Overview

overview

10

Static

static

1

d2d1a74cc2...8.html

windows7-x64

10

d2d1a74cc2...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    143s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07/09/2024, 20:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d2d1a74cc2b52be2d3564d3f590dda99_JaffaCakes118.html

  • Size

    150KB

  • MD5

    d2d1a74cc2b52be2d3564d3f590dda99

  • SHA1

    00c0c774c9ae080d7554d20c3b7d59015fb6d8c9

  • SHA256

    c2cda5728fdf4e9f6471d88e07a7ec0fa783becb79066b55911eb8f03b26bab8

  • SHA512

    634d8ab381151eb6c29efecaf08d9fed37e6947f674b4f72a6928ec126f355b2ea5d8a3cf2f7e07f326bc4ff3252cfd878000e98b890af8651d8b0ea7d180eac

  • SSDEEP

    1536:iaRTOIPwitKaj8qyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJA:iYAitKVqyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d2d1a74cc2b52be2d3564d3f590dda99_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1908
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:920
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:268
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2980
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:472076 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1012

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      babaeda9b9fc5d365dec4ec110fc7905

      SHA1

      de268a7720d82f85239e99c440d2d7a39174dcf4

      SHA256

      28ec21c0f4880f1b7c6e8ef80e1e93dbd9cc0efeef5226e52c4306db95466adb

      SHA512

      fa1bfa3c741f16324cd320a34fc9cf7cb6f6b1e02c543cfba30210ec3db74e94263cd1c7f9e0b6a000a6caf5c6f9433992aca5fc1f58c0d66904de7c73319a81

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f47153f1e5a8c3fa271fd6d5c1c8c179

      SHA1

      16e18b90a801f1d51b9961d18b4e51d11dba14b0

      SHA256

      28a5cdaf8290663af6305abed9eccfa097db7b87d759a134b73787445607ddc4

      SHA512

      7106e5dfd263c7f059af0d8972f5cf5c9c065e3f921b918ce6fa1e840d5c52e93d5081bfdf39059eefa56ce8a2695d37a503d659574d8c28940467402252551d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      17034aaedd95e8b29cadc2214092962b

      SHA1

      b5e9e1a20f1cc6d9f7c9f8e293c6b95b6830d8ef

      SHA256

      d4c1e7fe6cf9a025ee586514de6f04cfa3146a21f700b0d89aecb18b69d515e5

      SHA512

      43a7e75e27e7d67f5dba76594ed6c84fffc60046060aa3660a0021632b2bfd3507afbcbeee2f9daec21eedac87fd35a638213c693acb8b0f3d7b85773615d4a4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      efca0f02aad65c6d1ce031cd7d11fed1

      SHA1

      d1022176b6514f52b60e9b67fd92559ae499b0a9

      SHA256

      90013a4035d64ed011047a120670a12ea366e6c878ae2dab6831e24e644cb387

      SHA512

      cc4d47a214ab168ea7a7ae39ccb2c46c4319fba0e4e289ba83cb405c8244c2dd1c31d6a8ffa5be971ee3b07b275c30b42ce68ddcdf1f8075bdcdbf40674821ac

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9c0603e51cac07defd2fae10065c37f0

      SHA1

      4a5666b8a6fc7e092119ddf4de954b6147939c0d

      SHA256

      d8602e86c897670bed093e0ee75906fc252aef2737f6e6ffb03b0ca381ae2d83

      SHA512

      605681717558fe420aea67d7fd4f7efc383088ac18966b023fa7a9453269e99e5102cb5eaea2b708aded2aafdb4e61ad58386ea62f0db0eddac0ef9579b7d654

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      00074abf676ace75ea9b62754c9205db

      SHA1

      2e01c4f38400ab970bec38a6ee6acd2dd35911c1

      SHA256

      33267d0f184d83a423d18b33a19238eba189dec622447d0298c609689c37cfbd

      SHA512

      bc68cff6f62380a1f80356d1176b04de6c9d57df2b5881effae89a79974723d1fb0f732bf57a2ca08074b13a3a1bc504cc274afec495359cec460de91a4ed4c4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5186bce33910b521076c81ceb30cb86f

      SHA1

      b9792d4f2cc2fb3f50832c93df1f9ef615d99166

      SHA256

      4364de0a4c840b74aab49e429a6d7105b8518e61d2764442a978d5597a26c154

      SHA512

      2fa1f61f59dea396cf37255538183a5a0244da2947e85001acc2d47c4fb9a972eead1f0fb9f63db836520b595eaaa0019b87d1f3e0e01bdeeae70b94aa1fc2cc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      815a3b690319ebaa44959ce68146c861

      SHA1

      3762ccadb394114618b20398e5392caacc31f3cb

      SHA256

      9645cdbe9aa0d38660e46e10e199e757c1a3b200a3fd887278a6956b2efe5aab

      SHA512

      12735a55e5b38d596e1b4a72d6adf58956aa380a7133b9f8d13fc853d84c9d6fb3887e358d10319740059cd2726955b649832b42175d049156e77155929928f1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5cc84fde4ea4c1dd59a63e66fe9b00fd

      SHA1

      9e9ef47feb2d9948d8eb586fc0cb0c0b0698b274

      SHA256

      4bf6266f7d615ec812f0e8f86355cc4cb3a6c046d82a708019a3fcf513d96791

      SHA512

      056bf2282a1da1e6f4a51fe45e4ffdacf0863aeb0f9b3f29718e1d6d36a8db9ad3213edf66b1afb06d576383abb7fb610985706d668eecb97715f773a8f95e16

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab89BA.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar8A6C.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/268-449-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/268-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/268-446-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/920-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/920-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/920-435-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/920-444-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download