Overview

overview

10

Static

static

1

e139beb269...8.html

windows7-x64

10

e139beb269...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14/09/2024, 23:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e139beb2696121e5fe8c44c183274197_JaffaCakes118.html

  • Size

    151KB

  • MD5

    e139beb2696121e5fe8c44c183274197

  • SHA1

    5bd3a6cc7c542e6e30692222a784a7bc8000c494

  • SHA256

    2d0614de8ee4b948f9b3d8ebdd972af3985545d4b1db1867641920621c51be54

  • SHA512

    d1139c6da4e967e76eb4c285d4b092c733b2a34a86af831baf376a450440718ebf69b58ea00c1b2e8e557eccf51df6821eff93f8fa588abaa5f02e26e5a9b5b0

  • SSDEEP

    1536:9gj0rXyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dK:9hyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e139beb2696121e5fe8c44c183274197_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2312
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2300
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2688
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2816
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2552
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:537606 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2832

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e52bed4575ef877f1469296320ac335e

      SHA1

      993bfe7757dbad09f074dfe56beb135d6132849b

      SHA256

      725455378b04a200639ece4837d42fbe7ea84f3a300bbc7e76c57e3172619a22

      SHA512

      4cffc6b4d9ae7e45bcc5eeda1a4932a51c1b03395cc9d51461efbe7b5df4ac87fc6ec5045186d339ef2f1c296638f5e776e80e7eda6ca7cf016a4a77d1b423b3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9ddc9a3da706b7d0525f9ad7f4010fa1

      SHA1

      a29797711c3a0054082da84f5c36cd472b165bd9

      SHA256

      f7c6c71ec8760edf1be7096745baffdfda831a7a3785a6e7eb82e30b613dc47e

      SHA512

      d53833fdbd6d04bbbf8c8fd142d16ae0eff5dbe68969975f3e1f05dc3aff8e6c2923fd2a31e2fcb2b55f42d5272991604229ffacd63352359bf56d999935f550

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      154a545e45cc7a2e0ac9a5fd7ec3674d

      SHA1

      9d8cb1c0641fc4c88e868b007e73907a2c206413

      SHA256

      9a17dd0bf3433da5804de38b6ac1c5eaa31583905d1fcb9bfd170b63950f56de

      SHA512

      d3edb757b662551ba08b9236f7ca0390586d7e5ffc509305d39194234f844ee4c14efa6cb5fa33a107b0efe30acebca84342c1ee2397c0bad3e85832aa30059e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2b7daea01a5dfbfab097512e456d5b60

      SHA1

      5a2b97afb86343c6893ccce5e2c241436672e04e

      SHA256

      0abff7d57a1e94df8bfb0f59be02319188dc0fbc066e38a2f327786963afd7f4

      SHA512

      82d48ce5aa925db192a8cb2c9cdad64abbbd4e6497c78ebbca2b45c9a9c331e4ba058ec4557d8d0b60148d271ecbb5574c7ac7b27f69631b2aca92fa9cb1d86d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e8ae2cb725e1860076c4c05f02a5653b

      SHA1

      a05623a21e4e8437a70b68c0660512931d22760f

      SHA256

      70a04c8e2fdd79414e233e5391f6849a5920199019a1d6dc7ed85b884d5f12cd

      SHA512

      5cabdb6d46b2dc0ffab0d6284d10895330cf9b8b805b6f8132d5bff13db83a3cfef0738c13160ee789a6f87cdd19fa296b62c4f7a915799962600cf5da42473b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9e0011bde77f882c11e6c1ce2d803fda

      SHA1

      8568872f4753403525b8592527542d31bcceee96

      SHA256

      9f52b7442838d7dd568b2b4a7e60dd9d8368697c1e9a3f8206c3f68930c958dc

      SHA512

      45a042df61c672270fd3a9664958f55433237c7e2be013b7149a501301d87ff2400844b8237434f7f22e42f95fec654a9bbcfb3f94c54e64ebaff45a2284011b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5b1affb2faa81c7e67c44f81126f42ac

      SHA1

      970a0585572de66702eb1888abeaa492b91e2636

      SHA256

      f23da2e116da7493505f56f9a4cfb2363b280cc0e13e9600c9ede8a5ed7bf1bd

      SHA512

      2c43c48c88fd8ca004bcc6af0d97af0d207fd379b15ebf1ab075577e8fe34a3243c7f884806f8abace8026be793837edeab1aa8b2d992ab3320c2eb7c7a4d185

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c1d33432a9fd102f743e1a03d71ed2b8

      SHA1

      1fb693834feef404a5ef37d61bee1a495269496f

      SHA256

      c35aff0f30d5d9706db3d9f9578d07216bb675b0fa9526c759466fcff8ce702a

      SHA512

      dd0cb40baa4bff23ba042ddea7dc56328e5e8b7261c5d252835a3b5029a49d8ef33357a8acb714dccc47474db6748407ebb9c2ced7f93a60ce473bff8a31cb30

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1075b2caa7cdfc26992937e1d860c8b6

      SHA1

      5155efd9155cc5098be412d239daa1f2258ce984

      SHA256

      cb31a452022b6d5610bb1f4a1df1ae1af8bc87dcd6ca5253da42f60221e300b0

      SHA512

      4efd1c06b93257a4c795d6a2802d40fe746238b172113cac7aabf127021d5c31a26df4f05766040f3335a42ecfeec8c0579c90a54e9d6ba986e56316145fff4d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      209325af0e7c7562ed4305169ce7c9da

