Overview

overview

10

Static

static

1

c7d18f5e37...8.html

windows7-x64

10

c7d18f5e37...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    131s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    28-08-2024 23:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c7d18f5e37d0e9c16eb176d3ff05da75_JaffaCakes118.html

  • Size

    155KB

  • MD5

    c7d18f5e37d0e9c16eb176d3ff05da75

  • SHA1

    4a6fe6a390df9dd88f9991937d98e5aae07947c0

  • SHA256

    093c6b13a0aae9f8aa40f9800a3bcba433abb7a705577318a1cdfa3effa792a3

  • SHA512

    1a27ae2b937cf88187542e2dfa37bc4b9b056532711360349de4f1092214825b3c2b88c6f14fe8e321a23fd6d42f3d92d8f3a75d27d9a146fabb553df1bf302e

  • SSDEEP

    1536:iLoBtCC0RT5uf/wZ1LeHVuvKz40vZ1T5dcIS3VJVAsKerGaXhEWjdfMEVoyLi+rB:it2qFdkTyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c7d18f5e37d0e9c16eb176d3ff05da75_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:860
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:860 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2060
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1524
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1496
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1740
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:860 CREDAT:209940 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:356

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      82e2d93ece414ba3a6c0170a0ff00eac

      SHA1

      3583423ca36e35655a150322007446a9331d787c

      SHA256

      a6e763b2f50f85dc4167e0786a25f481b2eca6c9715f562a2d1e1bca28277d04

      SHA512

      0462501c9d283335bc198a0c38705ec8ee1994d107532de4f8d67b863c929c83c87384b29eec3826b292cf633664cfc975a6acc6a9850f132022c732a56c3a1d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0e9ccbb4551e2306b3df630c5bb601c8

      SHA1

      4fd747a1cc086ad7630eccf66d5c2c781de67f47

      SHA256

      07c665b513aae4fc2de8aab7f4c2db95d0a087a45a4c175d2ef73c173d33b409

      SHA512

      3d617025523cf6d807665327f8d34cfb7378aca216be9a0d17e4e094322b4af7fef7a5732338a9f884c71b35cb0da833c5c2a59ef44ec2e1593590e4b54e51ee

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      59460a7bc875287e4ea51a9898ce1b44

      SHA1

      2f95c33fb40861942b62926f23dbe5b222b15810

      SHA256

      4744d2bb2654648e49cb1220705bb5fa0abbe5eaf195e0b3b07aaea8ca3c370d

      SHA512

      4a53664bb22a5bead524061f8f8bc5652201475ed035a26afd20125c3a6d6d94a0fad80941e1bd2644ac2986311b2bc46ac6c05d5c43d0c4307931b20926c4af

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6e585010861ddbb51d761587015ad302

      SHA1

      4806cd8df9aa5980048db6684355558d05d53c24

      SHA256

      62c30dc30a2b9db8cc724419553201d0e2490d3de611ffd6b3892833eae08738

      SHA512

      e875573c9067213ccd596c96ec642c3a9442a3d0badb3ef459fbd0f95bc98d0d7a43eb2fc3d5a7bb37ae4de4b6b36b988e6dc76cf8164bb48f84ff13a455369f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      152b98e59cd79929621059ba69dc0696

      SHA1

      9a9d934e03fd0d6891878345b8af37e643ecf3bd

      SHA256

      03bbcb554e3c8e04159eaabb9d1476a45e0383f6cd08f1231cd60bc4d4738387

      SHA512

      8ab448663303a6eda773d54e24e0768fbc71b7f8df0e81bc7329aac43356fad6f1a28c7fe5ce4805a2ef626cf53579e1f3ef84ab8cb065bcf99423eeda448f21

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6fc6ee6b9342555e21142b5ceee77121

      SHA1

      9172427ab628b9f6e9375f9914a20447ec97d7e4

      SHA256

      e4f51e02ae20e240c3c658ce10048085675d7531f264b45031f0ab2bb929d36e

      SHA512

      ac3e75b64ad1c3ca455ea68a1141ef6ebcdc86b760adc2368b61a83ed242e7ec8a41f72edcc2504cb157fd790be8af2d12cec1ca4364ac609d5a872c43e9ecb8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5249238af8d8c89fe90d4ae57c902289

