Overview

overview

10

Static

static

1

79bb1abc15...8.html

windows7-x64

10

79bb1abc15...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    27-05-2024 16:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    79bb1abc150dfecf1fd6b78bab6e8c96_JaffaCakes118.html

  • Size

    126KB

  • MD5

    79bb1abc150dfecf1fd6b78bab6e8c96

  • SHA1

    4680180d7d72b88f0001aa0fcc1dfadf4647ab84

  • SHA256

    bb42c3dbc462d3bdf279ac768a243cf264d541b8152ee14d0e3812f23299829b

  • SHA512

    e3f14f2ac43408b2c892d72d5fdda894e5abe4a72436744bed5f971673cabe775520984c58cc3651cb50d4724c81aee61b79c339836c81935b57f458d03205b6

  • SSDEEP

    1536:SGfjmGyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dK:SGLmGyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\79bb1abc150dfecf1fd6b78bab6e8c96_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2160
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2656
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2312
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2524
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:668675 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2664

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fd966520b1e049c10853d9b4af4f6e10

      SHA1

      f2bfae9205f926b0de3c5f338b43c226defa8b9a

      SHA256

      dd538118652b8fd0b484336f68eab2b6209178f32872855e819125f61381148d

      SHA512

      df68f1df58055db66c3022e45e388f4f3136ec6d34618c216a8cd98af775d43f1dc0958671f3f73187bfeecee87dd25109fa72f1a169704242ee772916b9c0d6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e3c0d2853af1187288554e5b62148d16

      SHA1

      59d223064d78c08904631df5acb537fa7fdceae6

      SHA256

      8487fd0e2284e22ac42c5c10000d26bf82ea36c5869c28c39184f827d0068a46

      SHA512

      5d2992e0ddb8a35aa2d352d8146e269ed25dfce6bc32f39c5e581836dd3b5f69d9ce631fb6c6845006bf3d81eae5180522b131253316fb025056bbff2c2f755a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ca69147d8d96e5576bc6113243ca22c5

      SHA1

      8601c19bec63f58aafb48f133ce8464904818108

      SHA256

      3fd274293075f61b239c477890195ad65be3dcaf276f0adb17abb635d01e9a92

      SHA512

      0dca679a0819c847373ed7ad29e9d712c28dd947c1e7ed8970572d01deb843d7975bd4ae5e27b29f1129e965e422768a1a4ceaa0ff5312167fafb3eacc64b8c6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9f9da5cf03e8387b3373ea9387539a4d

      SHA1

      031e9dc5d92d9ce77290985e6c027295fc278a22

      SHA256

      ba6d3ed9f5893dba65a379c62c22c376742030c64cf062cc2fb6c38934d1fd0d

      SHA512

      74585c31086bfdd40cb9794ab7e069dfa3301f0832a70d015077de01e9a99016eeb9c3eb3e2df548b30a9e782f44e136f912623c96b91b825d9dcd954504a4cb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6b4373afab488296513c0b9a7a808744

      SHA1

      aac07ee57d837624d688163555f0dfd9bb72977f

      SHA256

      5e44926e9667f2dd3ba89763e8bf23055f665531372e56011cc9c8db3c70ce70

      SHA512

      5d8d9f52ab33c7fbdc4e62096b758f10c05bd8a95924a4b2a7cb23cb3e163028de42cf355d4444d62face547f9beef486110629a5de03b5ec9aec2f17cf2208e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9743eba9cd90bfc02da9f1dae63b21e9

      SHA1

      5cec0c618ebe8d1bf780d82215849de1df150a83

      SHA256

      3e4d59b4330c5ab7746e53f7304a00b5f92befed86850acb2ede480e0d42c743

      SHA512

      f495c53ef962a4f40e33019b9b0bdd41ff2e859bde38aed6d651b3d5b39f969decf79f774aff1865bab121bf33ded71a94e796320f71c8fe779801c58da5b2c1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      67a9fc5d5e706424e32bc0f965406903

      SHA1

      e336b0a77585d3da6e008f8cadf39ae9e2b980da

      SHA256

      66282cf42028643100a609b3400f4f4fb598c3c75ab89aa20f1c0ef655b3326d

      SHA512

      63701d02f6d6b1919d0a257a8925499c639ab786bbc30dcf41260db18025fdbebf68d437a6549fb1d1d7d7ffdc2b8d4331825116e04ffd17da1d67a0443582a3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1f31966ea27f62690c412dcf1670d12f

      SHA1

      336192caa6e7e8d3d101b5a9e10a5bd90f351736

      SHA256

      6e673f6e32a5aa3353a3f22de35b7a301f0f67868468e6fff6854ac638b94191

      SHA512

      cff2d7d5df5f9764c75c0ad6c6ece0e7cff0454b6743ae9aa39a9678ec4ba741458b5c7ff99f3472ddf7410435c3f007781a44865fd93467f73d713583e7d837

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ff4c283db81833c468905902302d6e38

      SHA1

      4a1caf88238f79766d354f0778b6bfe1a14fefe3

      SHA256

      6cf2052afe8e13a3fb134b98c90182771cf963fafc00fbc43147121d3ad22fee

      SHA512

      073be0225645117ae9ac96e34fef3ebe60786289ca1047ac062c58bc9cfb0010094d75c4cb16bbec0083f533f0a98f311a845eefa643b9744ee649d2b87a0e91

