Overview

overview

10

Static

static

1

bc0031d6bf...8.html

windows7-x64

10

bc0031d6bf...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    23/08/2024, 13:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bc0031d6bf2c2114bf9d4dadeb5b1c9d_JaffaCakes118.html

  • Size

    139KB

  • MD5

    bc0031d6bf2c2114bf9d4dadeb5b1c9d

  • SHA1

    d81c566a4b107eb927dbce92437757ad9ba0e084

  • SHA256

    4537090a22cd7629626e795fa47d9937420b1b16384efe07e681ac8b2a351c32

  • SHA512

    0cd2612bf640ab9a8b097bddcfcde5ec46e1a0bdf858e80258a9f0e8d6753f50130ff79b078bdba16ce44607bae00f5f4ba6ea7595f047d37679a8b4e75b1466

  • SSDEEP

    3072:mw8uNw88nJYoyfkMY+BES09JXAnyrZalI+YW:UnJqsMYod+X3oI+YW

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bc0031d6bf2c2114bf9d4dadeb5b1c9d_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2144
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2964
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2160
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:584
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:472073 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1940

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
            Filesize

            914B

            MD5

            e4a68ac854ac5242460afd72481b2a44

            SHA1

            df3c24f9bfd666761b268073fe06d1cc8d4f82a4

            SHA256

            cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

            SHA512

            5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
            Filesize

            1KB

            MD5

            a266bb7dcc38a562631361bbf61dd11b

            SHA1

            3b1efd3a66ea28b16697394703a72ca340a05bd5

            SHA256

            df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

            SHA512

            0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
            Filesize

            252B

            MD5

            9d530933c093809f4dd740e099fba281

            SHA1

            e61c944d0c643ff0c7e0dd3f337f59aa3ad55076

            SHA256

            e5f6ac58ee375fa98deb0dcadeb6cf227f3a7981337515051516b8530fe712a2

            SHA512

            3b40cfb04587c90f8e2312acf8accd03f77c8aebea070f5f9c540010ff81a716d4688b2a4a0ec1deaca8ee294107d8dc6084574ea575cfc1ec1b9f2c734e9ca1

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            0974eea8ff2e392148d2b92c108d1698

            SHA1

            a53d93373f628e021e1846c5665bdb3191701b18

            SHA256

            766fde1a7eaeb7b3ad4cbe7030c7af5409879078be3924306fc9d05dc3191aaa

            SHA512

            22102f302c7e6b1b629cc0b430524e52e7280e4559206d6e1cd0f7591e00ab039deca2c221801e8ca7991e4a0c4105a850cf6370a7aed97c442fa3eba97e7e27

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            95a314d81841bd42f56654dbae16afb2

            SHA1

            accbdb1f9a782b06b50eb6c79d4dce404d5e50b6

            SHA256

            e73da29d35cccfda5ff8dff656ce7709eaee1326ac7121b476f7b9878b2f1bae

            SHA512

            332b46bdf50d6c3c361747a754651e283024dc198f993aad0dbc88114b5b174b6cb7546c8e48e696a4cb987f441e2f17f5d7eb91ede356ef9bb17aad10ea1c59

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            4d105ef4df907c2dccfc6f5129792351

            SHA1

            a086d2bb74212b925012af2d29beeacc4014d611

            SHA256

            82cb54820f8cce654a8b12ef5479c197d73edf957fc26d697a1924724f29d21c

            SHA512

            1deb2aa75161cc0ba8aaffe2a5bac7dce8adad0f8bf24744d56d48ab6d7724ff6b574e427a2c0e9c99a3e48d858dbfe35780a429ca9ee3f62049553aaa96f726

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            9725aed232079c90e98d753c0d1acf79

            SHA1

            8a72a0523b6eed7202ce4b68075a5e4065b1fc6f

            SHA256

            11cab465f517f0248b6560cc086f5682d22d7acb222c76677805e03df3887855

            SHA512

            6f7c8af7f975bcb04db16aad5588b9c869b560bbc00330f465ef3b66b78886f1426d6e83b32c9da962023bf1f5abba77b1e046be899f50f3a3538665da1bce52

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            e6d0864162f4f37279536ee92d9dbcd2

            SHA1

            f60dc9957a2b1b763baf95f161cf2d65baf4ee4d

            SHA256

            8c1bc2ab6a91aa86b683c003fa7a53c92848279ce696110ad47f35eeceec2c7f

            SHA512

            9d07e94077bb4044399c7023a5bd38427e010b789d270c193ffd52581f6812bc92a242a3ac697f7a3831c2c6ed8fb1aebc0e994d894a2bfe55355fad7a073af6

