Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 02:37

General

  • Target

    820c28fe5679fd1c970d0db88833db84.html

  • Size

    119KB

  • MD5

    820c28fe5679fd1c970d0db88833db84

  • SHA1

    51f53363b75d31d1c9056f3ef888f73c65ac5e91

  • SHA256

    65baca846cce6f87b7255625865ad764f2a090917727e67149dd0f04f612c5d6

  • SHA512

    7f4fef475c429276919a346f62ed8c15eb027387e28de2912f87575e4e15221a8a9b87b9b2c55fe4e257a11e5e97f91f38cbf07531fe4b3ce54f8bf05f974779

  • SSDEEP

    1536:SAHE/uw2tftbyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:SqyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\820c28fe5679fd1c970d0db88833db84.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2552
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2420
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2724
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2652
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:5911555 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2412

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4c5046cc0acfa260c01c972d52b93caf

      SHA1

      aac16d4aa54ea06d0eee4c6c74496a30f234fb9d

      SHA256

      0b1d45f8073e507798534d213e19663860f5885cbaa5291eb6e3fe538676b5fb

      SHA512

      366e69d2e30672c63528e4f263e2121a44fce3ad37c107ca78fb442070215baac2bd8ccd989934ae287ab174fc3357de05b160dc704a61209fcbf09fdce860f0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bdec337784b4b04f5539633fa98e2a0d

      SHA1

      0db88e717225c4adfe23de83a20f10be7f105a40

      SHA256

      20e00123b6cc0750530408fedf7ea0d0f3bb7eedcda176bd1c1b7ec76dce862f

      SHA512

      9c98f22a11276258289b04a7419c9a6eb2e9ca38c1976e7046c57e108166741d850c425d5bbaa845298934093733efb401d09f80a3663863ed940477d37995ac

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      71a3d97b09441394f017312525e76994

      SHA1

      4a669e4d638883f7c3860e30f196d8b34ee5bea9

      SHA256

      6cadb278a8cf49d2690323044656c19c2d97b86c2b2cba820a46acf8ecef9091

      SHA512

      751102a120918f0743ffbeb95dcd63324abec732a7c037f38a1dbca224b4781158017720c66b8682550aada996d4a273156181846ef7590e01545499962c4ced

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f59b5c51bfbf3fc78c959428443c3ff9

      SHA1

      cda64b5907878a4a96ad1e751cddda23a63bd96c

      SHA256

      475aa6825a569958942847d58fdefa15328031de9d537a1363bfc5848c84c36f

      SHA512

      ce2e3b95089be443a508f8df5cb96dfde6f647d15e04355ee48593bc49f9dfba5cb4af69146c418b34d56941629bb0d0e5400373b3b53cb34cb5c5a501f4df5e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1b9faf40f2c0dd4018542be446db0c91

      SHA1

      ab2f8bd9044cf50cc612a40edc19c75c1126d8d8

      SHA256

      8847869cc54f8b03d82591596b337618f5a10420b7d1eec73e1f40aeba28dfb8

      SHA512

      57f3ab874683d3ec12d8f49ba6e91503147e046a16f326064120cba898f5cce5e06ed7615f392dff57325f08d6751ba84c9f62cf7077d6831c01975aae94d667

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f43f695e6ce9f39f70a5b0ab385e6936

      SHA1

      7d8a7ab3af7fd9a69021c59f9e82178421f71424

      SHA256

      4a7a2c9c689384653c22f513f1341472b35bb6845909a672570d3ea37dff15b4

      SHA512

      086ad10c40d9bf3a0aeaef8810b9bfb769f8f051018292cfd74685f32737f20a940b1a95e7ff260b81b3b70c5b6c377b6f76afdcfd4b8af084fc93430c0787f9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2ed981d0e4c9211e525759d612a03f3f

      SHA1

      12ca97802e1c4490819be1a77b5a61bea7bb8b59

      SHA256

      e871bff0016a827ea0f39b942c143757b92ca909d1c51a42fbf5523ba9d153b7

      SHA512

      6d123bfd0cbc9b634f3820f4a96fedab9b2f854e0669e762ab0fd1b3d9c45fe478b6865c5db5e6f06db440ac550f8e31f6fbf12d58eb822b9a113a0b1f7fab9f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      18626924b0d7d6a7bbc90d175b3f2ff9

      SHA1

      6d690808f96d09d4d2920490aa512af26cdb4e52

      SHA256

      1cd419c71bf0245a3a2f55361f4306597ac3f744aaf108ffb9c2cf484b813718

      SHA512

      3c1e9fddd071482e8306b8134d1faef95cacc08b5f8d26bcab19a6823d479bc9f77d846cfaf482c86faeb65800331b20f01b4af9f4250f23b850f75cf76597a8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0828ab64b5c55e1f7c43f1eecc40613b

      SHA1

      93c49f798592a8795bbf2593fa22feada82d4265

      SHA256

      e5b25c7aa5630b6dd894eb0f27ea186e2bc4392c5882cec1315ef142673bc70c

      SHA512

      9a3e649d9e0552b489ed80325bf7ff4d58e63f69b55933b2e6b00dbb111ef70cafc613eeee5a7480388c3860c3643ba4d2ee5d47280ba9785398b96ccb64ada1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cdc37e0a7517cd65201e39c2c83968ac

