a9b1ffbeb2750f9f5ffd724e65da8793dfe75caa1

      SHA512

      bb8def300ebc003064a29d87c9a0d62f7ec208c9081ad113c86801a383bc49f83592646cce91faacd11ed15fe881dc64120ac963b22e1312289606f033a7b62b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cf3bcc9b84d67789ecec4b27f10edfd1

      SHA1

      ae7ce58f1a18e727eef349b31337f937beed4b52

      SHA256

      f447c6d257b2265d430d08b9a4a2485b798de339eee0e30fef7330ed2bb9c0aa

      SHA512

      b6236354a055b9fbb875af80ce68d0d05ecaecf7bd4d4d41afa04a305b2c79f1e87beabd52851f2d4c4dc4b399afc21295b885c42f6428c1d9553b341de0641e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      016f3274ab1aa583851affa1a9b50c70

      SHA1

      13b44f0a3e62c06cb709ef5eb22e1f33b5b30805

      SHA256

      647469344999c1339434f8090cd72eeaf7e125b3d5933e3720d3ef6092391123

      SHA512

      c9982a8e7ca19549488cc6e58b9958e48557756cac9deab38d0b94efb7afed74afe3850a2aff16f665702569847f9b2c4680acbd3de02ddd807443812141ca2f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      18a222f51a1e7f1d9847e1b20640740b

      SHA1

      fff5dd5eda9a540a82c22bf02867fa96698b146b

      SHA256

      20a4adc97de4b0fbe2433f5dd1f4cde5ff33d38004fd809b6fdec93048b9cfe7

      SHA512

      85dc4d1ea33fa42ddc7ad5fd2230be258f15ab59233455fdfdfb946afeb71d6293a0d44e83f3eb4a7807716715b3974fb44e083139ecb75503fe4549fc0a5721

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      73e1ddfe960fba95ab94c3f6d8644b76

      SHA1

      f0b1c22fca3b3d5698d751386b73e026bd889ae5

      SHA256

      94fd9f7f47db87e1f5a911ea0bb2acccbbc170a62260249e6b40b585e756dbee

      SHA512

      8467046f06d6973847d9d19632131951f36fc6dded973e4756fcdac8e58550d2e64f605205f1cec28cc7fd19bc039002438dad62618bfedc987c35836495b26e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      78ecc995daff2e0e09e840c2942b0825

      SHA1

      2c87c05abf4fc30d8dab360a19846bf4000c2bd4

      SHA256

      067cef7d906789d9c7d5e2c56e2498e5371567f7c0a8e9b2093271f998003e76

      SHA512

      15094eeeb7fabe66e679d74f7d7de6ff8d79cbb4c43d5352df6e5e751097d5aafdcc5de148fdcbe7c1c435707fd52a99ab289739088d03585d653ce571959b65

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5a901b9fd202babb4e4b5bb3e8ab9e66

      SHA1

      62cb4ecb05d59389403cda167fa96d82b6285c61

      SHA256

      f458815544f51908147474169a214d4dab8f10edce2f27943243efdc2641274f

      SHA512

      b47c7ddcb91fdff8362acd8c09d01d353fa759eec950f378c056f9ad8620e54b7c105a0d3383bea0acb18ac761068f5a8fdb227ff2f3bf6e81464904e0cc0e7e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bacdcce92201a531a11a9c3dba0d9b27

      SHA1

      2362a27aa39faf7d3e04ba17bdb334ab657a999c

      SHA256

      45c00b059a8347542719cd1aa52bd28383b3948b6f8bfcf8cd6b3142cc3b1912

      SHA512

      ae4223c2699eb7cc2e12ff8c617b9336bd58df1a10df6d9106f5487c0c3ba771a9b050da7c8f797e8cd022b75586403c9e209543e38eb5bdbb81f278ccd9e7f2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ac06cb6dc7acfe7c0cb3dd3c4c08689c

      SHA1

      4a65eff663f5518fe1d73aa42c86f7649b8e123f

      SHA256

      d55a4b58bb911c6678e3f50316aa14ee3e919b7e3d6facd57290d14210ac1efc

      SHA512

      08b64590bb337eaa65269941d0be0d195ceca756c24fbe341f119af30c8ef1b2e948e3fee5ea94de63a8ad57058fc69fa8ef519cc4bf81f23c1e9b7c1420762e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      32ec1d398595d1753867629bef23e865