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            f628efb6e0cc660f02fc344846cade54

            SHA1

            c0a87aa918f6e0ba9a54ed63c3fc7921427e357f

            SHA256

            253079d7a4a2dab70b6ac10e2a6fb4065b1c93f478a503b13ea6c7769cb8d736

            SHA512

            79c369f7f3ea1f17482fec53b407df5a72d5d1a731c193b5a1025f1cc76a5fcce6a97bc284ac97938865c1a105e14dc0f19c65f86b526671becc0118edad1dc7

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            8101f01a9f1d3e759bb5c89ecf940166

            SHA1

            e70409978649666176820c06870a0c396d4f7b82

            SHA256

            f12c9553c4297c72cfda820c402e2e36397d660677dedf12a34b835ac1b7ac1f

            SHA512

            6b7cb66ef62f145ecead6cc5563bdacb52034aa45479dcfa3c3e584cb29bd788ee741ee7df1298109758dcd37a45c2b47c9c1b8817e1f85d34741025e668e8b4

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            a30c582c99f2741c12928b1754c11fca

            SHA1

            8e662f86deb50603ef5528175d5a3d84dd212ecc

            SHA256

            53c6f00d669a0e64bfc0404b8ad438705d2002597a4511b9d7c920e54f311f5c

            SHA512

            b551340b495a0fe4248e569239afde81589e364656e74786dd4bdb91de9043a632da1784278ba724ffcf3cbd6402f3f2d466904982b8280d4e7a2d2052789ea1

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            9899695dbc1dc91c9daf39364e9d3fdc

            SHA1

            02e4b3505c4c42f02357a72f72edd77bc591e782

            SHA256

            fccf717c87e6f7ec42d22598b1a95ecc15aae7c24711560984d823c340106055

            SHA512

            22d935ce9a2d5f54278c3ab452d0cce9ed5ff422d2910196c6a8680a7504e991494da2cc5006ecf5d5323ba8fc4a6acd88f97be359be5f7f9987df973d2c4685

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            9590a62abaeba9e5565cf52755e73165

            SHA1

            e99c921c6e6b13fee460d7904a11e946e6da99c7

            SHA256

            fa23290da063d5cf1e8c997ffd4217feb1ab4f96bf1d5267fdb444c8e1ab559c

            SHA512

            710da9a00578347ad4e368f482a52ac2d8ace2fec23a3cbaa42b82f5471ff9f6416706d0d4902cc451ceb3391b537041664ebdf2abf39bdfda74c00703991587

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
            Filesize

            242B

            MD5

            075ee9ca33c15a7a969aadd7a47afafb

            SHA1

            a1005175d08502ed8b1378e5f55066582f28b5ec

            SHA256

            b9240231255d9217a4131ff7234b395ff4730d48320cad6b86b43457d087d679

            SHA512

            87a1aee165af21d884774bc7ad2bcc308031cc68324dd6dd62eaf3c9a2922108ee92d40aad968653936a796c999d4e7677ca50df054bd9460ec8023de2915994

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
            Filesize

            242B

            MD5

            ae4101545c6cb70617ee289bb4d8868e

            SHA1

            760c79b430fe108079c4c1a88f79384f73acd1b2

            SHA256

            518d3b72126544b74dd5367eca94c802cab5c05f6526099a0497cce01f7237ad

            SHA512

            54e6adb9aaf14c02f44e2d34ffab0bfd3d89845940411cd9e2c8f999535392393df3e9df1300cc74e87eaa70c6d84f81bfc14637bde4e0c85b718c3607a81473

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Cab847B.tmp
            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar85B8.tmp
            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

            Download Submit

          • \Users\Admin\AppData\Local\Temp\svchost.exe
            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

            Download Submit

          • memory/2160-150-0x00000000001D0000-0x00000000001D1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2160-153-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

            Download

          • memory/2160-151-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

            Download

          • memory/2964-141-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

            Download

          • memory/2964-154-0x0000000000240000-0x000000000026E000-memory.dmp

            Filesize

            184KB

            Download

          • memory/2964-146-0x0000000000240000-0x000000000026E000-memory.dmp

            Filesize

            184KB

            Download

          • memory/2964-140-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB

            Download

          • memory/2964-138-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

            Download