Overview

overview

10

Static

static

1

7e2bfb56c4...8.html

windows7-x64

10

7e2bfb56c4...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    136s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    28-05-2024 19:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7e2bfb56c4ed0b4fb83c60e01bbd39bf_JaffaCakes118.html

  • Size

    138KB

  • MD5

    7e2bfb56c4ed0b4fb83c60e01bbd39bf

  • SHA1

    3e06177e15849078ba5396caffb4c6045c71d54a

  • SHA256

    fba83ede79c8db1ef320c307e534feb7de87dd2ee454c22d5f8b8d8f3a5f66f4

  • SHA512

    36547636d67211041606807c9524574fe130cfe54f26ff552c5df3cec7d3de48db674a2d5636cb18e30bb614d8d18cdd5fedbcbf37143cba9a05add60e078276

  • SSDEEP

    1536:ST7rfWjV88OyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBw:STGfOyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7e2bfb56c4ed0b4fb83c60e01bbd39bf_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1632 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2996
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2556
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3004
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2484
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1632 CREDAT:5911555 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2956

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2ea761c5c949e4ae15447a07b5535695

      SHA1

      f630759a5488ac00f5b6fbbe0bbedcaf3321bdbf

      SHA256

      843fcb7bb191c6c910c2b60fb1c261314d28b582705edb2de09fce28944d2c29

      SHA512

      45bb79d305b7e83a7c1d68ca28c944c3e7a6cb8459f79e0d72808fe75d23cd0a8eee297dcf758dd248cfee56dceaea3362fe712e943521255131e21ba218abfc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      eff76cee34093d0cb5bc681d3489da32

      SHA1

      9b72aa6e4a37783a84a59566adb0b53b092dec4f

      SHA256

      147ad9886860aba6fe6db3a1af0d292a2a6c8410aaa2086041b9b821d30a24d3

      SHA512

      c9bdba5c84979232ff851686560b48c2d4e5899e048c737a37f0751748870e73f6794155de66754316aeb29798973b9400523b87d72cf1c8b86bb8db91065fd1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      62eb346ec9e8f6fa733b68af5af4896b

      SHA1

      15a94a2f81194b7bb265ed84d516bc4d95ef9ee1

      SHA256

      060125a8c397997f094fa0c1a600abfb97f58d916993c65f6520055ddc1589b0

      SHA512

      eae6f72704244a22360917b0c6121c616adca6e72b47aa5fe11f22aa492706495c9023459485ca9aac52b45e0f06a7a663d92a80d879ae33ee973bb7ce488d4b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9779b0ae78b5b21776d7d827eacaed9f

      SHA1

      82443014ba8705cd8d9400613ed2af0aa28ff445

      SHA256

      770187f0c69219e804bcd13b1d71a7823a735702ff40c7d78ce1d17f4a8b2f77

      SHA512

      36191361031290c9755e603c359e25318a4b336d9ce9c434407d0e75a830714d8869459c1afebef9908736e14cb96add828d724c49bf4ff7ba91ca17f36697ab

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bb11dd5a96e0b431f02181df349690ee

      SHA1

      ab12319e0f3010350ef3ac03c86eb94abad28857

      SHA256

      64b0b5b1ed8e337054f41be8c5ae6992ca0cd950c2be180e2ea78db2409a8609

      SHA512

      c2d499e5581e464977ff0cc5768d2f6a416543278787006ddb5f58c96f4c5eb334c40d5316b41cbfa8c85218f8f39c4914fa65f70baf477ee116938605345ff6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e1b2660085d2aaf1c5ed8ab2aff0403f

      SHA1

      5e166f22563017900fa0fc3026740e70a4cc5084

      SHA256

      374a8fe5ac5d6225ededbeecc78932facebfddec5ed4e501f1d267a13e75c31b

      SHA512

      76ffcbf543d882c1c683881777bcac97eb01f19179d997dd0f4cd48f5317b618645e17d4a2a8e4f4965bfeb4244b1447dbec543c8b6636a8b6dab4a95d4b6b3d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9c16d9ab8a3074f738193db5a6ec62c5

      SHA1

      50c92f32198fd10dc19a296384bc9a647ae52a48

      SHA256

      cf92df3f1758730b180539f0db8e703d183b43b833c52cace98ad549941115df

      SHA512

      4129bda2ff5b814c23b4f4748cdbc6fb688c808723f1d9264559bf3d812807983f2af16c3a9810f8b3ae4a3720cc0ff26d1582dbaac6b1ad15db318366510075

