Overview

overview

10

Static

static

1

74fac14bf7...8.html

windows7-x64

10

74fac14bf7...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    132s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    26-05-2024 09:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    74fac14bf777d50d5d9189aaa5762c75_JaffaCakes118.html

  • Size

    138KB

  • MD5

    74fac14bf777d50d5d9189aaa5762c75

  • SHA1

    fa7b62b0b0fcac6bcda17981eb2c9c9e88a40884

  • SHA256

    94d14bdd0432046600f2713cacac77a4fd310bd8e8831ecb1616c40ed3974ded

  • SHA512

    6e91301b9d870928b23cb824f5ea94bac5d2b01a8630fbf3c89c49e63a447ba096b3f47b53d329a2f3d3f37ac1b4165fb1cc667b70b614ca75e359b56a07c5f7

  • SSDEEP

    3072:SR5musZxF+m7jKyfkMY+BES09JXAnyrZalI+YQ:SDavsMYod+X3oI+YQ

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\74fac14bf777d50d5d9189aaa5762c75_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1804
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1804 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1828
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2704
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3064
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2596
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1804 CREDAT:209934 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2632

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      24201ed3c96b39c595efed5d3355cd43

      SHA1

      8f6fae79479895a16cba388b584998f7f31d6172

      SHA256

      66b7d63e4a6a9f6c00f7454f8ca17b59accf1ffdad842595c5d3d2e73880abcb

      SHA512

      3c6d7a722ecc10fd18013b65df2a45aa3309fbd122b251b5ac0866e840e366b05548057ecea96bd02f805e09801cbcfbfa0835da65b48522328f882e4b163daf

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      863742d2483d7ed61883324e096aaf9a

      SHA1

      2fa70f3fa31cf8d6a4bce2e4c92ce1e829b81b94

      SHA256

      a9e6718cf8e25115eb03d91f0c95d0fe7d404d13f5294442f47f9a47f3455b04

      SHA512

      af77987f38d93b6d9df6c5ca963754fae866dd16eff797619c73d3816482ec6f8c26faf284f0033aa2b8458ce2e7fc284e4d094b568be5d7adcaa35e88df5b04

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      33464d5e066a165e31d34928f7811e06

      SHA1

      1dacae3aafb1eccfc479d647ca55cfe00cdbbbb8

      SHA256

      c07aad1fd2da8a4207783768d39bcab6ba62e48827a70e61adbdd61337b55c37

      SHA512

      0a83c094c14342626248f09a12d955043651ae8586986912e574366cc008b9d748a154f89d4d3284b23a893a4bbd2af6ed24e619abdc4f37478f0d1e5474e90e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7ae0f5bc7b3693b1d43ace569a63ff65

      SHA1

      4af47f2206bc19688b96eadab3874082acf2b0b1

      SHA256

      2ab6faf345a19f0074fa7e45a8e00bce1ad576746d2614fc1f2c1a5e37c4d8bd

      SHA512

      d1255f1843a00c92ea4c53d8c39de8ef4ef672c703c3246d323e112e77cf02ae452a094b287bc146ac8318ced1f4a44c2a4d814bba910504505171fcb2ad9687

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      33c1a55698584dbd6d34a5cb4c44f6f8

      SHA1

      3dd828e87a5488fe8c5b0694e3e0f50ab6f1383a

      SHA256

      b4f936adad2258f1db8fe38ad899fcb58f225eb58d45997caf99c002f5af1809

      SHA512

      d8fe01996af7a0f51310ee9363f177a674f5c3f8032bcbaf794a67222b33214223a4b05ff7a0f6a810e70c443854a00a8fd0580e30360b3cd1dd7d90333db471

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      aa6861d12288afab2b42ab0698bf094b

      SHA1

      d58b2b54ba52656e1af818f23e61b7e2ffa476bc

      SHA256

      c3edb830ee7d96757acca52e3625964c96e4d02098678088df3c9cb569713706

      SHA512

      e0365a9dc47bb8891b74c5010c07296289f0d18de673b39792b842529f5f9aacaff66a0b534f8878b04c29e07910705535e4cea7a599d71bb6f0645f77ee284a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      edad6b561ecf00bdae63d86ee471e386

      SHA1

      36b32afd070029582a67415946c76c5ab932a050

      SHA256

      63a29b027968a925422d0ba26fbe0192ff19396f6cfde76deacfcc8a72159478

      SHA512

      81872a74cb1e168cbb63ae44d03a091d0e492efedcd07b29003671eca0cc2b481673ba2063c8fb30208379b5e27ea45f20ee673133ffd4e158c345fe813dfd94

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      161cb2a06ef19d740616d0bdf39a944a

      SHA1

      2e538bb3becaf93ce0dfa542783f27ad1340c350

      SHA256

      00d6bf63f6053355e2538667f0e3d87a1f988410fb6e2ae4f8770f46d675b3b8

      SHA512

      8f35431b3874fbe88c0a939b3ca26316c5a2317b9232cacc5d66ff64379e5ea1c13dc65141669ba78abedb86c3bbd54e7b741ab4caabe5ff973b8ac34fe295de

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bb0dc0e80a8806c35b4eb9ae62b9279b

      SHA1

      0a52bec454ac40298fd2ff8d480a846c6c79d4d8

      SHA256

      73c13920ab4cf976b0a91324383f441ebf72472c7bc2757e9668f1b464b81b10

      SHA512

      563a2e403f7c16c4b4b5c8b91ccea6a377fb372f558dda1b18970b3897a2ea6140d887ddc96df98fa8733b33ca5d4839c813026978f2c33e630e4720444c496e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d492d6d50db9f8fab5b6c490a99da8e2