      SHA1

      ea4635a17113e49cb9d42845271411dbae8655a5

      SHA256

      9152e4b24bbc875377d5c4bfc1218c14c76020283ad28c5199e47306088fec68

      SHA512

      928876d9c0f18f878b42cb2f2881584ae9bbb254ff874c892a11c9022fec2e24b59df198fe270d5821bbfd68ed256fdbb647b618d99a71b5d1f4120436e26751

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c2d133bc100a5e84b0f74cf6cda11ace

      SHA1

      e24c82e07656c962288241eb1d58ac1bed0160b9

      SHA256

      cd8444c814116face936b2138a48c44ce84929cb5a6d2d1b16c5093bfb1bfdb8

      SHA512

      b793228312165719798d34033dc388943dff48b985e58a1476fd0f55bc5e59d5c5bdf00d714716e4ca4a698cee57e67b120ddd0c6bd872cc9e3c8a94fae99d50

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      65d518c2792a637cfa3e7402b08ef1c0

      SHA1

      612de7c2bee956ff7c2a7ced783ccd56d9731d99

      SHA256

      48f796cdaac5a10e69ba4b426a5afc6e341a119b8240001d202d1112625457a0

      SHA512

      c182e978d5d8ba091c773a4e7442a084274e5558471cb3141144ee385e438beb9c92771c4ad8497513e4bf90413282759167a463060fe5392298eaa53afa9ccc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c9027e5af7b043e4b83283169ffcbfcb

      SHA1

      c3ee428e248bbd7d9291b8f3b853b380954bb0be

      SHA256

      ea9749b713fac1506cf8ae03b48c7554462b3733dde4d42d8424c542a99f9bea

      SHA512

      7d6883843f00f208081b450aa839b38de7f2535b6ec31ef9652d18fc470f3dc2760eb68650480f73f28b2c2c6d90dc938a3346a2eb4f845815faaa0ac7894ac2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      68adf36f19fd0942f296ee500d33d646

      SHA1

      f18d61ad093a05e740bdca80a9674da406380df1

      SHA256

      364b645a8ee6da4fa9e1c17b5dbdaa707bbf294cb38e58bded139be1c0e0d8e3

      SHA512

      f87c16afc7bfa2d6ce0c88c6291157a50e4019023b5ac0721b53cdb9f1e7e83846bbb01b18e1b4ec39501bf025ea1d635419cc043883c9481f2340fb109d0d79

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      513e5c7c1c76599f9b8d54337ea3628e

      SHA1

      7141ebb7c9c1df9a08429b8581d29c2c334fc5cf

      SHA256

      a65f3257f3c8e2f3d2ec130e38b3ff9a227dcbe410f2bf82404543513f6a1362

      SHA512

      070bc013a36da5355daedc521d3ca4ea23383d4130becb79684ebaaa2eed88c24e5de7789605ef04fff4b4fc7fb129397b1fe5b58f2ce7dc01fb489942e5a255

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5a443f9716b1d8f87e3c38872fef9935

      SHA1

      f1171cadc01136aaa2725fa56f6e9e9f17febfa2

      SHA256

      09eced97a2cf57c5812df59e17dd90f84bfdb49de2c2e7f08361e11dc4271541

      SHA512

      9b459d78d5fded124dbd41ed87c0c6882931551091fe2c0017ed3bfbbb69d3cca7de81b4283f4b6cb3bd2335142518a508f974811418e9c3a306c55a8c1d3877

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d3c30e9ab01775593653f5ff6d0f7112

      SHA1

      6a16a6b360d84e00368b14134c8d02a73c34737b

      SHA256

      9bf0721a310ee379188c03b399a787fa1940687c36a9ade90ffb22e01aa8f6cb

      SHA512

      0d7a61ab65debad44e7a72b87e5cab4ce263645d61f6d9507d9f719d09d7b8cdf33c56baf3ca47dfbb552a5940bacd602362d36bd11fe5fa08916c85640a0047

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab1316.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar17BA.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/1496-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1496-444-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1496-448-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1496-449-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1496-446-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1524-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1524-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1524-435-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download