Overview

overview

10

Static

static

1

8837369dea...8.html

windows7-x64

10

8837369dea...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    136s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 20:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8837369deaa26c5ead3ab23b0c7810eb_JaffaCakes118.html

  • Size

    134KB

  • MD5

    8837369deaa26c5ead3ab23b0c7810eb

  • SHA1

    a60c153e13f15ac995ca103b47d9f2cd69cda0df

  • SHA256

    43a2cb54b037f0ae71e0f67df079db1844837b70c50dbab559d68798f075b8be

  • SHA512

    5c14c19bb7b241b10a7bffe2d2ddcedf440b6dd12f43b5d399831107e2f6ea86c003426f94066a59e8e16a303504b65ff323171b81bac24f5884a29134eab3b5

  • SSDEEP

    1536:SHitqVGWy1I0IVyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:SHitqTyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8837369deaa26c5ead3ab23b0c7810eb_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1508
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1508 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1624
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2788
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:808
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:292
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1508 CREDAT:406539 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2976

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      606302ce80a88941ca2b2fe1ff769ea3

      SHA1

      ea8abc8c17f92ebcf6f0bfbaeb007290769f7ef8

      SHA256

      c37b3562c30363cf48d5662140110a9dc8c9a1ef6520302c7a5a2649f26ae467

      SHA512

      97f0ca5860e81562cb4f8739e279825d5d78a9a2130918bb5a2d311caee7d0c5e081ca308ed4f60680629f0be460e31351f0c4cefc9b17a18aa06f9ca61af6d3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      459279783eba992832bcbc51e46ac7a6

      SHA1

      8e3e0bb05bce23edf6b79a454f81536ada757d9a

      SHA256

      523f858eb02ae7f31e3eecdaf13ad086d4c1ab42abc18a185bb578a312eb6d42

      SHA512

      2965d39af7bcfb553e488f56fc721a913494dece5454d595e7ce7554bd1c9755f4d103a9b54cc56e680f499313e6fdb1b9479f779b9748911cfa0c6645a36e7b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      25f1a0a6c7e8899df945a5b7c4f5c27b

      SHA1

      000375cd3acf4714dd74eaf5d809854661c9ad4f

      SHA256

      316deefd1305b1b529f1ea7c167cc069ddaa2fe912a52cbf912392361419e8c0

      SHA512

      04e4f80e6d8d5e8fad87e5aab62a89e2cdbec0dcc6f30024c297c8dfd9a430c8acf2c4d4a2287008f137e7953cfe84854e3323789bd931a384971dc054ead4b0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d191cdea20166c4b463536c11660eac7

      SHA1

      351c0473631d6f00d0cdcde6a2fdb2a2c28051f6

      SHA256

      02171b540887f517d2104134dbbde008a9c4fce31d198f8c4032207cb567342a

      SHA512

      ef2ade8d58e03db1537eee6e1fc7112420df509c56b1c11e9e430c433270683b95ddc422ba288dc721e4862baed6fe497136464043441b89e1a953080d9b8d24

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dcda783a5f0bf33337403a151b163bc0

      SHA1

      a8563ee9139a62c7c401a884b4857a41eb720725

      SHA256

      7bbdd00807df768c69bbaa5ac63e6107a0ec8317b81c985689db14c20c5cc1f7

      SHA512

      5d12bb6df106bd382b2bd986e6159dd10eb5ae5a47e4e7df4eeac1b8644de4c5f4dab287c892301ab896a81b901f6e83578b28de66e579f67963a341e56034c1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4175f3f6f528bab9a10fdff26633c829

      SHA1

      5c77d666bc4ad9789677a429e9b9ff922bc2aa29

      SHA256

      74246f62027c0a0034639679e9329e7363421dd59a46b64a4857bd3a91d4f4b1

      SHA512

      61fcab0faca7d6b6361327e9bca275f8d50c4ccad9a14e1c92f681d7b8b45d448d1ac252546bd9bd87e1cbeaab8d05db3b533d2b08d7102410c5b2eca7fca0e5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      560b2017f660be16c765f2e3703dab66

      SHA1

      0ef5ad6c577902b162841961554fb46149f21b2f

      SHA256

      e9ddfe2f2926ce144a2f4eac67423e85c85ad98298f417ba70b3c87f1faa0bc1

      SHA512

      5275fc00f66f53d16e8835bbf2fdc6f1881ae6199ad4db83dcbfee08006991867226fc4ed8ca3f65eeb56bde6688a5d3b306d3a3d835d9d24ed68de69c494627

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9091d3f7cb80c6d25caca9b4a41459b3

      SHA1

      f7d05a7579618c77d2a5b82199b98a0a917fd654

      SHA256

      9d125f638aced7faee88497af381dfe6af1327a2c93d8968e8596aae3cd85aec

      SHA512

      5918737cfdbf5e23f039890d61adf2a2c36f9e267b8497594211bfaa686d297f7245296bbebbf8dcf42170cfb7a8d45aa2b7c6c4ee3f766082a6c0b60d465a37

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1136dbce2cefc739bee777a57a58a819

      SHA1

      b3b14e2e214e1335e4cc84436bde8e4457b6132f

      SHA256

      4b8e3a1390560af5f7e5427d13d4b9c6d99cda2a3c84642758d3cfc7da66be5a

      SHA512

      dd9f72682169ef4af718da18435ec31464690a8cf9373e38e6e0e49b068d51da2c58cd1bb7286a6adc8c4356568834025acdffe2a4af5a705de45054e96ca098

