Overview

overview

10

Static

static

1

d56a395f87...8.html

windows7-x64

10

d56a395f87...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09-09-2024 01:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d56a395f87774b6fb7fa6ccc25ee5ca6_JaffaCakes118.html

  • Size

    184KB

  • MD5

    d56a395f87774b6fb7fa6ccc25ee5ca6

  • SHA1

    f0e57e9261e176ae854f9758ab07e1887eb11c16

  • SHA256

    3ba666659bf2650e24f1b5ba7a3bf2d7ca96623f3102dd63cee6ad5058e4e6b5

  • SHA512

    4d258d10649f9ac04b6e1c78cbaa3261ee3506f12e34c605397dc62a0aa85edd9375453004a6ee86252701b2feb7a441ac14189bb3c7df367e4f53886abff290

  • SSDEEP

    3072:4jU+z0yfkMY+BES09JXAnyrZalI+Y5N86QwUdedbFilfO5YFis:4jFFsMYod+X3oI+Yn86/U9jFis

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d56a395f87774b6fb7fa6ccc25ee5ca6_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2340
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2340 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2768
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2556
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2724
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2384
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2340 CREDAT:603142 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1484

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b02da6a6882da2d21b0f9c84da9d6117

      SHA1

      0e2244c03666258c1e3eb604e26a35e74779d99a

      SHA256

      1f128f150e3e3e2c290f29487536437b9c3fdf9fdf8212e9313e206376717bb0

      SHA512

      d3cb8f278564b770fb5974716cf92387131c2ee00aef4221edcf365d5660b7e062f089a9d431389a49bf2a05cc8c462e184163e4a1020ccc82b86001094f2f35

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      34d77c836293a8261229fb519597dc14

      SHA1

      a14179007335ab5fa954040ecab789c86ce18367

      SHA256

      55293615359312e945bd1cb181442b34f986feae01c19bcc9b99885b1db67250

      SHA512

      c640c33c825409880ecb01f7639982e53dfc9efb084da920ab65a8c5c272df788ad21bfaf827d7ee2f8d7b59906d0765bc196f04ec83cf20dbde57cf0b648baa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2c6b600251e9081bb0e71e88cdb6fcd1

      SHA1

      b8982c1b2480fb88cd240829fb0eb5d5423afeba

      SHA256

      712acb3ca2e314eb0d8a83a31cf5b4a7db1402a26f0a370fafd0b27509b8aca6

      SHA512

      f6360ad6af4d19b2f9418b0a39c35f152895d012a86cecb8c4016428747d04125c1c11a7d873ca47f4929a3146578257417e4bf75933cec4529ddeb5075f5765

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      81aea0bd0b16d0cabb43483ee23d7936

      SHA1

      00c169766e176d20c20b8c636bc6d56b2349d5d5

      SHA256

      0589f1d60545db0361d9bcac38edb6ff3e79d7341ccea90cb3d14c42a06bf3db

      SHA512

      3455489a1685b84b8cec28824f599767ed101b70f4eb00e33e71c351e02be5777d3f6c58fd0df32cdb76fa2b29f18b1f52447916fe65dfd01d36a313ff187882

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e3e63c3e5e091625ed1dd374f386d152

      SHA1

      34bd73fcf7313da3661134fdef9304c416dd1d16

      SHA256

      0128afea4b2e85ee724dc47540618abc3c724a08506c6d5844f31dd3df90a717

      SHA512

      843bf8f8b0203ceefb462ba39313dcc552bd90736b35f72469cc139ddf9487c6b6fb3814d4d3cdc75d56a321b41085cd48b216a21853e1e9df09f9fe9040e5c7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a486946da9159f2e33ca265a99c775cd

      SHA1

      92703f6547d5be908be699b6d3ba3a017a17d6e0

      SHA256

      926820d7d22170570fb1f03e8ce153adacb87c02b4beb524a9cf2f7ec52e275d

      SHA512

      8d08892def481eae4c087a83ff9f568a40ae1a471e2868a970122232f7088e56c484813ea02537869943643168de8f02d97028c2969d25d23177853eb530078b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f5067bdff80d31209f5db88b1dc3bc39

      SHA1

      7d9c83c114ac673706d0fd71477ed9c1636cc661

      SHA256

      cf0e68ec93c17e7ebdf0d5ef2b239923e448ebe308edd5a06c1db7cdd2222aa1

      SHA512

      578b84ce4e34bd0b75536928452f335b8e0de4881012571460950f534e5c29fa58b172686aa6fe2a985628601a159b16338cfd3ed7841f8906c2fb50fc88c5ad

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5480ff02db4c7c5e25004ede29a94589

      SHA1

      c803ca62af13f490081156ed30e06d38dbcabfe1

      SHA256

      8dc408cca8222fec437620e094cfc0b4e5c3c2107b09ac267cc1301e95370736

      SHA512

      22f674c320cdc997225797595bbe72fda8f0beb7e4083edee1ddde227935e04e9b622a8a5b6a36a04d4fc2e81c048aa75cda0c326523c404ae1f816ea5c7326b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2336de1b836720e0276ff2bef34920e7

      SHA1

      5fe48d59635cfff640cd18e6bebb320233226593

      SHA256

      83902afa87c00d776755feed3ee86543d138d1355157258c299e8c5724b202ef

      SHA512

      9eb56e60d9064318f4618c18cb60e8d1a61e0477504bc34753484538553d4f83569c5622cf1c287a242fd151b494e97ff8ea3e7c7f9fe66ae68a08dff389c919

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0918600e662c67ba84857d54786daffb