      SHA1

      676a34dddcee03dbaa1be570c12d79ba26863b0a

      SHA256

      b45dd61db85cabededde2b3ee2919dd83f3632bf388039c022b83f6f9b7fc660

      SHA512

      4e880d6c00fbd49de6697b37fa4b1670bac1db4aa5af7326cf72d6ba27a15658810146e9f329ed232875fd25886d64b32cb22963a62fadbeb3da3270b773d266

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      21328d9382d7cfdf760bd8d9d05adf2b

      SHA1

      e5c95b5eb4318cfe76d1f3ad98dbbfcc4d120e60

      SHA256

      b812cad369342a561c8fb90fb5662008159fc10698fb4e9ae5609249fc41fc6e

      SHA512

      d01b1e26c195c0246659c8cb15046aae76c5ae906baeaf8d94be221c7fea082728862d90b94e0c0d2da95c029a38ffabe8760d5597550e6b7d2e23a3f1b4297b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8cae243f88ec74596253a2cc81350bea

      SHA1

      0487b5c2d143a79a26af6557d429bdefba7f41c3

      SHA256

      ec621e452628d2486ac418929e6aed340a14e0d58959dbcde7a90dc21c045b8e

      SHA512

      27d44c168a3c7f67c10c4e036df7bdac8f4a30bc45fbbc194fbe3cf9a0ac37777c4aa95f604ad1a782a8ec8ff9f3231d3208be0764d5a77eaadea0c4806337ce

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      984999965fca02c8f4a4fdc0c6f8ffc7

      SHA1

      d33338618d3e68dc9c5e7fba8e3066488b25e42f

      SHA256

      9f882398bfe4ea8a9a0d3cb82970eafe6e3d6261a1e290178c478c1cbc20066e

      SHA512

      0ba88f3aef9c3a78ed8a6d4bdac33119031511fa2cc539b00e39b7fc6dec30c6062ca949a8cc40ba6260633a28113f57da6bd82f38c0bdd39578e5e9212d6fc7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4239ab22cb625dd8a0268e3f4ee170ec

      SHA1

      a3c99b796768d634d4e9cb8d5db978dc4e443040

      SHA256

      bbf5bc02dd077c07b545c538764b3e69e45f38382d763cc87da5d0b77e395cd6

      SHA512

      062d62dab577ee398c88976576cd9cdf53a71c60d6a78ce60e9b746881bb259e560ee24c8dab5d0bde5fb11ee7457ab1c2c2973d03236118d5d6029d66fae1e1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      06ffca5468ad769f5d13756b0fbe6c7f

      SHA1

      f8186565e022f1d5740663cbb25e828290b089db

      SHA256

      1c8935598b80aba0c83970d05a9c65faf53d785d3d41ae695ddc6d540b388329

      SHA512

      a305b99e40f9bc4b60f64d7bc3a7b4fcdcd80331adc3e2b31da37567aa31f7f51ef70c2eef77adcbf938d756160923079e18f4a4b0899fed03e3c8e2a33612f7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3f5203fadd61fa416911f15a762cb78f

      SHA1

      fde101c57bea039aa101a685adb0a9d2c05cac41

      SHA256

      1f74eac4c3bf6c0692eb5f8aa0c2c8b68ee874a6fdbc0d016c1fd1f5b2be3331

      SHA512

      7a82f67a0ba8ea7ce8d31c75c6b4a22516ecd8badbfa7bf9cd04f68c387116c9cd09f00cab371dbbee97787d39567b561c2633f72c56f9adf3e6834224defd93

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cd47864d12213f83e25e963141627486

      SHA1

      b68448e02d437a686f692f0c2f61a27e70947808

      SHA256

      fb16d0d5fd50f851f799d6d10a2072b3da16bf1ac4a628b7d74db39620f743fc

      SHA512

      af761c711cd5422a623bd31ff29074398039d36a09701ff28f02d1daffef4d578013d28c536abe48f6fabb23ee90de3f7277a4802a1bbab4dae128fcf514bc6e

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab28A9.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar28FA.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit
    • memory/2756-6-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

      Download
    • memory/2756-9-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

      Download
    • memory/2756-8-0x0000000000230000-0x000000000023F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2788-18-0x0000000000240000-0x0000000000241000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2788-16-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

      Download
    • memory/2788-20-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

      Download