Overview

overview

10

Static

static

1

6ab03d0684...8.html

windows7-x64

10

6ab03d0684...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    133s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 10:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ab03d0684faf7331b96f5c36d7c5c3c_JaffaCakes118.html

  • Size

    146KB

  • MD5

    6ab03d0684faf7331b96f5c36d7c5c3c

  • SHA1

    d935290f3353e3ce5d05361dc550281e20c514d1

  • SHA256

    3a13b1dd47394f9683d0b7ec19dd865aafc2c6aa9d9e189edfe8f2a52ad700ab

  • SHA512

    71e434f3d168858431793b3cadb5ffd009a820274ae5f5a25e9bcd076dc05073ddacbe2c52d4060806aba8104e396cd49ca70369626afccb66800e3ef3465e77

  • SSDEEP

    1536:djulsLlyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9w:dulsyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6ab03d0684faf7331b96f5c36d7c5c3c_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2216
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2516
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2432
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2424
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:668675 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2428

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d58bf4a78988ee13c4d4c9a11a57b372

      SHA1

      5eedf6a3502e3101f98548095863b6eeb7a9bf42

      SHA256

      64c73086c38709cc493a94d6ac4fffff8335f5c92395cefae3269dd606257828

      SHA512

      3ea53e0078f6d885de7066ca6b5fbddb5e92c5b1b2fb3de9ce2bc055c1505907f198471047de2c326261d4a36dda2694d027c18188eac05251050b5ac1d3cc13

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9be00682bfa37d6d15e09ee77c0b9caf

      SHA1

      789f6840c173ab1de8d12fe9428c8a3cda9d2c90

      SHA256

      539f2b21ff05cc5ed0e49456e36153aa02a316d44758196cd78156c0140fc5e0

      SHA512

      91046f5e1a75fdf8eb16d6340a51166ec9a7199d5241217cb98a645abf2db55093f724c16fb7534ef6e102052b6063452dee92eb663b85955d604ebcdce2ee1f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      03ac64450b157d4591775d512e8f5e18

      SHA1

      6e0c7cbf0cd31b72979a99b48235e3c96f557da6

      SHA256

      1b0eda0471e0dd115c601d64632bf7624e53a38ee8515db43c3c0af3998150c3

      SHA512

      d4d88d0ca83cdb25121b5d3f29d144ae246402f3ba70e1e6af910716f1f5524dd17ae61e7450a3eb8f9cef937569f9ba287007fedcdc4895438d4fb973cc439c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9131a813a88c942a1ce8ec1513a7405c

      SHA1

      492d8515a5c3d92f70e1cde24952be3b3de52a7a

      SHA256

      4fa052b12f608373b2a50a75e40348a6a72abe1667c16f134b3a1f051c2ef929

      SHA512

      d72ad73b887dfeb9790c45ba0a162024eb9a628d023f10d0d60434f23cdab6c165485f7f86c514957ae23ea803db55d09e1d366108f6c10cfe5a67b27af7d194

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d11b27d99c25833d801e1ae2eb5d441c

      SHA1

      bf19fb5aca6d7d1d1315bd6d261f159ff849cdd1

      SHA256

      0a675bf1b3081e011f776b02bb95f2420b294106a6ec0e5faa73acccffbfaae9

      SHA512

      56e4d8b12d122deaa06d69e3b4e12a3ad64dc33d32bbc31eda2d92125ff9d3c3aa801864b3f6780b1a85b0c0cd29afff05f5aedefcea8ce6cfcb6f83c1fcfba6

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      65391442ec9da2f79fecfa1bcb917746

      SHA1

      b02113bf5023f08cf197b6cc248410051e87fbc5

      SHA256

      0984047ca8d48c9efbde4f8680160f8fb3c5ac38d5f0b8d8df5921bdd35f3ffb

      SHA512

      25822714004d16650f1dee5cf673d3e617ea91f2881ad36747e3ad1bd9fde1c8ec941c65c24275dd0a4b7f09bcae644c4b727ecb7f47a75ee0f7a1ce59338c89

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9149f571365a911791229fa21a5b77fa

      SHA1

      9fd58a05d3ee5c826516366aeb0fdc2763eb43b8

      SHA256

      59f62f4cf3f1b271858702aa71f1e3dc61f04ac2aeb46ab57e04e08a1729b112

      SHA512

      8fd8f30042593d9b4c50d9263748556873fccaa34420e14776518e263235b9c0d40b8e1e0e3215c87a420d5827fa4c7464fb00624a42276f546095314b5dac32

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9ce371bc4e4ad9a8cf3b37aece2ee69d

      SHA1

      440354f193edc1d8afb106f22abf263df32707d8

      SHA256

      fad1a8238cea3eb6b5433106f4cb0b7b8db3e7adefe6e012e2f1b0f29518a5aa

      SHA512

      f8733ce98c236186e2a8e65e47ef4578eb887c0aa73e486073a30446d6239a8be18caf18be3eea325343783073119d8d82d1412bc1f9c84ae85861e4b4c58fc1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bd27db8934e36c4908e4509e33348af4

      SHA1

      437f2b1ac9a07eb08d92cf8e57c774afc6e59d98

      SHA256

      d6df155361481dfba43cfc837fc5708d80dac0fdeb41cb6fd2c9a9008c1006b5

      SHA512

      c144a1b59e21bd8adc7fa11d51d760e436435b5bae5465ad1602d599e4ccb9b4f4beea9025b8f7f5c7f324a65c445458c808f6c623337d1e48a168d5161a7e5f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e1471d66fa5e25b4caf3fe9862e7f961