      SHA1

      34648281c35820115d5b6c8a1af4fc3a1ace7576

      SHA256

      6c3d35f05790831305706dc72596c3bdbd88a85c0aaa9569d7a417eb5221b4ea

      SHA512

      14fd7ab7f8116ad3f6a889d1478c176260f8d0505b4e89f40eed6ed0167266d8304845ce571133fadea7ae9de70e066ea6ee8d9f6a61191baa296c34f3e050dc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5d2c847cdaf3844fe17ec1fdd165c9d8

      SHA1

      4380dda79bfe5edf2208f4f4ae1ac7aada678228

      SHA256

      6663caa5d6acc76fa74df1142e6bd416a128a6f766851977113d3978f8c99e4f

      SHA512

      f27d56b7942c250e5ebbe53064a77e5a408a3c22eb655ff98be665ad144c314557d95e5aeb03c156a991567b3caf6445ce29b9e6e03cf26f5529e5397faf910c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5516e1f6842fe76549d9bcc8261e7b21

      SHA1

      80b96cfc51222374cbecabfb1f9edfd08191d48f

      SHA256

      835474177d98a0a5ac7acf8728d3512164abf42d5eecb0c2fd59f795d7bfd633

      SHA512

      0eab35a948312e86ec7ff0354f9ff9d28864cb92389f291806833addf244aa4a74b3dbacb5105a64e2b8a32126cd8ea9907fd0b44f8d80821f38d2f8dd351529

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2a8a50ff28add7119ee9a9e9095bea46

      SHA1

      e2a64d9eb31dd0a42342dbe8e935a6ef094d1212

      SHA256

      ae3f11681ab33b4d88a40b1ad15f0882647841223c6b68d0a80758fcf0608068

      SHA512

      298d690c0746da41fa95e00722e15dbe3e10437f30e36783e334ae5eca93d6fedc154a56a492d5dd71c84cc48a3730c05ab0dd5ceea54e0a15dfce022d209ea0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      701f342f1d2db641527c21f0fed1fd47

      SHA1

      a44723b8af5028596f039a4495843daf7a38f3fc

      SHA256

      4061acfcfc022ef6c951fa3656f8f2bcc131f024e91f740f65980ee3d616b0ab

      SHA512

      6b4976f55d301faada22b69413fa8c51e3c22b844a0a09eea1c3d7bf13b74afc3443fbfb48a20f6adee17d45ce845e78d60429d8cb34cb71fcde349839ac29f1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7da2cb3bf07dbe28d6c4a823cdee1fdd

      SHA1

      75a9c4efe98ffe79b8997d236267005c5554ed7b

      SHA256

      5ec991e5145aed1a2dcb97b74bad10a2bd5d23b20e9592035322195768f86eb1

      SHA512

      560d0562e40819f45dda4f607a7294a381c2f6155918bea195b69585e6e729b8bd32e48d2377d5d5764e3e47b76b25a7f4a7452786e50b4fe67bb35a02c19d80

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      22dd3b94994dc5ea9fee49942da1815d

      SHA1

      06f80293ef5be129c3a2a1665d921844459350ac

      SHA256

      425d8fd979468d25117298d6df82cca84171458dd1fb258c1d2ab73348ac3fe2

      SHA512

      143e462b1d58f31440cea2ed0307e0fadb9e724c1c9d8d8a7d56168a3cb0db2af6bb2ec76f2bb2440dc7d25653d11b6a5e9b35e5ddce7b71788ca8c82f8271e5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7426deaf87d264c76ad73640904c5def

      SHA1

      e82963c54acb56f58f4ecf71138ed24e767db9c1

      SHA256

      1fa466643e2e0ba76dec069cd6d5a4310338ea7fb5a92558c7b3dae040028768

      SHA512

      0c2b35c472747b607c993781099bbdda2b2a6460b8a3b44c51b26438496b8b266ab45bb068898ce520c03dd30c8af25508ccc61b39f2c52c83d1ef3dc522fc30

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      585f85a88ff04146d7104756b7b113c1

      SHA1

      5097e06d8361fab36b756b9dc6d75defdf3791f8

      SHA256

      e68be3462845d1cdf871dba1bc7b5f71002ab178ea39205538d870464603d4a4

      SHA512

      a010406d743c568fb0fff5a945cbf8967560a909fde5573fe4c4ac33cb2fcf9bc11d3a4f5da1e9dfbac2a525a8fa286f96f2022a389be57cb5f8f793f9915bcb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8da72115d46795f98369267400b13fe5

      SHA1

      d313da5da92ed51169b2666f43361b4cc60d8923

      SHA256

      5d195ad83c34c8b042316daaabfd9ff9ee8f019197129ef806c7cdc4b2021a2c

      SHA512

      df7c4521dafbed030e954e0f6fb2c6b8739d6f95a9e5eb982678e84e9c8efaaf85f12d378907c44f3f306abf991d2dd26820c3c75dd308591e778b87facca6c9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab27A0.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar2810.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      83KB

      MD5

      c5c99988728c550282ae76270b649ea1

      SHA1

      113e8ff0910f393a41d5e63d43ec3653984c63d6

      SHA256

      d7ec3fcd80b3961e5bab97015c91c843803bb915c13a4a35dfb5e9bdf556c6d3

      SHA512

      66e45f6fabff097a7997c5d4217408405f17bad11748e835403559b526d2d031490b2b74a5ffcb218fa9621a1c3a3caa197f2e5738ebea00f2cf6161d8d0af0d

      Download Submit

    • memory/2556-6-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2556-9-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2556-8-0x00000000002B0000-0x00000000002BF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2724-17-0x00000000002C0000-0x00000000002C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2724-19-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download