Overview

overview

10

Static

static

1

86cedb56e9...8.html

windows7-x64

10

86cedb56e9...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 11:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    86cedb56e96bd186929828de930eb698_JaffaCakes118.html

  • Size

    117KB

  • MD5

    86cedb56e96bd186929828de930eb698

  • SHA1

    ac4c14a11588ca87a915ce56065a8d9d9379d63a

  • SHA256

    fa92b83156d6f1ed03a73f2a085fc8cc2f81a82cb9f6d3f2191fff2f73fcd31d

  • SHA512

    6e353fb06d2da6643b192b82ccff0b5ce6d6b559043f47e98f845ffea668c7a135feba2eda23dbb17b756ce01ebbc5568251aae52b504b8164a058eecf29bca7

  • SSDEEP

    1536:SsEp0oyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dK:SbyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\86cedb56e96bd186929828de930eb698_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1440
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1440 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2700
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2548
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2616
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2732
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1440 CREDAT:209931 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2888

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      252B

      MD5

      c26ef0240add7cc86d9d171dc30fa2f6

      SHA1

      d0d64c0a0143535eb93501b20875b3e087c253e6

      SHA256

      b66b1c9096b6481b5415157ba543a6994faaeb5e9016e9ee1b9191168f67334a

      SHA512

      fff66ab98b95af85ff254f8e9990cdad535cf05a6ff84f65e6d2bb9f82a9d4196f5f5273e2ae50368a4716abb81b38f8f89fc3856dc16f6fb69f772fc8ec907f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0750e8ddc019a90cfe2c85e5c380cc4c

      SHA1

      4557c487092a2a1522dc64cf7ff5db826d3c7a4a

      SHA256

      f45fe8530f180fbc69b9cda49f65a059646abd36e04ffe500a4e694acb3aa24b

      SHA512

      92bfeff5eb822ec83a14fb0dd59023769a6b3e89b7ad7a0d6d18d228eb1c4966ebdc4a3c71f33ec13a0924ea62a3eb78a26e02af030466f6d3437ac1d90bbb30

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f5ad9f20c10ea6ddf643646e2a0edfd2

      SHA1

      3a79c1a7aa360d093058dd67aa9c4fdb74b0b363

      SHA256

      3dae93780ee64f5bad65c2d11df36b93debe228867e07c8a1e86112143952097

      SHA512

      4830254b97cd65e2c4b0c36a52849b888341c28cb3a4b29a20387d1d24a5d565eae42405756d85de62ade6d84ee4d9539f13c54c78b9c6e07e09def716b34c62

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f25056721553a58730bcefc17f6ade9e

      SHA1

      f511b1bf35e74330778b384beabc5fd0131c12b2

      SHA256

      df85082fb27684bf5dae387d6a8f8615742c9a8488c3290687541b3e6c2ef6f5

      SHA512

      37c3b8d532d325e38beaf180dfa7fb897b5a9e76a89a4ec1a957239e9d4ea64e0151ad482115a7e1b9f440c63f16584be03a59c7390f2ca2d38d2e7a230c1252

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      76d88c89a6c751e6a0e33005f6102b3b

      SHA1

      a8522b4225967641499f5773c656e36b1cc25f33

      SHA256

      fb9b333209a3fc3ff01927d5748a8863643bc18f87bc8960fc662257ec1f215c

      SHA512

      25b074993a3a29af37ebea146b6f1cafdff5e43fb0340d122a04f038c1a165a7f34101476487b173ee04d6965ce96aa4e4507d22d13c9807ad3cda3bbd19a76f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      89e0c5e05cb806918725abb7d9290736

      SHA1

      06e296f617c332380f7a4df2fcddb6a9e87a8c62

      SHA256

      17425ddc56e0caedd83754fecaf8ec83974a572821d3913f091074343f127f9d

      SHA512

      15892b920f93b24fdba939f8b5d47a29e40d3967acce6e31b1d5e171ae9ecf6ebd8fbae5beb6b8ef2e21c57d11aee396b73edd99fc4f5a49400638eabb07a289

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f43c8ad5daa9e40215af3e7779f2c363

      SHA1

      b855a4e33c6ac9033498b8a82e946aa4cf80d2d0

      SHA256

      498854184827369297792c6edd179e2aac8de4638ed3d46bd8ab1b52d003d651

      SHA512

      3c473716158e47239383cce137aeaee74e0c3a7dbd7fc40c095c21f07664772882f2232d20e115a2c4e1ebf2dc6d2124a167ec1ee492c5f100e7a258b6730929

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7a53ef187ee660a0f786ba6468320eef

      SHA1

      3234e382fd7d5f5b85cb040273d626c0de8bfc66

      SHA256

      877f9d210f9813c9ff37f8e7aa05474450da739390d4e56e28c71fb00fcdca72

      SHA512

      fadb5440e3d9a023f321e1abd425a601bdfdfccff3dfcabc9e7ed016ba7266b34af44bb4131de64d0121365aa19292c12ac51b7cd519b4232af047c8ed78a0b3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      78f38c1772a06ea8d1f40a44c4849ef1

      SHA1

      116a2f8cfbb9290b6514f6439d422992fb69b095

      SHA256

      2171fc997d72e329eb1a8e91dfc8331fbd23c17d2063dbbb81b491fce7a2908d

      SHA512

      03beec9968be22f2c5a8f5c6ecd735181cb081c6ac8c4b54d28d37757b71184dfdcc0e56c1fe3f9d4da305883e2d5ea263160215d110891a5a8c90782ba8d714

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bc9beec4702e30fafb9fef92a6a32592

      SHA1

      1eec3902fb368ee8961a3df5e920ad462761c71d

      SHA256

      705e03fb832b08277858286a5c476629217c182f174fd2a1ac2980395cf1e6f1

      SHA512

      a4b12d8657eea69ac4d55c71b8cd247b22c7ec7d6cdb8b35a023e05fc1efa0e29bb8447d0c8a097cbf2aa35fcf2a94486dee61087049ba5391f30e6dc4c6d4b9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      545ec34c0e98c9c619a60f5aca3dfdf8

      SHA1

      46463defe7817287c912816dc9b5262ea56c4d28

      SHA256

      118869bdd88b6e95abd712b8281176b4afe5d62ce3cb24d268c4fe672be47a67

      SHA512

      cebdab3e892cabb8e27937ac92c5f64700d6c828237d2327126be9809411fb3f398718af3d3c3d23c5629275f7166e16361a6754d1750dfab08ebdd29c70a240

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b95271139435f6c802d13e7ad946c011

      SHA1

      cb7dde177938079c562edae50fe6dcfc3d4cdf91

      SHA256

      1478ac757139a16e0feb79ae139fd80b0de05ada7d9e5ff4da61997107b56970

      SHA512

      e4823844155343fd3f4a1d5474f09f2df2cec3288f1cffa44a8347886b057ccc20a26144dcbc6151169d5d32db46d403bb9504a60a6db8c8750ab4979200104c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      1c5c355b0b50c47dfde06560a759fbc5

      SHA1

      f16faad4f6626bde154b85da7494be9817559f09

      SHA256

      f9b3fe7b004517fa8033347d84e13d87030a53d282ef694dfafce90f717c1810

      SHA512

      e9d3219e171e51e0f89e93492e0afb6b57dce78938a5d9c08aa0cc7509d87f465ec1b9a2c5c09c3f3db81c7b7c506a814ab73a2530aa0aa9ca87bb3893bd6007

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab9242.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar9243.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar943D.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2548-8-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2548-7-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2616-18-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2616-16-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download