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      89b5836143780b438656a0e9c67cbe3a

      SHA1

      a1feb24f190f294a0a3eea54ba806635f2c7384b

      SHA256

      9bb6eeebb1056f0e828eb5ddeeca98d9dbdad6494703c012cd9797aac2dd060d

      SHA512

      349d43228f7b8c8b7c8a430894a4d03f1edcdb998b6ea8a5a25c7bd7198da9c1722635e33f83a754a379dbbacbe720171d68e9b1f3a3d687a192e5ab9f21092a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c66389ddebab5e23d09d841f21cd6ee8

      SHA1

      821488acc103678690ecf70be1729b94eb927367

      SHA256

      5a8998f754310e6314314554e9848482dd617b3fb0625fd74ea4c8d2fd762ecb

      SHA512

      869f46423e9c16e2c3bf96d678b491604ede31ee67a7db4e193ffe0f678c906e3a81bbb73e92ad8484c5bb0782b66af60224e99b090f85320313c6e140ed999f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4947c00cab696fe443a1cc2a3d97e8e5

      SHA1

      7a7b9476aa3cd656b5f5a1b549ed40736a9b5c01

      SHA256

      2d3b07c00078223d64e9f13f781d50f3cd776efd9ca292d6dcff6b625aef2b1c

      SHA512

      59ec546b530066b63e3c61edc56f34b4348c275c396bd44b533b0c8fdf7e7bff6a9291b2a0a558a951fce1f822ff72b504d69e000317308fcfab81ae6eee1637

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f03eed7868f722bc74eee8a43147c98f

      SHA1

      fa7d1d3bf55c3ba506bdaf71f9f99bfcb1bf35eb

      SHA256

      6b117afec7abc7785a361cd8b49e315fb3eca19fdbd1751040ffab1eed4e37c5

      SHA512

      95a75406d3da2a1c0b164b1ab47157a5a213874d7c6305ca82d5ee05639b3ea061307893b337f0f9a7906f4bf1fe2bca51b35acd4c9e9544726fdc38eaab8183

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c05de26d3b40f61958494e524494eebc

      SHA1

      85884f029263cce38b0394f8bfba21ece7cb0050

      SHA256

      586c7f5b85e7c220a938f72e6bad264cfe9c3523424e73abc8759b67dd8219b1

      SHA512

      47157ea4d5d07ce7bd082189ec9b1f063b5d4c3b188ac3ec93fe49a6aae079f6ede283773f21f26d0774e17678da48987669e01f2049360532ffd65b0913de57

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7e41b62231fd1fde38facda8d25d5b91

      SHA1

      e63bd5d512845256dbe28e5cd6e6ce2d1ae795cd

      SHA256

      4c9bef65e11c473c6209ed580a3e2121dc6ea58036f1286049fad5bbb2e9ddb3

      SHA512

      4647cf0b7ac1c67a0c7ab18a3a4072a6ef59f3bf9fd91d980b85321a4ba616f510595c94a9c047a2b59692ff3353133a49da07fa2a384333c0745dde757a426b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0254e71383b6217b3e0d2bfadfcb0242

      SHA1

      337259cc620e8f299b291c345eec7fbd2bb09763

      SHA256

      cffb5191cd7f4b3013cd5554b64b9215909b0c309655175f298f15cf5b94d460

      SHA512

      16297c512f7baeac4c98e7945f8dbbd5a38ec1f4c03c24eff80760abf0430fbe9f9b718b2b0925d209c58fa01e2607770e1568da8af6e204a1042adb143e2635

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      966eb8a6fea1dc70ff96fdeb79fc353f

      SHA1

      9c28863f6fffb2dd737511cc50b4f5494c13264e

      SHA256

      b4bfce079cd45a564c8a56bf297654868e0353f83bdc276358a6e18e93e25b53

      SHA512

      e29e470679b64e0ad8b8a162d35e9542e60ff80581d8ad749d093c0f58dd5d850915bd53143ac4c63002d3fa5635585f1498daa69ad2d0729c7be3a118a6c48a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e8074dcf8d61906307b3676ee6b43b14

      SHA1

      1b8cbb9dccac6acc07308bcad254385adeb5eb78

      SHA256

      0835525e27e7a660691202b6ca1adf04b7455607710406e3edd4567a44fe2a9a

      SHA512

      7e4d4c10ebedb5ed548697d5010acefe3041da228319d9fcba198b26beae617d49a726a63a98e700e3368b56557d843ebf72f977d5fa8fdd99e8bd7de781d801

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0c6e5da75bb8d4a1aa4df4a7a81e7c92

      SHA1

      0b29e66085bf5a6d2258f63e57bf35e0790582c7

      SHA256

      8fcf9bfcccbab704ae7b1d52e7a1fdc754fcfb91442b0e6e0a82257d93b77fa4

      SHA512

      23c3edff7e6bdfc0e41fdd14ac1df489db1e88cc47700e6b402dca9eb1ad5f78e733a54a7f7bcd05ce5c3b77b29eafbe23f57675f5affcebb6a97a49dd4a857b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab171B.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar180C.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/808-493-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/808-491-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/808-489-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2788-483-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2788-482-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download