Overview

overview

10

Static

static

1

75483b56ac...8.html

windows7-x64

10

75483b56ac...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    26-05-2024 11:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75483b56acee2efc20bfb6dc0f210dd3_JaffaCakes118.html

  • Size

    185KB

  • MD5

    75483b56acee2efc20bfb6dc0f210dd3

  • SHA1

    35825185d2fe3b00fac99cc3f9ff476a130b5c5b

  • SHA256

    66e391d8830c55ec30a088f5bcbba18b968d2799f069754ac7c9dbeb942e5531

  • SHA512

    a06fa7948d95ab3baa60d1f67a5a6ae4bddf030b7cbd52cfc355658463346c6a5c798c95a5809e9f95a9c641bd8dd051a9ade9d10eecab11de855a4b636963b6

  • SSDEEP

    3072:Mtb4yfkMY+BES09JXAnyrZalI+Y5N86QwUdedbFilfO5YFis:C1sMYod+X3oI+Yn86/U9jFis

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\75483b56acee2efc20bfb6dc0f210dd3_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2416
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2884
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2524
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2552
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2652
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:472074 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2780

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      35f872b55d9234173da88c80193da5dc

      SHA1

      f12689b2d17ba847028cc372b1b00f0ce6d40ea2

      SHA256

      5c497762da227e2a53602080f3fc2cef915c30adc8325ac60af063227fd2a4fc

      SHA512

      811630a41eef8675b35ee55598640aaa700042e91e894689e7966d03eb55ebb739a0bd84c4666670ec1d6104eca8be981d4cec5db3a4137991067a5d56181dd6

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fafeccc70ff8048de3a86c00d417f17d

      SHA1

      7785ef1c13952a2a0410d20266d18e751a62f70e

      SHA256

      b7227967976436520a74455614f18ca5c042a926ed73e359171d6b2c3161ca41

      SHA512

      ffc123e35d28280de3e3bde880cba0f08512671dec03c4eeac9ac5e767556072be89516d2b91755c92653ac2e2308f8b827e5154631de2ab188d2f1f071df35a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      066c7f1d5465a9be686831213580da67

      SHA1

      a53a18995090fddc30cc823d8e17d2e7652a7675

      SHA256

      9e2b62954457df02d5a9ad83d0a19e5f4c4bb62498fc75038bd2d7fdf4a66e3b

      SHA512

      d2b20d56c7724895c1022273d6eae7dbe72d1a66ec6c0188b6182637e39bcae028bbf499902337671260c8252301c11d1a48b1a4c377674792151de38c808834

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c759ea8ab70f1e92fe618db2a411f327

      SHA1

      28ca469aed0e69b7500acf1f0167d97317d30044

      SHA256

      a96e8ce559684293229c07b683e49cb66529bb72ef1736ba702d89ce4a6c5c8b

      SHA512

      0fcac83ecdd0628755294913d0c6f0c3364931609bda573b06ee69c335852a4c7666d5d33b24dffa4c97c5f5a4fa95eda968064f6e2e1f350003d22217d2df35

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a13d548611581e18d6ceee84073989b1

      SHA1

      5662f73d1c0552ed37e678d2f298c4949118a4b6

      SHA256

      cc57039f63a6de7bac878d580acd7b7510e0d50f5aa3fb696f122337edd1a721

      SHA512

      862eab6dcebcd1ffa2c5f77eb01024a876997b94427ae373f19c08a1a2e8cdafe6cd3beb2dd0fb4b1f2ec0743c807b8e14829f938de0782c61a96596f8a2716e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4fc94f61b7f2e89981414c4f6fc8269e

      SHA1

      bead998bdeca1d0127656f9ec9e6e77170f53b11

      SHA256

      c688aa8f746b18920f0a98b823331c9488562fade8a7abcbedfecabef640bbdb

      SHA512

      a8755fce7b1290f7653c205d1b417d5a02d354213f4a48246c34ed8c4902b2c3ff814b1efaf72a069b780e0fb49b02dc2c65ffaeddf3b620743d9acfea5274dc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      aae72f4cc17e2016aeb8778bb3cfc89b

      SHA1

      cfb52ce1972437006a917e9f2326f0b4837172e6

      SHA256

      3c3e085e57a663129a7fc7a302f3bef01019061fac5d6069061d566fb92250d4

      SHA512

      a1187b926ce751ef80a433918bad665c48097fd193b4d6eb0dc696395c0cec8f17e1d7758d5fa19d0b72df96db8ffdfec633d4732829e67382460eafd23dd8c8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d2415fc2204f1008dce022db591c3f54

      SHA1

      3fda874dcbf4079411748be5b47ca150b0db1964

      SHA256

      3ce830fb9a8b11fd67eeb54222a2f1117cd0d3f6fa42d1fdd8cd218887b6224c

      SHA512

      7749fa716f7314755c52cea491d6167927769abfd39be469edcbdca413009ec526197fead2ac66e36aad1f10b0347e6236cc06d65cfbd151fc7baea7e5b6c178

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      577fc1a7809d8263108dd608415f6698

      SHA1

      1dd1b709807452f95488aaf85d54f64dddd388a4

      SHA256

      1ba1acba3b1390e13b599c275ec07b909be889a8ec7b86ce98d01b0e9699f649

      SHA512

      2a052bb1f5809c22f91dd42a9e2306b75fd87070dadce5671f8f4b78d85e82eaac1264363e0a56ebb55ac0aee32dd7617fec00ab58082a26f27ab53de9ff40e1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      92e40e5a2c9d6707cfecad74ec4a5b90

