Overview

overview

10

Static

static

1

7d4aabc63a...8.html

windows7-x64

10

7d4aabc63a...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28-05-2024 14:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7d4aabc63a1a91bb3865ebeba0133fb9_JaffaCakes118.html

  • Size

    131KB

  • MD5

    7d4aabc63a1a91bb3865ebeba0133fb9

  • SHA1

    36f31b1eceb185112c48679ae31c849b33828509

  • SHA256

    ec3a60a1ca491f36c1955a5d14b08cca252eaa59adf1a4eb2a39438dcf121013

  • SHA512

    ceec5077687013f3b62c82f178e352c62fff73506c665d66e649191146a0e99d89d70f601a9d57980e60c028e987a5a1fd8d1f1bfb25084daf146bccc4d34020

  • SSDEEP

    1536:qAsnNx5z6H60MyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:qZiMyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7d4aabc63a1a91bb3865ebeba0133fb9_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2940
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1032
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2628
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2892
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2888
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:209934 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1756

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      16ac30cc1321d57a2686d9a6ac8f80ea

      SHA1

      fb28a1cd614126d4b1bb6a1e216da36bd1c73906

      SHA256

      67a4751b05b4301801f39fde7027e2d79fb7d3a2ba9e44f3400ff38f40e00d65

      SHA512

      755aaaec618f7f73a17186d4d34fc359f9262630aa4a543b381590811bdf61f96395abcdd594cebc047227d3f035ed7098bca8ba51887160e1cb3c0731273ea3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d13b0c77750c9b36b8bd2482f7618e53

      SHA1

      cf8cd2b5b168e14f11a937052348795cf58d510d

      SHA256

      0d9d1134366849294977bc7cb9ee18e7caf47b51c219d1fdb082960fcefe8168

      SHA512

      b57768b951e1b75a47e9b71d4ec591a12dcdd9a671807f211a699f324c503397443b11c51c897642d0e83ad88d0e0c28e24039f0f273436ca2613d3e2e214492

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      aea7ef014c3c4e6e00dcc26a04bdbf0d

      SHA1

      c13b35c692c6fbe7518a1675196b78a18afa9115

      SHA256

      18592c7818e82c6c8dd7b1eb43152dec83377b11f492875151eb622615502e5b

      SHA512

      bac153f16c600646789eded6d34f74852926903c43328d1cdacee70fd70b1d1182044e25a029f51d0b2f937d7c0189f5174c74ae775d2d0d05c0589b21b52f7f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2396ac79c05868ec27ae989643495039

      SHA1

      fec9dbb89c98760bbd373e5f5053d737e2e1855a

      SHA256

      a2a52925901db520ee7095683a6df8760201fcc35704865285caf40610c40cf3

      SHA512

      bf559c9ce04195f955df3beaea5ab3df35dc15b0e60a63309525c0086a52434eb59fc713af329dbec30bbf9c324dd548225906e76c28ef235cfd6e72afa4cc7b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f7fd8c347bae8627ce734d8a98b11898

      SHA1

      0e51998c0fb12f1b8bdd680ab7729bd6a384f9f3

      SHA256

      3f42f4ece3002b4870f30543ec4e082a27af9acaa1f6081ded00128e10736995

      SHA512

      5da05ec03c800a97438756d73ccad30c0c9f4c51463e8520aa5b4e32b66eff7652b30cabface35f8fb51949ecc1542ca0a37d3ea6987fb5dcf3029a75e24eaa7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9cad638ddce5bfa336e3f009e40b996e

      SHA1

      7a6d418d35c084eefc29c9970e1643353e7b60a9

      SHA256

      4a05441c126a84a0765917922ebb327b41557d97f12775b6f0884fd3472439da

      SHA512

      e36a3d4ca31d855004a8fbf55fe063ba8000b336e5147383d82c9de101c6dc73b63e4fca087ea6a61286d699c49c5acb654d6fcf3c9d26d2659b2ba4e9fa597d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0c72b3d9a0f4d05f3ffd1a720d21622e

      SHA1

      d9cd5b199175482065a447f48a128b6c9a5741e1

      SHA256

      1c4372b1e2c3c265ed64cc32ed539b81c57c7f762d176b57105c43f06fddb256

      SHA512

      7e9f181f9cc0be1228b8ba866b2b836b4744e0e42f3883d43deaf099c9433370efc80b3f56206b39f601ca331b2754c93c6ed39c9837eccaf72a0b35d90d5e96

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8a7dbeb6700071a47da5f25cc4791df1