      SHA1

      991cda225d30c4bb23568e243a0352390b4f2115

      SHA256

      017b0b783f93151a05c0b4249e995be8f5690fb8eb8c00e6579f51905d6bd681

      SHA512

      cfcb7e93bd57a85ddcca65a605c6616a727a3a8de6db5a3738affcdbd415faf47fac76df4a1b42002580eaf08778233fe41c10f532c2ab9a2598c8321987d9c6

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1e2264e9a2a00a1ad8f4bc4785534c0e

      SHA1

      9796b4744bf4e6c5fc203c0338de610be2f9e599

      SHA256

      a1034d02143b62efe458651c8b7ad1d719f5e34d53c3de35e46c9a7411cee90f

      SHA512

      1cc23e6f6a04f3d9de82598529b097cb3194c6b59c9a51ac28eb70a14c22c20f47cd48a634134d4f88c45afe04da610a2bbc990dbf95dd3471f04beca6b644f1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bbac93b19e9d63ac2f60d4794122af46

      SHA1

      ac54603c572289205e8a13fbd93f5bb97c570477

      SHA256

      b8e07f9a714e407dfcc71b858ecc8027f89d209fcf8256109aa41b37536cf2be

      SHA512

      3d85b68b49c68ee111af600ad30785f2e00d9bacca1f3d1ab2f374629707bcbb27f5b3baaadcb8157e519e36b71094bc012a8b3497a50fe28d00bc03b5fc1bf4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2fff1855effdb3e23adf13721c5d57ff

      SHA1

      6f0df4122cf0295fdc74d7474299164269312909

      SHA256

      a049b913fbc932e7a1a40c7e99f3b92265bb02de58b41715b41ae7172ea32e8e

      SHA512

      b986172813d53399075a09edab7dd9682994cb7f4bc044e0dce9c1700bf32017c22fce75ac700be09af943558260b4450b268794be18926b6edf43934d33e771

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3ee26eaaeb6b96b944fe936002669dcf

      SHA1

      0a30496cbae2aff633f30aba4e34c10065084ba9

      SHA256

      03e9f71aa97c1fdbe57e6193c5af9e8ef03202dc1da4bbe9ab935faff035597e

      SHA512

      74ec05bed512e3837da30edc2c7e9e16d6467fb412cbae654d08bfb1cce943a18919a81eed458cd3d895ff7c0dc58518a17bd7627ca2e446822cf24de5185d63

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      720236858d79ac353cc7e15686fdbc22

      SHA1

      0cc1a1eb71237f3486aa0e0ccf57c68511911df6

      SHA256

      f240f3adc5f05a41da640bdffd16917734d9c305d24ddc5c59394e5c4bc56818

      SHA512

      53062ae5544429eea34a6636801c0deb42fb47b3645cbdbebfa3b8a1b6a8081ccc3ac0b917d6fdf61731d9690a0184d90be6c6e78675d5f873694aee5ff0e9a1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      da47663fee5987ff111993aff6cc6b4f

      SHA1

      c380142d1bb4ca3543f4456a75f971e27ed5c1bc

      SHA256

      8dadaff9a64da061d87cbf0f43173e1c2a787b0dcf6a10f162427efc03e00426

      SHA512

      8a621eaf553bd04e16f6602ddff7eaf706f3a46bbd3d8ce9269c18bc5057e06960bde98e4b59a64362c70863420f75b78cb7acd6e058fe0d8827facba014e6f8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cf31d45c9a5b6f1317dee657f264e275

      SHA1

      a6cbccbfd5bf7175caeaeb917892991cd3487861

      SHA256

      bc3f2cf55f31c596b75fa0c260af0d5aff19c3f617fd0770043ffb4b6d1b91af

      SHA512

      2a58ad2c81445c8a92211290dd43ac377de21875b09b6485bde3cbb94e7cd2ce546ab4476e6656348e0d75e787b4a66911ae49268e1ef921032154ccbe9b6ebc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      83321d48b99de92bcd24e38078e8072f

      SHA1

      a945eb304d17ad8d62b8c73e42f8774129c480e0

      SHA256

      101187ed083227a890b93974611e7be3acc11e90a13733bdc116856a171ae2c5

      SHA512

      5d2e987afd4ff40b82af5b1fbb6b4227ec351a86695d49f08eaac0ea1f234acb38b3fe44621042c55deb8a053e7ec9cadaaf26742dc06007e044ffa7086aece5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9cf9b39f98458fd52d6db91a75279ca4

      SHA1

      7cc64ae00a2572c55f21258efc70d1d82070c75f

      SHA256

      e6c99a6113be941ff0196ec6f1d0851a94bf0854c5bf4bb331683dd69a00143d

      SHA512

      7d2d8266832c038578120df6879ee15424eef5b4a1261b71c191a3e61dcf95179d4f016780c513675be192fab567feecde1ec7b346a0d4c5cd056b1cdb6bf92c

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab2444.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar2536.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit
    • memory/2432-16-0x0000000000240000-0x0000000000241000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2432-18-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

      Download
    • memory/2516-7-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

      Download
    • memory/2516-8-0x0000000000230000-0x000000000023F000-memory.dmp
      Filesize

      60KB

      Download