      SHA1

      83f077f5d6b16bc9ba8a3224d76ab3f997b47b94

      SHA256

      acd2eaa80770f7f705ac7c33395ee8637d80d2a9bb37adde13f8e2f2899fdbe1

      SHA512

      2456a181cd474db10ba715dfc5023ceed45f6e395cf4be7f0f8d769e87d665156aa684f30e8d77f33457d4d13915320329c6c91e9d25a67d74c61de6d5ce9331

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0fc7f3fb97e4d8fbc48f6bf977f3feab

      SHA1

      5e07c177d6e19a221e1b4e1101a7e1684556a8db

      SHA256

      7450ffecb6e5f6f004d5b9bd586d91e47f1f86bff0be0f543c1a0bb37412eaeb

      SHA512

      6dab3f91017d24070b77f795839d19f8208d9e52830299be28170a9a90a34313b40d0d8709df0ada19817096d517ec2cd0e39a17e13c8fce3f70463291a25b10

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0a22ea362326b5acebee1822da12410f

      SHA1

      734ecf9fc25d72c12805423ebc48b26d679b68d9

      SHA256

      61db937767fb5bfc0f48c715de329b6a6926779e4f0883fa864de7ce48895181

      SHA512

      2d299035e280058d7732feeb86c2b7ae446309ad36f0bd0d42277a7b933fd5be4f2406638bb03ea765dcf5b7c745170924c1ad4070be52493ea352f681b058b9

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6827900429971a4f20dde8ce7f2c0310

      SHA1

      ed4e337ccf07cb893bac7b78097cc2962f6f80f6

      SHA256

      2357f36fc92fe614dc9c4d30c62b0d1cd792d0841d1fc68addd69456ccf372fb

      SHA512

      47c13fe135c403da8f94463ac487ceffcca139d2d12e2233203f54de164c2068a233c9c0bfa15e0339fa1b88400ff33e1758aac0f08e6dc6bb11ef949e008de0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      40342e8e0f163eb90638629d4b405fad

      SHA1

      8c3f3d5aceb9298648b8c5b964bea928314f250e

      SHA256

      8b219c984ecdf8d207b94c0ee4d6c061d36d8a53bfedf506ec421bae873ca710

      SHA512

      85b0ca8df0c9fdfb8c4dd6fffe7244b17c3b3c1a3210091db6d0e74ecc5dad25a7d4a897da2c69bd5ef0ab2772f8d7319de2e25a7a8c2591e01e9e4d43285072

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b95c36b43c4704132a352c3e0cd9b491

      SHA1

      734bbb0f875d6ea2a200d08d96adcb295bfa6059

      SHA256

      6e36cce6b153bb1b545ab5387ab02db34e804695bd68e4df8fbd68f9aac0fa27

      SHA512

      15e13a3df155daf67a00e1e22ac3bf2b8cced010a72bf7336da4f9718b6a2444a5813ff9e2181550227797d842a29c074c12f737b71c108155d71d275cf94f0d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      02b571e5a3f885f0d1af7bdb7374ccf8

      SHA1

      1aa0f917c1ce2c584821828dcbd9be12d883355a

      SHA256

      95384d5bbbd217b114d469c711d08d3707fdddbb2750b9f529ed6d24c0d476e7

      SHA512

      3476a1582656d6cdddb1134917f018f973607649f23c8cf22bffee50b3a4e831ca593bf57f2fa706c54066b16ca34b63a5260b67dd62c5ac79fe6cd03a90c873

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b1e305cb62f24f9bb6361486bb3433ed

      SHA1

      cad1a6d7468c625117e829880d5cab3edcf09fa7

      SHA256

      525aefc1505858790f80c06a13951c1bcf603e4df0abaca5df53b8256c771a98

      SHA512

      8e37c692366355ead3a5d6446b1f3b662758d435f21a3ee32ca30147657d928da12a053438c3030572e8468b06a3beea4131a8f3a7c6df2af3f9ccbcb28df0ea

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a9acf85bba8f415e3bf35a7769d79e47

      SHA1

      867b9c13e0422099980fe62f2c6e3e8fd88a18e6

      SHA256

      c762366726ae89cd849bc2a0205b555812fee1cb70dc71e7de309345f3199b89

      SHA512

      3f4f39e7f0a7684099cb9667cc875522021586c04ad4c3d91861d9d085dd0c13291cf1e64370cfd3afbfadf5293a1c4301342b9e8afbb94ddbccfe3381d24b3d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab3778.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar37E8.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      83KB

      MD5

      c5c99988728c550282ae76270b649ea1

      SHA1

      113e8ff0910f393a41d5e63d43ec3653984c63d6

      SHA256

      d7ec3fcd80b3961e5bab97015c91c843803bb915c13a4a35dfb5e9bdf556c6d3

      SHA512

      66e45f6fabff097a7997c5d4217408405f17bad11748e835403559b526d2d031490b2b74a5ffcb218fa9621a1c3a3caa197f2e5738ebea00f2cf6161d8d0af0d

      Download Submit
    • memory/2524-8-0x00000000001C0000-0x00000000001CF000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2524-7-0x0000000000400000-0x0000000000435000-memory.dmp
      Filesize

      212KB

      Download
    • memory/2552-16-0x0000000000240000-0x0000000000241000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2552-18-0x0000000000400000-0x0000000000435000-memory.dmp
      Filesize

      212KB

      Download