      SHA1

      f2ba0943d8e3fe7fbdd38ad3235cd2949eec9539

      SHA256

      5cad97c499a22a5b7a99d7be3ba8e880c562f5073ab7e84bb5a7879578650070

      SHA512

      1427d5b85c62613226f2b8edf7ae83ae92cc122a7db055b550da7031fba458a09df37e5fa6b04fcc12e04a2947e90a756fdbd3b0f52c057e52048ae24495e711

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e775fd28a74d160ad5d4c6f627f58a12

      SHA1

      ea335f78ac39b052b539130bdd8db03813712fb5

      SHA256

      e8a5c316d0ddfe19227603f87009287b885405d7a68b05d25ba5a80dcaf7d436

      SHA512

      569514df16d4673114f4cd42738e01218b00fc769abcc92de95518a85d2ad660fd4703b9a774df664d57f6689784bd1730a4a39ffb54767669df5bc57a1114e1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      62870165283f305368449dbfffeabf72

      SHA1

      eb9904177ea77a92f77e97e9cf87e958e4615020

      SHA256

      72aa0d816c1227de2549ca513dee421d76d279e8da7cd8fee347cff7d7eae79b

      SHA512

      405967eeeaf2eedf66a70525e1c5292ed1b8e36faa3903dbc2b92ced4d744911dc1cccc1456d62681eb814f7b7503bc6ab5195937ef3314ce18f76e95e9f65bb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c0a4b22a1e71cf4dad2f755f44c55204

      SHA1

      e6f0dee22b1703d76554b149e1bd18dd7f64d49d

      SHA256

      cb1ebfb1bcb1ec78053d363cae7da688e7fb9d39d1c8f5b15e85a33266bca20e

      SHA512

      26a6caa4c46e2c6aa082ee940f2995bc4d98c470371049684dd2cc6ce5b28a8987bd43c704ac0c10ab2aeac77d174a9ebd567dd769f24b6da9ef497e6589d523

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      325bd0c71af2ae765ca375ae48ee15b7

      SHA1

      0085cc6ffb48a6972cc3636a98b050eb34f284c3

      SHA256

      a5ab4c166ba4003b0d447904b2adaefe50a09ae71bcd8a08416123e6c95b0865

      SHA512

      cb8a9b6c37c6aee786b12e587757cf9212ca920f2ef0963528d02babb3936ef4eda6211e2c37204b7681d0f1d8efd470e992a54c134ae2df582a5ee7f6fa02b8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c4c7ebbbf968a627b9eccc8c46f021a3

      SHA1

      4c50756dd8a150032e27308e44f78b284b2411ec

      SHA256

      12a70639440af44498d436cd30af62c2dd7241b7ca00a6ca8f0014002514a72a

      SHA512

      2a20cb110ae6cd07283956c8a91c5da4d690ae116f9dd16e876849ae0421e0b5ac40d6c70bf3a020e3138f0596c1702ff1d2322eeb845c51864097ff55b45d7d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      42cda406449e43daf46f8574398d08b5

      SHA1

      76f43ed219d7d29c49e687a43461791ad7bfecdb

      SHA256

      354125a1b20272d255395ecc06d518c37823a0e4716fe0a35e4d20c5521c21cb

      SHA512

      916a53c9530486cbaf72825724e10d5f362641449e5b2341920534d8be558c475c602c0b1fc98750e7b3b78d4a09cba613b4c6e1bd1334fde094cc08fbacf7c1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1e270dda192ea93d1865b40284f76bf3

      SHA1

      37b3a27375e474bdc67118b81764a26cb24b7712

      SHA256

      36fe4e8a6827963d0c12761ccc92320efa3ce2d19bcb007edae92ae60f2d226f

      SHA512

      e79449e7336e97248a395e94e926603f0f5e5c536a90c012dc283d8fab1629784b3c5af131c68bc4970edc7aed665607c908c129dea41902a388d859c16812c2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      05ec3d4de9c1e0f60c0570f45d7d63d2

      SHA1

      40cb63f9203832017a50ad30ebf92867cc66cab5

      SHA256

      28fd2a5c4481c580ee697dc507a73f7ce231b0753bce03743d46c6b3333f1366

      SHA512

      46e9c0ab0eaa228af0b21702d39384548acc15ee93141ad48af40ebbf83cc33f5fcd0cb281bbccc8783d4d2aa61f07c1ce5b93633efe953c55448c155a41bb74

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab254F.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab263B.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar2650.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2628-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2628-9-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2628-8-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2892-17-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2892-19-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download