Overview

overview

10

Static

static

1

db19ce1915...8.html

windows7-x64

10

db19ce1915...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11-09-2024 19:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db19ce19154909d68cde4bcc70af4553_JaffaCakes118.html

  • Size

    348KB

  • MD5

    db19ce19154909d68cde4bcc70af4553

  • SHA1

    b3d122a42cdb8da8645a1afa4bf1f89dc9541290

  • SHA256

    df905d542a4b227db23267ee402fbe992861b8f3e1ebbbbfcc4a048920a65358

  • SHA512

    7bc3d542affeab63a027059ca50777621b47d636b14245b455f91d0a3c0a1a291a1d06070a0890d5e51ef48c82e439d984e2bdb09f0ccf48d3ba10ae177a3015

  • SSDEEP

    6144:hsMYod+X3oI+YnsMYod+X3oI+Y5sMYod+X3oI+YQ:t5d+X3V5d+X3f5d+X3+

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 7 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 52 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\db19ce19154909d68cde4bcc70af4553_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2092
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2872
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2836
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1632
        • C:\Users\Admin\AppData\Local\Temp\svchost.exe
          "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
          3⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1804
          • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
            "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
            4⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:2896
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe"
              5⤵
                PID:2916
          • C:\Users\Admin\AppData\Local\Temp\svchost.exe
            "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
            3⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2964
            • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
              "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
              4⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:2176
              • C:\Program Files\Internet Explorer\iexplore.exe
                "C:\Program Files\Internet Explorer\iexplore.exe"
                5⤵
                  PID:2448
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:209932 /prefetch:2
            2⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2576
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:537608 /prefetch:2
            2⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2444
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:5321730 /prefetch:2
            2⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1204

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          Filesize

          55KB

          MD5

          42bacbdf56184c2fa5fe6770857e2c2d

          SHA1

          521a63ee9ce2f615eda692c382b16fc1b1d57cac

          SHA256

          d1a57e19ddb9892e423248cc8ff0c4b1211d22e1ccad6111fcac218290f246f0

          SHA512

          0ab916dd15278e51bccfd2ccedd80d942b0bddb9544cec3f73120780d4f7234ff7456530e1465caf3846616821d1b385b6ae58a5dff9ffe4d622902c24fd4b71

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          0891baeaae561ffcfc8f23438406ebbf

          SHA1

          1c9e8836c31f1c3b6daf105cdf8900115a7f529e

          SHA256

          5afd3936abd30695df53f063417d7144ffc01fba9a6207c1e94f2221e47cb3f7

          SHA512

          03c57e5b81c53282ed67c1897a06fe6fbc7ab96885600b3d16b2f89cdf252c3e7d57723671a1c0fb9b20e23cce53c0c5e769a2dedbac2de621bfb096c4b1d1e7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          652c05319e4551af1caa43db0c58fc9f

          SHA1

          6146898d01037398fa5109c777d59772efa5363b

          SHA256

          b23567b80cf7329e95c0f4fb267a086cd4ec84745ed7367bcd162f47ed22ef5f

          SHA512

          284aa129cc7dab574bf9108cb766a9cfead022d2b3e11fa8daf59823976643ce9e7e83b5d26266b62dfd09ec3773a4eebeb90e1d0ba04bda7d4184085504bd24

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          af39abff07a1a2950ebcc282809c9b12

          SHA1

          8e2a8febd3ae6a97b1b1bf2fc0453bc4931d1163

          SHA256

          b555da8a5610b606bee68a8c7877953fa8f38b39a7b2d8958439444a31126a8d

          SHA512

          e828670c8e1af1e47a6205a32dc4e0dc83f984605df49032a08fe3b9313d3c1c062511264b731031d2b9169bfdc28ae0b966fafcf6283e92ccf39c323e06eaba

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          468ce640a6974c912268278be86cd956

          SHA1

          1fe467fd47d079075ebf5bc2d22aed7564b02151

          SHA256

          6c30c7c8d9611136ff65b214d6702ca01a72b6c1d6cfabfca1c1ba7a93f986ed

          SHA512

          a004469d4c7089a3b3725f7d3b610d2fcbb273a1bfe951877efc0364f0975c1922154e1f9aa7e959810cd52f869881d37495603db879a661b55a7c1d964122f4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e5dcabb014b14c6ed27290ec8da30208

          SHA1

          8b41e7dcf3f13d5d9a6fbe6b77047a5823c3ba2b

          SHA256

          f4e48c674bdf1f8677197f0733cde9a6c614ac2eb5a0a0ab31363adcbd1c0375

          SHA512

          5ecd09f286a95bdb98b8e681e166e3920dd588b31c74360e3ebc59bab865e68573246f1c94ebb7f854c0e322167e9e0bcf5160aa104950b739b08614e3168913

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          378ab19201462d70ea26420f2a5c6d55

          SHA1

          bc4fc8ad728d9143ad559d526a98935216dbf590

          SHA256

          5e7c75af52a7fd1df1a46cd25169327f0c72809242ac3a9f73bc66c6dc1e26d6

          SHA512

          d6d45bd93d6b101ea5aac3ce8ecd50e71f9b8af21e25299bf4be4f57eeba623a7f15852ca1632fa8b6d2eecd59422f0026c507f325645cef17b27913534eb163

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e886e49819e15ed483b655220ce647de

          SHA1

          bdb04360317a632e3c07de4c8aaa7eb11b562a7a

          SHA256

          d5779bc046e6bb62481b64f0cd39c9aea48a64faf26be61dd1961c6f9e92dfe5

          SHA512

          95de4bca8bb90e9aa8d07a17940bd8c9f6bd3d22bcb6f2d248f683a5f309215f6251380e12e8ea24a809fbfc6d0c6a04a9e78070e4b44478ce00ad885faecade

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          47e8e1096b25f4897d68c4b77c4284ab

          SHA1

          2f183298c251de2f4e4218dfed83337eaaac9a32

          SHA256

          83b0e149c86769bf961051d72febadd71968fc956803f642e08f300bd092db49

          SHA512

          2d28cca92833e277e0c89a8feac5e1e68c614976101d2a4e8f3a08464e1119b38752028d861c64fd9ed23ec41858b99df52fb2cefa34286417198d922d3d1e09

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          938e1b30b6a233ccec2592830d23409a

          SHA1

          332d0fe8677e5aae8be845570eecd7a05bd18219

          SHA256

          3141f5baa32f867b93b82c8f7cda3394efee1e948a253096ddc03a04adeec846

          SHA512

          2171cdd8870f651e66ad75c4398d0229753545b3c065ec436b4c1613ce933835aeb5d71707387a4f1d2204292958d388c0eface181dd02a031dc44e659b44c9e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab8C3B.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar8E9E.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/1804-20-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/1804-21-0x0000000000240000-0x000000000024F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2176-36-0x00000000001D0000-0x00000000001D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2836-17-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/2836-15-0x00000000003E0000-0x00000000003E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2872-12-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

          Download