      SHA1

      0b2ba6c8602bfd109c92c5fd8b68359d49896e16

      SHA256

      4fa337b2b794fb2c541ba314b35e85997265bfa3a85a5de5c4687d2ecc099390

      SHA512

      570fc81446193b93714fa4a838579a96be942c10984d8a1093a2f38d8131c3ff5563e2feb69e9ff5b1c960cf49892e1bd091000929cc42a4677d464e4ef02ec6

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      12bdd25a0445229b5ba7674a058dc178

      SHA1

      7a3b69a8ff737e7abb88010baf67455b67291d69

      SHA256

      f18597ebd4ef659c403df7e9f6f182aaad79c9b6907d8160375002031ac48cc2

      SHA512

      6b36c385f7145ea8a9e9bcf259d0d66d8865d480c9b4d2e5f45a1079afd2ada440485375890b3e0e9d3bd51b9ae4b2b104e4b77a4684c38ea0417c408c269945

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      efbee116401d6dbf901e85debb4a6cf3

      SHA1

      07d984c55a07bda99e944e814cc948ead9119d44

      SHA256

      24c0fa638776fdcf0cb768a9bd25dfc5ef3e5edc4a8029638bb2097dca699aab

      SHA512

      67ef64ed06e257011b0221265cd7d7f11a53756b72ce56e06efac2b4be4d588107a478b4ddee05ca7bbafda8849d7b84c89c428bd31b8cfc23e7a6421d718aae

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      33fbc6e66ce37f2b3da9a8e5d1da6d15

      SHA1

      ad6fffc95b260a0a3f5bdfda704012cf1e5a46a2

      SHA256

      d2e37723f36286c957d001644de014b3ea1a646f899030e653afeca1efb88230

      SHA512

      ae2c758fe6fcd6f33cd74e1c7eec8e83d8a1140a655fec350f64d98e3b3991d62394ab7d2806b95e9a72edc11c680d1249a738d55e44fd61e7d6a05b50a3e173

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1e4cff5af4a251278b0dff2383295e02

      SHA1

      593dad9805c5178b4bebace963b98a1948fbfda0

      SHA256

      5425163cf10961d140912be310fc4bfdbac00def91831b984d51810b792336e9

      SHA512

      1c0eecc64ed40bb1625b6bfbcbf9d84870093fb7bc9d70482295ef2c0681d556dcc022688fb82e0876bc9d64b6401f37e67d5ae2e23a70b737292c0ef4d3daf8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6e204276f62e6333bbc90e5073434a3c

      SHA1

      6a9747c3317de7f3998bb8118f30562183b1b674

      SHA256

      32c1ec20d4e365af2fc8a80f4382333b303dd2d6ed5a4ac6edf34d3fe90aa954

      SHA512

      e1854797bc2729b39b4a6a794c5cb130b4de2ed251aa1bc656854baf26ebe494701689ec7c6f1dcdcc5ba03efb471991a829cd3e0617c77dade2c31e4d23b623

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ba7d93e7b58f0732685dda8ae86ac0d2

      SHA1

      da67bb68644c173c34d41cd1c9964985648b6c7f

      SHA256

      d72715a441b82195a079874bea1b750170c2eb3a6a9729b4973a1dd3f9b7dc3e

      SHA512

      57c70219af6c0dcb9a194d4e18952419a71c726865a5e4314dca0d4ee7d1af3f7d19156d393c8d5bf202b1d4153f3838f03f2d3279f9e7e6c8f46e2f3d816cda

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f241ddc3148b62e74837259f7b3b416c

      SHA1

      4d68abf04ac09ec9caa52c584e7d66a28b4e128e

      SHA256

      a1a82ee590691a9ff4892e3d7612aca84eca5f5f52d96ebd8ec6f2721d7fc4d8

      SHA512

      34ebc99fa291857d0bc8b9c111e8a5a20cf4978cf06e32335a2ed8594f6b045b98713479f438b756bcf38c17433a5c61e099a34ebb69d814dd307ad81b7014cd

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d2ba8cdbeb090f0c0c67a7f7007ad93d

      SHA1

      1fa92c79ed2a0fbd025e7f1bfb3daa59f17a4679

      SHA256

      1de2cb03cb8c2a2e6b0338b1ae6a06a9ddb67b3b5aee497d7b12670703ecfdea

      SHA512

      291c152e754128523e35f6cf682dfe25a3ea5226199ba8af107b7a62740a56d3d545b4c996a94b8a27769f202a0b4ecd08050418c9ddd60fe1efbc2fd8a1c7dc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fe9b2beaf5ae3fdcfdf0eb41c5383acc

      SHA1

      e5a88f70670da1afe6ea3e260900c6f98db340c6

      SHA256

      c6b49c065ab9132ca0e487f6d12b7243c419a4054b9978a57cb3fb78084677bc

      SHA512

      703aac915476a6a175318d9db8c58463b1e0af65401c12d37ff56173f2a0af3f493db62c889b79b3784ad0dc0c460d18f26d41923b6ee159fc5f9c71970f917e

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab2253.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar2334.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit
    • memory/2704-8-0x0000000000230000-0x000000000023F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2704-7-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

      Download
    • memory/3064-16-0x0000000000240000-0x0000000000241000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3064-18-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

      Download