      SHA1

      d3fb03b5cd928f5514fcf4afd5f5856f395c0c55

      SHA256

      d72a0f980a52b7da87ba1d8feca1e28c955ced164a116f28d909da4fb55b2330

      SHA512

      570f8aa8541159dceb18cedd40115f9e70cac4fd6f94cf71e86a6efa68edeee464edb1e76b2d9b71fe513750396e17fb5ef51474cffb0fa2c2a406e4e4341229

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3a21a6dfba542c8397d52b71db2206af

      SHA1

      4f399ad07c9c3992ccbc51bba460698c4c1d7b8d

      SHA256

      8f463f8efc9e67621eb2110b7e23b6caa02bcb0443519b304fc25ac0be23a26e

      SHA512

      ddc0d0a29aa4746683a8c6661a456be4f9afd1bf7adee0956e0966ff30da9cc6af3a0496ff817b9c430ca8298fc3f34632c0a8679fc7d35b06a748f5e1d3af6b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f86cede266ca0b0bdbc7edd9d0394c5d

      SHA1

      ea83d75139d0e6f2872cf7a1e594b5a236f392c5

      SHA256

      3f02d045cac1d4f19890805837d92c27ed80992cadb4bd1205ae1f9ca872b5d7

      SHA512

      a74524efa957599d81ef66bdb738fec200e2904738ac60a44b436ad8af1ef66f7964044f83abdd3a94b6a119a7a66f50065ec302c68957c55c81395e0506752b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      04eedfce5260b8a4eb680ba3f02f8ea4

      SHA1

      a34a94fedbe01ebe4d4f2877d8d81161bebd517a

      SHA256

      7486a57311e1ea6c2db799265a0ac8eb45e0ddd47b2b49766a55d815fff3714d

      SHA512

      cb07127ac9057221ca57e37db4bc79710b63e2ef06480afdc7e3872f50c75ef41fe58e09bab27139cb78d723e6923743c6f5c73d6242f900bab772e584fbeba6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      caa8fc73d6b8f5fba099fab508394c91

      SHA1

      923034e153cd93fb070bd429685ed75293394084

      SHA256

      7648e02950e3c2501217c20e8a71a243e12e5cb02bc138c8660a97fd3d60c74f

      SHA512

      1ff8e676dd16fd52c0df79a7572001a6aaddf84e827281274b98fe01b62b64eb504d6f78b2a0b82eff462bcb575aff0bedf8d86111aec6d03ac86cb46c1f8d9a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6a6390c045190d12797195ce327d43a1

      SHA1

      a51bce23114aa929d8ef7b59ef45cc2808901caf

      SHA256

      ce0ac145e40df7d88f940bc164594e657fd14f2e88e13c6a7914f2b1357d2dd9

      SHA512

      309704f90a5f5abf1139b1f52b4a271bbab34bc7ee1c584b8b5813fc34e78bd2c83afb5d82d301839286047a5a2fea6618acffdd69a25b19ded648fc08b9a453

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8f2d791739b54c69cae8c46a917a0403

      SHA1

      3451afd0c13463d4d48e02a3e28f48f517d28ea5

      SHA256

      bbf3227fd688b519c6a4ac22200050a38667b4d600ce6607e7b01e2f3472ba10

      SHA512

      d197a7aa52a2a09ab5e61a28ac82de0776051159e88e3aa16392a547da2e61aed15794742cd05338558a706efb5a252af7987b14203a8f6f820cc8ec8c15bc92

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c7d36645890e7e62327a5de25357d0e2

      SHA1

      59b58ee369ff5cd30418948d1a442d6e1a13cc55

      SHA256

      d05c516426fb2a37711f4b1f89829e4694bf853984ae69737ce2ba67bb68213c

      SHA512

      7aa08ab999457ad00781fc9e6a74c02b2d3c5735cc4f19a42a333fa52c7b3c144d24149bd447828dfe1aaa5bda21aac4c192ff5add7d279e0340776537c93042

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      018cd2020f697dec006a154d6177a75c

      SHA1

      a73b98f4d84aa581685077701ad3b65b0f472f32

      SHA256

      bcf014edb04481a8623e684a151e7ce2ee8398fbcfbb89315ed2e19feea8bb60

      SHA512

      a8c29e36298e3d681f1e163a79e4e89f32461c1ec0495f5833a5fc362db7bcd829df60846b9bb7d50d29a52618e33a12c0b851abca13b9a7e29f3f6b505ad7b6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      58922fd796367cdac16c1538a3b62f36

      SHA1

      7c3f4c0d6fe15f31e7935da108c0978b8a6dcf6b

      SHA256

      6636997374b88e6540242f94f03f0b2eaf9e762c9168cb67caaa25285c8c0bb2

      SHA512

      c8e48db9372059dfc245fadea87e4bd9a8ab568b0d0e359597c81853561cf500c4fd7b00cd31d326e321dfa252df2003fd74ca377b6ebd424f04d7abb5e459c1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab1B7.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar229.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2688-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2688-9-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2688-8-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2816-20-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2816-19-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2816-17-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download