      SHA1

      96b4b5416538f7b24c25179618826ed65f3a11eb

      SHA256

      9ebd11b4023bacd439d20d0679e10b6aec8a778af75d4a43b8e6af03e724bf71

      SHA512

      4e82ee46bba0b9138d68b8b3748251a2cb49dffdffbe478973254c782f5604f6e5d3a1cf52dd58eedd5b004a70cfb278e537ed16bbaa6cbd5cf1fbbdac1caa96

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      269b9a976ba7f5749f126d882f1efad7

      SHA1

      c7b27a3fc1331e542bfdc6c0f4370e0f9549f2a1

      SHA256

      38567e3f2c79b5d9a91baf0242f05aedb7e5e0669ffa364a4c5badfa0f15be3c

      SHA512

      74f24ccf7084a5e4f3c7989cf56983b9914d1891da76c67cfc980314f343a8af0f82f27ea68fbe20e29156c66b5a08eac4fa4d6004bf39e700037804135e3624

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      12571adba24b53e15292dfd0d08fe9dd

      SHA1

      ceaf3c4abcc5366e18b136edc636f2434dce1eb6

      SHA256

      15730898ee225b45ef7d9e967b2e702e0d7f6ff25a03e36966f7040d9900a8a8

      SHA512

      0c31924e6bcd383027646e2abf6a5b19009d72ef1658ed85ab7053581b4571c0cc16b391d6b30cf8413e99f0caca11c18eb55b032bde9876b87312aff3472c1d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      72f0d255064d752058f0f2456f56ca20

      SHA1

      1b137ed3b25702a32d00a7090c4ce9d7c5c34d80

      SHA256

      c7254c9c5a908981a16528378087446ddd37eca39b8045dacef632eaca7fbeb0

      SHA512

      dcca5d6084052a73ab1e9ffc8824a88e72fad7b40acc1b29f9770b3761c3d557f2632239e6922b1cd1fcf9d5fe42d5dfad0bd566d66e1ed8786ecf8808797344

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      006dee440fec3e650eabda31f68f6b17

      SHA1

      6208b86f4d396065045f27aedd9ed29f0558fe62

      SHA256

      f1c3bbaab71a2348457aed6d8f6d3dd499abd53409a12145973949f49e8774b4

      SHA512

      d0ea2614f2d4dc24c6de68fe0bb17bf51087eb6d635db4995385adba36aa06d59c9a2c9ae7cd4b28608398ab6904a286f7aabf30fd67ee513a743edfed8b5456

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3702d5dca90d0f882f8e2a09f32b6800

      SHA1

      733318eeb97a203f56c4ced022a1d79b76e20edb

      SHA256

      5c2f58c87d69cf2f16e358a452ea226c58f82e8cc17daaced36094dc8c0d97d4

      SHA512

      9162539621d235cd19c1af7a77a3fb63b2f92856735a36784e8c7079c18a044cdeb0957df4100949508c4db79faf7e10c9de49fc0829b7efa8ee700adc2f2d00

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cc739f9aea493246b86cd6105b628011

      SHA1

      fe27c0afe39a4300671b4cc1da46332fce02f3bf

      SHA256

      be572363c91df3c688a844c779a4089aa9334b176f3b34afe0a565639672cd0b

      SHA512

      f8da3ab18f99aa7ac9b39b3a449661b5a24e217b0ad8b65f7dfc800651d2922b3b9ab6fca458ffdaeb12ea1adf5bf5078d179d6493b5445f3807d30903cbf25f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6705e6fec966c8a02988bf6771593a2d

      SHA1

      72f52c9407a1123385af0ccfdaef1d8b52cd95fb

      SHA256

      6a16ce3ee0e8494efaee6f3b7b257b65a5d1c38468b23b95554c430d87a8b265

      SHA512

      68aa992b4fa35d1a805563e26723df803fc23f66aeae38be257243586d0719415cb309d5cec43ba232daa03e388de1ee38f74b6328149e7d08affdb7543a43a0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5d32464861f32dd4bedb717a0368b76d

      SHA1

      f73a2cc8e5052d91aede56ecd089ccf0ade07820

      SHA256

      dd0a8b9ef520c9f226fdb622646f333866796a64450f8626361cf0d4a95d9293

      SHA512

      a549a1c8715a7ea9f4fb101677c0e817f2175a7ec5f6d0d8f55c39347348b0852af44e59b4436147a9d0cf3f08377ddeb57c45c8b4d2368f10c4012d55a0dc90

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6701490c5ae589ad65fc6390239fcd98

      SHA1

      5735195532b27efc530bb9ef340b2f8cce4ce89f

      SHA256

      e87e0a3ad9648b5d20a4198e102cfce6791a483e5ae890e8ea2dcc70d2e904f6

      SHA512

      97c0cb287b5f642d5dc065bb2fb96961b3e4129b0e4785337a8a68275d361aeda616ffa89ac3341cf449ef55ca4b4d89dbd39067409e0b24351d9093940e132f

    • C:\Users\Admin\AppData\Local\Temp\Cab287A.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Cab2947.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar296B.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2420-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2420-10-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2420-9-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2724-16-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2724-18-0x00000000002C0000-0x00000000002C1000-memory.dmp

      Filesize

      4KB

    • memory/2724-20-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB