Overview

overview

10

Static

static

7

c7e16a9880...18.exe

windows7-x64

10

c7e16a9880...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    28/08/2024, 23:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c7e16a98801d6c4bd24f087242822aa0_JaffaCakes118.exe

  • Size

    330KB

  • MD5

    c7e16a98801d6c4bd24f087242822aa0

  • SHA1

    91cdc27b0ffe0a444e160fe1eca6b05b3b374a8e

  • SHA256

    119fafd4dd7f668b31a8474b4a50d7263c65244e3e5454b34a042e7e9e47149d

  • SHA512

    6518fe749495af2ef917985e1cb4e36e61e6b4bb736a818fa6f56c63a7efe82e88801b9568aa66f8365d74d144a84b7ea5b768f137707c8ccad90e2261c2b17d

  • SSDEEP

    3072:WrSFhxp7xHSc7qzPKb/0at9ayXAVJlz0rplWG:/hxFxy8qeb/9zaw+zyp

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c7e16a98801d6c4bd24f087242822aa0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c7e16a98801d6c4bd24f087242822aa0_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2356
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3020
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2712
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2260
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2260 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    08b7d02e62f713437754d84ae9e08d6e

    SHA1

    7d77ae222b0f7ae31fd9ccb1dff1ab3c1937e76a

    SHA256

    29c4f016dc9087cd386cd34e3a8c4134f0d72cadac10c20f2b39dd9adb8094c8

    SHA512

    c2f9436d78cece8f4867a8093709f23081f5423a01772dd6389af0034e888f2fd00dbc07181bd9cfd2e5919f96d44c070372120df702978f4f9492ca4cdee39b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    993628a0c513fae5c3efbe7cd54f159e

    SHA1

    d499c5b343ea7ef48f57dc9f7a1d045b76378c3a

    SHA256

    2b1e7085cbc7607bccb35b8f4414d83fb0c269b07887f4af212ec998563b17d5

    SHA512

    76b9b7e51374c4b15e53dc27d1f7218ca318bf808a755cd76eea461c1e8662a6a3add83c1613d93874f459b73210c1bf70d28a8f005d1cc063898a2ca27161f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c2c8295b0806ab0178549e23430aaf0

    SHA1

    f7912a18a740039febef758077035e6a5c07c328

    SHA256

    862d28ac1a75869ae733bb53c596191cece7309d861d68a161ae8fec7433118b

    SHA512

    30b583e9640d8d43a94df9be29b93d0e45fdb03f2c58bda09ba89e89e46ee1ae5bcf64cea42628ab13740c5ce65a311e28048cd1d495f97abed7ff42bc746585

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    425f0880dec2850056e108f2fd85ca0e

    SHA1

    962677dcb37308c8e45c9ed63fe9d432adfd754a

    SHA256

    a487271931ec37975c9eac7e730ea938a7307bc19df821fd1370834de07ba4a4

    SHA512

    284030dac16426b1e7c0f13105f962cdd835f126dc42268bab7e7242b049da9385c724d0e1c99593afb95a4683257f86fc15bc68e82ae9f0f6f1604e0265feb4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e56727531b40554ca62f24d6a2bdf304

    SHA1

    c78b6631e059ea580af5782bd4b52d9b1f84bc98

    SHA256

    830117d4d0a1cdd5bbaba7f293170ba3578878e7e4ca369c6a0ed21f8e7fb240

    SHA512

    6ac86e6539db6ea599d212be538b62670832d0eb13c1f8f9fab1a2f8f296fa9530f83bbe2dde1cd40031af9a1bf96194241c8541262e094e2c20d8329515eff1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    87518a2ff3b6b5851cf362cf79663631

    SHA1

    cb8f19408d198fdb507c9ebe2f1a38f92dd7a8ac

    SHA256

    32858aca1022dd973396f3ff7790cfb2a7f2f241f43d239e7180ce0c3a9f4cbe

    SHA512

    4c4934f1776e89f5f3f5f37c07a2a5ed28b7a0ab0121d6a3bf9bbc0a90b2e5b5f9bae345e87d3dbfd5f8c327e7c10fc5dbf81b15eb77d8828d5473ffa4248857

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f9d21d7b9dda99308cfe01295c9fc645

