Overview

overview

10

Static

static

1

a289b585f0...1.html

windows7-x64

10

a289b585f0...1.html

windows10-2004-x64

1

Analysis

  • max time kernel
    136s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 02:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a289b585f08d507adfd0142faa4ab851.html

  • Size

    154KB

  • MD5

    a289b585f08d507adfd0142faa4ab851

  • SHA1

    85bfdbf33f1a802518fccd6de31d48b732d562c1

  • SHA256

    2df8dcefc30bb5dd8e922b6745891b62cd920174087618bb660c10f147d75875

  • SHA512

    49117cc2f513e3e8618c4c124a72fb20b02abf853a72f459d87650d83d692dcf8b846b487aff4abb113359f0895a5abddadffb269a0f368a4aed908d8f072035

  • SSDEEP

    1536:iVRTsDK2QdJa3/rMMZgyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXu:iDKzgyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a289b585f08d507adfd0142faa4ab851.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2252
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:916
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1040
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:884
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:275472 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3036

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9655ea130d45d8c17180029c7d88e2f8

      SHA1

      d5cbea1b4e2b49f652b3f48ea70461a34067f6b3

      SHA256

      8331a5643cb7a594664ae7793f35ea4cfd4b7d79e67207e4459d5a6be1e3a651

      SHA512

      cc64dc4e96cdbad3ce624f9298e10ecd9111154ad7626ebea6b8dcce6b665851634398d4f7e71a9d66f84b226ec190efc621a4c97bee9d899b9b4ae7846e0d2c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0db0e420b7f9f4abda60edffb6a48eb0

      SHA1

      6a0d1bca624d85603f50f7bad8caea3780460b91

      SHA256

      0bc53befba286f3697c6606f698fc06483b5bd1e952325aeb4912c50dcf7f20d

      SHA512

      4f7b92ec1c1733a8456dc1d7833595af4f121ed0874b0589ed292bec68addd4b4c79fec2ce9118f37a4375dcc26af0551c2fb461c42c9b13f17b02f49a51a73e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e39c8ad3e3986ff139643e576a550052

      SHA1

      bc1eb63a700e4ea8f87455afbc0354417bfa75af

      SHA256

      4cac332fca423718403784723bf60ae34621399fba363e386130c7287b697170

      SHA512

      741abe1abdc77752c59e3c7829b4f1941ddd96c0a1470173c6017ac6c31f6d18ea92155f68291e02e05633996d63ea998cbd1d32b81847b5a5d9164802ba0506

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e9c9c90c742d94a788beee3e45528d39

      SHA1

      b733cae361f4fb3f6f07b2f98000e42816d72a1c

      SHA256

      9e745a084ff32ccc4c66c04bfb206c5d89c0804dae72ffb097835a9fb3b4741b

      SHA512

      39c83784c978366611ae316241e7ad973a1379488a39244917a84cf310c52d9961193aa49f33ff33a5395713e671cf453f6b31e865fe2acc0cde68d9a5faab31

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8723e733e0519cebbbd33d1ea71b3329

      SHA1

      2eaca5764b6581c0bd63b0422525753b61120cb7

      SHA256

      6d91dd6f43e5fd914d4bb9f01c241699a70b7c6e628fafd0ae52de4506972661

      SHA512

      129a47b6d01f51f6c2231d383451a6449c1eb0af8e726aba77f4b2b1188f0b2a8007bdf9428a0a1e4cf7837707c74588a09a118032d87487e37052e32927664c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4733ab922e74bb705d2d7f93d58ba3f2

      SHA1

      bd3d7dc39da1b07c2b0fc45cc87b4ec038a5fe03

      SHA256

      30fb06fbc2c7ab2f5cd17b802131bba819999a8b66828502678c3bf34a817dc8

      SHA512

      a8d6c64c4bd61ee1c70d1959e6eff96c4e6d1b1bebb4950e1a8943a0d3ff6664933b48c89cdb547234fd6f51694bb028a797359c968af36bcc9696ed0e463fed

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      18cfbb16dd3e58852d2dc325a9f30335

      SHA1

      55bc37769a31eedbdeedfe0c62558067982c3855

      SHA256

      6c2653cff26045884ea828e11ae2342b45ed4714fc0aeff08765613514f90100

      SHA512

      5a21657dd668f1bbb6a3edd025e5e7fb3b705b5afa6b0269d5f2063da01212a1d8aae68db6c987630d7fe67280f4cc5e912ffcfe414bfab07bfe6f94d00a0644

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a27ac1194edf2cd5227b0f92af9cdcbf

      SHA1

      518b9e3f5939ed78a2ff927317ee6534cf7b53a9

      SHA256

      595ed3fa2454f9109526c4d819cf7b45c7a4892f95ad038ac3c06f09904ade42

      SHA512

      abb56802fa7799403f272b4d1766ff26d2ce780f57763e66842eb528c32e8547f151996fa5fc1201907d6132d7a03caca879a9d064ceb69125e07236551a370c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e2025006adc8fd68960b94784e9b4c6d

      SHA1

      ec6037852673a5667fa51a9cae8ad8408422bd17

      SHA256

      08421be79025c6b15ab66ffe50d008ea8e4aa4dbee1bfdfd477bf2742a3f9b15

      SHA512

      8001061551e1a508d171ec24066cede0906e7d06599bf055a7afc7ce1ee975fcddfde4d7b548e21cbfbf67a20aff094ff7077721f87bf68475d70ed1350e7380

