Overview

overview

10

Static

static

1

708a49ec71...8.html

windows7-x64

10

708a49ec71...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    25-05-2024 02:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    708a49ec714ead67e5deae1c7f9e38a9_JaffaCakes118.html

  • Size

    123KB

  • MD5

    708a49ec714ead67e5deae1c7f9e38a9

  • SHA1

    8a0cf525cdaf46dc1c69bc1848f2d5863a0f178f

  • SHA256

    e2550db933f4d5ee9916b607e407ddb06eed5c84e6ca65b93247c47439d67e28

  • SHA512

    8edaafc9b0a04fcfff56c34a10dc2d2986e8d739fab103e6d1617e4897750593dfe2dfdc6828a8c07debed6ad7ee4fdbcfc9d55755974fd3876f21976d2c9726

  • SSDEEP

    1536:SLZnyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGCW:SdnyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\708a49ec714ead67e5deae1c7f9e38a9_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2788
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2716
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1224
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2540
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275464 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1252

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4d2cc85a9e8be2e704b2bb1d6b1af905

      SHA1

      b85a46d63fe8f0e83203e10c9cad8ee8d36fdf80

      SHA256

      3c4cf064ebc8be039e4eec8e015f169049d62b88f861933796d67c5db6c1d893

      SHA512

      bd35355f95dc9bf61165f028849a301fd9dd57db9e63814224f8bc143c9ff52a813c33a7097c45fbe8cdbc3479b44bd7d9e480d7c8f334cc637b4abd40599786

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3343df964a990a00b8ba7ee9282c2009

      SHA1

      51cec84d6ae9aa0447c1e6b62a3a0d1bd735a266

      SHA256

      51e8c94370f8e0e8aef11b12a180494a6072c57bfd24d7cb4496f0cb3ebb5a51

      SHA512

      16eeae94753fddfd03728761aabd22b9eac667803303506e5d8b1aff12dcdc08ad41ef2b36957b1c1270d695617d325e09907c6b8ceb6547c30497091ae954f9

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      af5b9689a782ee14744488c79f92aef4

      SHA1

      67a8d7a0f5d61381dc67676f62b8a416f647a391

      SHA256

      2c7682d9e2ec4c380845d8c12007769204b354480e23029e9a891b58078378cf

      SHA512

      080140d0b4488c9694dfe67e27f6c488fa870e7306342f9ce1c5832c59ab4ed4ceb53052f966d0a49b87f19c7b16ab104d5441f516c0d709f683b1de90a9acfa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c29e95f4c6b84080fee576bf2ba74446

      SHA1

      6c036ab047bbe00614d85d874bf85fa2650f1da3

      SHA256

      c69aec7c53be138a28b2db14e181d39efcf56054ed6da0b5e6288c9cac0aeb6d

      SHA512

      a22443dc7f25871291060f9294c827cee9a887eedbe432cce08923c1818b87284dc437c404025d7abe0371cf1211f1e5022af31912498e177213aceb0ce3613e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      80d68e853a933e4b2379178ff7d18a5c

      SHA1

      9574fbdd21cfc7f369728b844c1d48cedb7d9422

      SHA256

      7ae36efc8c6e22fcda721705891d10440ad8abb6989516bd6485aa6222f1c369

      SHA512

      c412cf5e409d9d063e48bcb558a55c38e49ba22f43a4a090f5a8991b5ca8308d5e7d5604889c57e38151b01712facc28e7cb979da2d07b0e082fa6f0b9adcb29

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      32f3006060d025e15f36eb675043578d

      SHA1

      64dc495445e0c70bbfaf2880e050e16efcf48c57

      SHA256

      8c8fb396b8acc548039a69753c76b400ff98d6a041868ab4453e975ede9888b0

      SHA512

      1019a11577920956f0d66995fbe0e2458b76803548ceb99093dad2854641fbc54d4a0da4434ef68f0102a9273d6dbe10c88a4ae1dbd91f323880d4682cb4ab50

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      412ac69ff4b8725353fd826acf1dcf7c

      SHA1

      3374211a787aeb804d896318a47ef5558957282b

      SHA256

      9532315f8d7bbdd6c25cd7b8c8d9d2d7340a7319ff36911624d5dde43c7a3831

      SHA512

      791b7e505d09a78ac9c0049cc592ee3627a84bc0b23e4f4d5046dd958b9839eb6f8ad7d60480d435320229835e916195ee4ef78e695b77332629b8fcfb2beb1d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      88089568b750fea6d7687e6899dc8590

      SHA1

      16210cf38534029c16db366a0e3c174b11daf4a9

      SHA256

      35f2d489101e1815d02cc4b93131ed4fe2962a3d8b2d0d5dabb78feee993bb19

      SHA512

      be7e113f0ff08bb3715379328783b62df2b2f33dd70b338dd558ccc1c0437fad884e0520fe3ca75dba6c66c9f91dd5c9ee2cf50eb6c9794fbef70c6a2a372dd0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1a1fcd36a8dd64a92ff8c07f36a9a72f

      SHA1

      20d7b271cc677c6e7b8c771a4ed18f81ad9da35d

      SHA256

      b47c704fb74cd77c674ed4cc30e5949df6251d6cf9daa0fb29260b4f54953161

      SHA512

      dbeca14ee4c93ccb5204fc23c7c76368965f73392ae6b980ef24dfa813deecab9c6b972725f07bb77a66ced58c50fa7b5f99ecce084f2f2d2e4c472e08d3f60c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c413dc6e839fc9cc76446af9d813d519