    SHA1

    b76edf6481f555e9d8b0acb87beef1330c9e73cd

    SHA256

    34ff84545d48e929df3ece6b2714d91f4476933b4c900f78c092888f1d61e1a4

    SHA512

    1abb81976f256f558c0372ac71639401ae22ff4d9d2a20c32f59986a83efe35404efcf401652d69536d9e700daf0088eee0fd0ab9eae8088ded83b3955c93999

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fefd9ca7b0b4079821f8f861fb5dd906

    SHA1

    f784ec7a19d363df6d5c3d2c6dc216078534df0f

    SHA256

    97595313587410b029a9e2ce35fc018806a7a52cd7c79de6a210ac9e6853d2b5

    SHA512

    028cbcc3c9248aa2f2baf24f75faa18268cdef89777d159b5b7cdc874e560ad3e7bd2ff189a8aeb20a1b58ece26eeab2ed9206b06f1ec51cff3ed9006b3de58f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2504f05074de65f7f55c841f83d091f6

    SHA1

    a452402e0bf749fe1bf7d0c6c8b781fca5dfabae

    SHA256

    5382af3a6e8af509aa7e18da4c5b9859f2644acfa6c9a7b5211add80da49f3c6

    SHA512

    deedd8bf249ac8680dfe394a53931c7336f3e4497ea29b7fa01364edb0231eb868321a838395e97aed1402bd4f578c007ec3fe414af1dcb216d0b495d9145208

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb9a06ab6be0b0ffd9212e68858be2cd

    SHA1

    7c3d4d0adddc448cfdf7198b0b057825407365a8

    SHA256

    442b02090b095f85661b76145313ee58630da669ceb2d9b04c6ec8c7249f4865

    SHA512

    e4ba286f6398b17bedc1493802f806a149fd7a8440d995cb1016d342c404efa2388d5faae287ffda5786f579d3b88c2ad1723a66dba36fb9900dc2fa0bd29aea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5edf1544bd5c69b8efc24e57c6ba68ae

    SHA1

    b6bcb2bdbdcc1df014ed99957a90da744d68fdbd

    SHA256

    0c95a3d7c60813a3ae1b84d0a691334781a8309c16efb8f74497808b6bd954a0

    SHA512

    fdc24cad1ae805590323406e9490be34a506f616321f1430209b760dba7ca48e8a8555015152bbe22c3e7d71b4f707d25bd900906e308c003474aa3e8f65842e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ceb41844230f09a25f607731f1360df

    SHA1

    b47bac46dd2674c654a0a80082a46d3d95c00c3a

    SHA256

    52b6b1126dfcd6208ae46fe609ef44554ee2b4662db798c3fc27ad168d12155a

    SHA512

    bf0ad42424286c04dde2605ab85a6a42cf9bb5b56a448cbb55e309f8aadbd8201a5776744d2202adb703785ed7b42f6ed01038339e4d4b32247728dea725da56

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{944EAB41-6599-11EF-9629-7667FF076EE4}.dat
    Filesize

    4KB

    MD5

    92821a576659c5bf15d9efa8c6a87fed

    SHA1

    3523c80f6f0382c7969618282bfa36329a1ba4ca

    SHA256

    d84d50babb329674f1b5e258d806d23acb1216c8ae3e4f531862246796350fe9

    SHA512

    beadfc8cf8430f5f2e8804e7e3fed3ef5a1b9f0b1c9ce59843adb6d93dd71012eb6e1d9413b90fe677947e03558cb54f549b6243ace3797177dec37f4e292a48

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{944ED251-6599-11EF-9629-7667FF076EE4}.dat
    Filesize

    5KB

    MD5

    f83b691ffd6b9d3d93c256e9dbaf8a70

    SHA1

    d4fa080efc110886a14a492f3907083952e7a7cb

    SHA256

    2b6c179da8831d8f7232cbf26e4af1eda91ec8be643dd31bb12e79b16bfbdf23

    SHA512

    4cb9197c21ba09cf21ed698470d07831ab0dae45ff6273cf781b5c93a2ff246d0091a140bc26b44a83c148650b2be53305d198e5d9e229db6ef7de251e470a23

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3797.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar38A3.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2356-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2356-10-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2356-4-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2356-6-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2356-2-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2356-3-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2356-5-0x0000000000340000-0x0000000000341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2356-0-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download