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7929e4c837e7ba4466ecc3797c6eebfc

      SHA1

      476f3554ffda739e51088e21dbf89c3090d3e35d

      SHA256

      f9fea326d6042cd8771d74eb41b746c4ef288a8104c8ef6514312fd457d3f304

      SHA512

      5479394e45e3aeb518b3c9388773388a44e3b6acee34dab8f41e9de40dcf4dcc432d1193e7ba9dc134c8b27e59c451929881ff5ceac6fbc15b091fea46566c2a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      12240adea433dc10e9588310632190bb

      SHA1

      048dd48aa91b76f7653668cd6fbb74feec9756c9

      SHA256

      77970658c83b77feff843666b1e0ec055173f0d656ef92c41d0015783a5879f7

      SHA512

      2e7b06273fe4236ecbd81ecc1a2da3525b90646a744b203fcb2eb2ac0d5dabd23daeb3766858a020e19c277dcd6cdffa06b4c66b16546416239a082541ef76c7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      694c90fde1b379dc0748787eb3ad514f

      SHA1

      4a2e67b2ad6fa1c95751be6d7777e0526015a6ac

      SHA256

      b00765d85129ffe12753d80e354900af1a49186e9cfea6d0ae45098aa62406a3

      SHA512

      45f07e29e107b37f9ad9206dbfe9b5a82e47cfb2147606bf69ab6e6ef218609efdb52f1cf655b3d156211bca2c3f5ed4695a371e43a6dea0ffb3769d07a861d6

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      41bbe0488caeb34abcf6354f72f3188e

      SHA1

      049ace9046fa42d976599d8d0f2921a490daf7c6

      SHA256

      fd771ecc5f1b420e663b8d93a0e96522dd61efadf4f0b284036ed37ceda3aa1a

      SHA512

      489cc6b0e5680303676b7cdf4832eedba4a01a88734ea5bef5496e7bc1baa75062bcec56f2ce413f4c10f85288cd3800b5381763748a6294c45451e68f46fa89

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1f743d82b24fc643d3f6042d22f4ffb2

      SHA1

      043ea29e6f849a98d3bab72738b6a8fe2c3b8ff5

      SHA256

      365e691df1be2d2e6230af00a2fd1693e58188e5d67e1f8b15aaad76b52b2df3

      SHA512

      c2c76d25f4f6512119a21fa04acdadaac6da1e45d0cf794baaed0196dc331edee670a64a921ea8a59495efa15fda993904e1e841ea9e2211af3c03ced7cf1ee9

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      469fae2e6dbae1a71ec1b9d5c4f6298a

      SHA1

      424874a2a05f5ddec75bb9f4145aa30dc458b94b

      SHA256

      35f8c9b4f0076f09cef77dd0edb4b99e498b8ab1661753cd967841b772c5f421

      SHA512

      3ef45541cc7fb06802b06a37dcd92637adf212616a472549f7e877a73523aec1d76dc3aa6a5866b1d410ee2c37d12feffd973704e5bb94ae070d2a145943d351

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3fcfd9323eaf0f51b73ec4395c83a668

      SHA1

      747836aed2bad7a0d53194207cbfb7e213de6bf4

      SHA256

      073fa199005dbdf227ec2ae1a4480994d00f8e10bc0b3eaa9a9746da55fb6677

      SHA512

      65c98a1b3cb30e5f2f208f3d72b79d462cffea80a2b4f5fe83da2312a3e91595d3a75a2c74a6309af77c64c995c57aeb8eb3b5ef53884005e1e8b6ebb84b7df3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3e6b5e3c3eb31508fa684da3d81781e9

      SHA1

      84eb3f8966587a05c2ee682fb0e71a680e6a69e5

      SHA256

      b3291dc7fb9b9426997f8ea7daf947103c75a5b0af97a6d44b40c200bf14f383

      SHA512

      d46a438eaddf7f7b8182c8204e429d9b9fe1ad1c0d0a32f36ca0b31030c2c9668dbfbc169d292e555e07472dfba568033f92e557dbf11a7c0be9bf669c9bd63d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dfeee333a2e1161f9ded24907e9ade7c

      SHA1

      0fd9e65b7dc7f65f1e312ba6ca6447cc96ef5b95

      SHA256

      2754858011ec03c96c83c8c1fe332e19b420c0c8cc7ca93fb32f4555e47a9c79

      SHA512

      5225f7ff7e9ae35a24444cbcef7f0ad0feaae5b08d28262f45bc7b9172773d63caa8522b610fec49320cdd60495f829c49e0cc286c20044774d406c32459b576

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d682a6f54089dda7e673ab9c45e3a793

      SHA1

      9ffd83ee7cbdba16cf1cb1182f1246e5bf2af4fc

      SHA256

      41c7dfa3e97065d58b53cffa87c96ec784e5e81a7c30d84d369188b7177c8a69

      SHA512

      7e30aced783ede82aeca24431046ab02a21c7b64609f06e4edcd9e8b37643e8b4f2678f01faae58ed16e9cda90914a109569ea4a4158cbea121d365540f8e1ae

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab146B.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar154E.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit
    • memory/916-482-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

      Download
    • memory/916-483-0x0000000000230000-0x000000000023F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/1040-493-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

      Download
    • memory/1040-492-0x0000000000240000-0x0000000000241000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1040-491-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

      Download
    • memory/1040-489-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

      Download