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      11a3a9ec151cfff525aaa44ce16e2e90

      SHA1

      3fdd3bb781b2a12efa7a866d8993301290fce716

      SHA256

      90a54eb717a9c20a5b9fdf2845d6e21810e9b19c08b51afd82cab813718fb713

      SHA512

      06f69deebb0518d2819b23d42d18d6a8fce953fcf4ac146ba5c09903d3ab75dbc4dd0562c0a9ca7a81346a6e07793ff21f7548962bf4e651e7ca32c0668fb662

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5c89637bff22a3ee343e0446a8048a52

      SHA1

      771306edeeeb28121423ac888e1138a8d2c57130

      SHA256

      bc4866f1f273aeaa968dc98778abd7985fa98129d0d2a3e5b6d1c8df063d40cd

      SHA512

      c545e2173c7d1153d3cc9e1195ac4d636858b97de0e4d2b5499dd25ba64c1a6a8abf9e2bbe6245d44d2c51718e7ee38db907f5f2378b73fc0f031225d8caf4e1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a1e4d634a1dbe90e2db24adfc6fb6507

      SHA1

      5f9bfefba674c44bbde37e2b6e8a428e0e78b852

      SHA256

      6392d8c7484ab17a44c613d8a727c922de05eb2153f9f5dbc79f9cccd6c7a650

      SHA512

      2da1231e5a0ef09fc970b3b89265b060ebb8ac0e81888eee5cafb9f9f7780464d751d7c25843471bebcb196b5961940d96870d8d1ed0db4152a8e4719cacad89

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2b47f16868731da82146249a7e789f78

      SHA1

      1d0f291d9d06da9d846589a9746512f212f4b713

      SHA256

      f70a3e6b576f3b49e0c18d45aa18f5e69e064cfa5012c1887e551993f00fd2d0

      SHA512

      cd6f43d3b4eb4ea9a65713e9d5530222cad4bede31057673f57f514d3dfc34b3322b761f1ef0dda230a2c4d68e762f51601f1a97dd3ecc4fb4ccfd3b54032148

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d110d903f2a0fdcdd5f9005c08d0993c

      SHA1

      e62d8038741f0ebf5aa5fb0dd7c4ff42c7f935a6

      SHA256

      c197027a95948da926f4594cf603cd4f96df32c9b6c7c15f780baff687947ae4

      SHA512

      42895093db7702487305a138e0f49a7df2a717907f095d7dd7bdc116b06baa3879497ede3067074a1637e52c734fcd5e357064ac8771bd19e96cee26de6e1bcc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      887128e7c7dcacb90b0ebba02e3a0475

      SHA1

      310990eae6569e15830bc94dea42092f51ea16c4

      SHA256

      4f563e565e2cb18da367b3ce3d60f5076e31394f0d9a0da6b671da62ebdad5be

      SHA512

      687d06978a63d2e1b2f1ece34332fb864d25045d24a6df1106b898afdcb2de6a960e519c9781b678f039597f7a844ab3604f85a7a68ff58ea633d4c1057a5929

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8cc6274177755d9c2528ba95c7c4d72f

      SHA1

      a5766bd2d4190bdcf3ff4fb96aedf38bffcbf59f

      SHA256

      520dbe357f04d24508b55754abf0c2d3267ca3c4ee6900f514a1e7874a1fc52f

      SHA512

      aee637426e6c065e607ddc0c6161deca0078345e7f4788bb941d2e69cb1d14422e9ee1ad7ad4b5d8ce8f0b7e847ea52f3d12ae4c99cde6b8b6861767cbed62b3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      939ca103d26ba34f1248513763012944

      SHA1

      7cc92783a890d5331d241c8e190ba11908d6f848

      SHA256

      1d6bf238f46527cadfe29a1c0846f070c645c342665c0c23b41485b8d27ee010

      SHA512

      5975ed41cbd65c91eba7e2460b3da45364d3162aa7ca80edab84b8b1db7c8222fe197eead6de5e730a461b6ff55576eaee6ee187f7730c45372bba07cb5a3c31

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      492491b2147363fe8afc73dec4bc21e0

      SHA1

      ed512ef2cb517ab37a45ece0956c03455b89969d

      SHA256

      5401e9d279d93d5b76e376f69dd37138ef9c922f6fa120fbd5188d6442941cd7

      SHA512

      362046f67af0649a676cb3a4ff6ffc2271b3ee79e397d123c9751e3ac8d186cb7e051de2c24b865e750fc0ff7b87bb65f0cf6a79108a2877e0867dc115323d9d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      348504885889186daedeb4f574f3ee4d

      SHA1

      f6ac55713dc9acd43ec20acedf6b12c3ae0bdc9b

      SHA256

      155c8878146286d24ff9931d0982ca4071629bff8812d64b7e1be81bfebe7401

      SHA512

      0b70edfa8f5dcf51c4e795511c5ca4d2edf14307356b0947b4027798e4473ea7527256866b37ead2367392c1a9ba8eae3437ef7a26444841f842a974304ccc67

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab3479.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar34DC.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2312-19-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2312-15-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2312-17-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2656-8-0x00000000003B0000-0x00000000003BF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2656-7-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download