Overview

overview

10

Static

static

1

c1e5b5b1b9...8.html

windows7-x64

10

c1e5b5b1b9...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    26/08/2024, 00:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c1e5b5b1b96fa7bd915428fa4446e764_JaffaCakes118.html

  • Size

    117KB

  • MD5

    c1e5b5b1b96fa7bd915428fa4446e764

  • SHA1

    a86863cd51087198cdcd417d1a4d2fef1684f00f

  • SHA256

    9c9cf1a66ca4e99cb4f991f29e175c8e1dacd5b372472b7918151dae4cf9fb88

  • SHA512

    4aed3975bbdf0d7db86e865891a8a3e84b45d7a30f29d4c21351c62599a12a926f76e13eb3e74f6f780b1ecd38bca0a1626ca40354934b52d3c5042656a1aa79

  • SSDEEP

    1536:S3QHyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGCW:SAHyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c1e5b5b1b96fa7bd915428fa4446e764_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2516
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2516 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2424
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2772
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2616
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:496
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2516 CREDAT:406534 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1340

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            e6a084758378c0067b701ce8cbe72e02

            SHA1

            e7258ace0ab4f15347c8d9427f277f6ec00fdc4e

            SHA256

            2c3cf0c04692e83738c1a106e2cec3d64bbcc9a5bcb6a52377ac00b5949ca2cc

            SHA512

            2a4cc6eca7d30b7a6a67c55e6e062ebdfc17fc6d8dfebc48704c498063c530986e651403870986f5a6cfed18d7dbd949eacf9fdb4633aa7bb1f59256f07e1c22

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            13c6066a61a0d9407dbcd08e234c4975

            SHA1

            96027d3f8fad9f2f287504182935b34d193b96da

            SHA256

            64da05d14e93c2fe65784d532493ee380c2b8d35f2094f02f3193387db76f15e

            SHA512

            d232ce5d6847c15d5509fa0859cbf04284b3bb519732255b6989d3ba760607f77e3ac24bdb6837916d519e888c6d9cc87d4d8d4eddda873d455e2221f423fafe

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            d05010503bf761548adea18d2919d70b

            SHA1

            8b18444ddb0075df2f3b4c5e2cadb7951193b0bd

            SHA256

            e30da5ffe17f567f0744af7a1936841c8df4a9b5558ef9405e402f7534ce8cd9

            SHA512

            78be0a8ad0233f7a093333020a2ca72dc1ed880a33396849b972f4d7d89b2f1a9ecda0cf124800107a0354f42748a55f5f0c2bedef7ac2b846de200bbb79a829

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            ae3f8ff7af04e4ddc2250e42b795fd9a

            SHA1

            ced0c9fe2963e56aab2d68dbd723ebe8bd2e33c8

            SHA256

            787c9023c710ca3fb2b44fc0f0bc275228eec736279aa792b1b67939110fffef

            SHA512

            e1ca97cbc47539f9c55a1b525c53e25c6f5e8616761e6e1b14482f2b3472505977bdb40296dd3e5f3857cf83028714cbe55f48d189e22efe063a44497534eb5d

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            c29751a025233383afd42b6788670c9a

            SHA1

            e90c5920011e7e0c1de4017c0e2d7123d12a5256

            SHA256

            a8349a15a8a8c5ac51e9e1fd5e8614521096b544eacd497ba9f6fdc7db16fc20

            SHA512

            9334b2542e64fd940e31e96e40f11368dfcf4c0d5d8ac3f96016deeac8237b877d092a451fda80b2c17ed94f0420d89e0354fd5c5b0ef9b8cbff2c399301f26d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\CabEFED.tmp
            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\TarF010.tmp
            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

            Download Submit

          • \Users\Admin\AppData\Local\Temp\svchost.exe
            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

            Download Submit

          • memory/2616-20-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

            Download

          • memory/2616-18-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2772-13-0x0000000000240000-0x000000000026E000-memory.dmp

            Filesize

            184KB

            Download

          • memory/2772-6-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

            Download

          • memory/2772-8-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB

            Download

          • memory/2772-9-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

            Download