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      de289dc1c4f4bd2b937c9d461a7a87df

      SHA1

      748ce60eb70c7759c1a658923f24fe885c378040

      SHA256

      ee19d7193eabab70488b15017ae6197ad4b1f2049faead159b90a6230b2419af

      SHA512

      5badc738bbe0886b68fd9e61f45a1b12aea878116fe6444023c74753ce53c637e92762ba7baf90038c155bef372dc8d4ee52e64e324086d2abd47e8f9de11f08

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4938bdc70ea9aab6efc60787b8497c91

      SHA1

      e11d562609d079ce9f49c360f75787a192deade2

      SHA256

      f5e2efce89b841d1c53ad45db0457b6300b8bbbecf2b0ae692aa592415dd20c3

      SHA512

      d175ba06b8a6775871c140b6cc21c3a3bc8d01a17ffb9fe236b81e9ed8c4b51bea9ef09f616de86cd6c355994adbf9d97061198fc79e6c707104c71dd0a7dccb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1e8630535e495e496128340d465b99da

      SHA1

      5a0762e2036e20391387f80c3dcabc1ffcc5763e

      SHA256

      60170eace2bcd6b9ff8d3d386b641e12beef3209eec518d7c5f8d7f82597bd9e

      SHA512

      a1c3fccb63334c00ce798201bf8072c2d833065eb195043db8504f257568ded3f1ea9c6243987a8a8db9cd7aa9a03245aa9af304a179b8dbd607b6e27ac2d2e0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5e39cebc3429cf3327df7b194892a6a3

      SHA1

      c6850582f7cb39f847774f77c843d01686de0c71

      SHA256

      3f4ffb403b21a480faf44d5bca0788f6c47ea3f450f00cb6455703f157e1967e

      SHA512

      5d1b8677889f1d25a4a8cac1e0da698b5e3c5b6ec05366a00d41402748c5c52fe6b05cf3f294e2c11ce3c259835332490857f03c1d23ab8376096adc63ca1886

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ce4bb8a14666e494fac412345648fb1a

      SHA1

      f987e2cc88ac0ef58034b50758ed6918bc80aadf

      SHA256

      1f2db5d8772e1ea03d2c9a540652b7e14976a6ad556372696a904f584693d8a7

      SHA512

      cf838b894a83d73f087631c96a1437ffedfeddc7f5f99afa7ce8a9b876982470ddea4b6d25f04038df3cbf8052631baca12e0625e27ca176325263e37230825c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3a0de89c1f028199a3ad32e5e6f112c9

      SHA1

      8b3f730124f5bda533bc6acb970a31ce8bb7d652

      SHA256

      df6099360f6d5f86f71674568e49f8b11af4238b36a5ef2c6302829f4512ec28

      SHA512

      4779e018f8444072e782a9587aa7c9ef1090c2cb4f735aa94dfe2af24a84e0d19da0860fe0c7977f3c8c679bd02e1c4f12d1bf8ce7082eef3b4e5ae710da0032

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      243d34a4493d7feb60b88e11c424990e

      SHA1

      086d484f4e579ef9567be12f6b63d5053975e9e4

      SHA256

      925a764cc9cad843420e88e839d0aa8e4eb2be7a950561b46d6d92932b593bb7

      SHA512

      29e618f92b83b55d938d05d5dae96b41a562e37ca78ccca5e035bf8605094bca6c2e727c1689d5e308573b81f67a82ba3bd2dd0aedc59e79b87ce19e66a4dc20

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ebd5a989b9ba4b012e9d8e56a1003abe

      SHA1

      f68d350d5be6a94d63e6578560b1fd0325b750bd

      SHA256

      39138de628741e4acde6acc74f615b3e911a078fa12a282d4cc7b5e388026868

      SHA512

      3cf01a3d755339dfd8aee0c0223b95acd9ec0d975c0735199eabb89bcccd3eed3f5b28d2b1717f1cbaf837986e1b724a2678a94d9792c9173ac888d09e6c0301

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8ad45199993fb42ec5d0b856f50f82eb

      SHA1

      0e3eeb005ef22004884989dfc140edd621af35a8

      SHA256

      d6bf65b9c71b45b0f92bec6332fb2e14a9244e717d0873e22d1f372f74bf0e55

      SHA512

      9ca518051c41eb00354cc850a52ddc18a43f49ea060e4075d5f096f1207205723a231e1494679ea4765a7c0c093d5b1d8a85248092dabe2e609378e8c402542e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab288A.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar28EA.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2556-12-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/3004-15-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3004-17-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download