      SHA1

      866a10ceebf466e44ccd87d4fc5bc8ee1adfb800

      SHA256

      ebd2bf20c8060654475d1ec3a89826702e78d8c670670a741be23fec905a6619

      SHA512

      ddaf71a0d38a5e0b27adb9f5a4f69c9c027811942d6340c44afdbdb995dab7ebad755f1f2207e95f0eba46eca694d6426006d5b3b2d2eb8577dd65ed46ec32a7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      48958b02cbc348dce5ce33ad0aef0b9f

      SHA1

      a678cd0a3e0bc7edfcde50e908bd7c604acd992e

      SHA256

      e1310eacc2678843c63922d9a338dc8844988aca8a6663fe6a268bf4e79aa5d1

      SHA512

      2cae45e91c8d71adf15678c04b6d129aeba708c6331de50c6dcd9c31cc8c399dafc8fc34d8dcb527ec52256c6708ff3a4924a03759c4753be196cecd4e02684c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6ec71a13df1ff2cee02b4d9f50918c48

      SHA1

      59b532f95bae502cd3d6495acf315b5a9f83e2e5

      SHA256

      b768b000dad42461880080c3066150b137b1e6216059a6f43e335cedf82dae1d

      SHA512

      b4690a3fb6f323568611000a669b142802b5d2e71f88f8e2527bf4fb77538b61277ccd47319d96984b4458d756ace46fab55022a7a0e289e8aa0771fbac251f2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      87782cb517720324393a1d6341b1950a

      SHA1

      52898cfccb3ce5256795ece0aad68777d18d56c4

      SHA256

      6d9730c11007b0750a981f7778044834f0d2da3c63bd92d1062540c708bb3a40

      SHA512

      b706caedd942b7a03e6fdd3d00092ecacb46e508c2f49633c0ad3aaf9ce7d1efb4976cfdd9efd3c6248b556d7a69c7572e68577d2c8a28c94a923c5752e02a20

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      47d39fab260921cb10f36f476c317d06

      SHA1

      ca76bca096ea093d408daba4e6aa8f7f511bbba7

      SHA256

      2e223ec87a5a38dd048da80c3717cdbf9421d0d41718f2109fa7b385e211c3fb

      SHA512

      fa44592f513b1be5a982db04035051fac9732d57b9865ce87783f9306b1ffb4772adb9190214de4d56c89bd74a29d18e7f62f13268ee2cd9c845788a96157452

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      eac74b3647f5460aa13079a00e1282b0

      SHA1

      c46359e4d39d043309b442369b061f7972cd94f8

      SHA256

      765ed3b64b666b674e4cf578ff27f651a9ac73d7391ccc0b4921728952b1f2c3

      SHA512

      2bbe7b5d0feb24f9c881433865ea29dbdb13d3c150ed901313c03e5616b1010db38c6cc512a4e7da613c27bb0d5036cca32ba2e2ca988eceab90c2dca819d7cd

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      85f9955ceb3ca371152c14d9353c4f1c

      SHA1

      88af85bed5d231316f66b1e054fcef4b72369417

      SHA256

      e43871c90d662a35f876d3e951c7558b9c997b95955804e30c50a0f2cd768efe

      SHA512

      2e92659bf81b9c24efee2e96d62d8a6720a32ff5897bfe9d3d86ac3407f3ad469f319c9a22240516fe648f4f4f4f5b3551ddafb68ea6f027abcb14c13d4794a0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d68f62ce1e97d6d9c01835cf9b617b88

      SHA1

      1d369e417bce9aad1bd859e0d509e7c77a5b720e

      SHA256

      e64a208aeaf07325d0c0636e5686015157f6ce7158cdb9526d236d3937c4cb09

      SHA512

      99df4e7f0765b9d002aa9f933575fc5b862f03c6e8d1a6614da49b1e193141676c82130ab44422a346f07428a4d544f18ecceafb462c8ca992c9f65ba2ea1fdf

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7e8e0dd08592237f9038df9eebf1e743

      SHA1

      de578c3450104463e49663de5ab2d0801d05e782

      SHA256

      ff60c32b3c846039584e04756e8cfdee283c078ecdf3b506c955036912753248

      SHA512

      af340ee08564db8d7196c4926bf2265ddbdaf06396f3f3bb7b63da0d5e9b2fd9dd579c6b02fc3097fffad78843f657cf01669768526dbc9a731b34df14e492f7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      70d300a11ea580c616ecd8348a02e7ac

      SHA1

      a17c12114a2d6fa77581f34c01523434ef4fb8e7

      SHA256

      1a3b3d67475cbf4918060fab537825eb3b220fd69650a31c0c8ec2d86a0ed4ad

      SHA512

      2a17fe17f0f9b5c9411808035ead5fa0e942e79f83cf3666d17ad312f6df7577692845806513a6f74c1e22278c13f704a88c9da1c161be6132f7292dd6ee8ca3

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab367D.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar36DF.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit
    • memory/1224-18-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

      Download
    • memory/1224-17-0x0000000000240000-0x0000000000241000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1224-19-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

      Download
    • memory/2716-6-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

      Download
    • memory/2716-10-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

      Download
    • memory/2716-9-0x0000000000230000-0x000000000023F000-memory.dmp
      Filesize

      60KB

      Download