Overview

overview

10

Static

static

1

e0c546d02c...8.html

windows7-x64

10

e0c546d02c...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14/09/2024, 18:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e0c546d02c204460bc58f7818c1ccb64_JaffaCakes118.html

  • Size

    213KB

  • MD5

    e0c546d02c204460bc58f7818c1ccb64

  • SHA1

    1f2e533e3b4072a606d6bc092887ce4de58d4d05

  • SHA256

    d144e9db905f2ea058fd92ed78da058587f2af738c1467446d47e18acf415722

  • SHA512

    6517ce9ee66883c07373b2173e5a7109c1be78f83e16823e797d4336afdad8e52cab7338d2d644590c544dfca6372a7cbcbb05135f628fab166d8008356d2177

  • SSDEEP

    3072:S3I0TpNdL+yfkMY+BES09JXAnyrZalI+Y5N86QwUdedbFilfO5YFiM:ShlsMYod+X3oI+Yn86/U9jFiM

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e0c546d02c204460bc58f7818c1ccb64_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1348
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1348 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2420
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2536
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1956
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2340
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1348 CREDAT:537611 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1796

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            ac99baf42e5224b76d6caf7dd7984693

            SHA1

            4dbac68bd2902557999abe0f20f18621d36bc11c

            SHA256

            a768df48d563971bb654e9e3a5e5e964e7b090618176201be845eb17bbf1ac64

            SHA512

            4c64a39e24f39a97be4d370401dc254e48b13ebc85ded4adf3ffb9249b59c48ed0d583e8a030cf396d612dfbd482541920317c2ee87f627d60996ff9604b8c34

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            a05175734bfd2fb3088307567d3afbd5

            SHA1

            33f62e88ac959a9e0b9c1c29def8852fca1a8ce2

            SHA256

            86e810819bdfc5a620c872179540309f9f18c6c4c5b56490692ee830cc00f252

            SHA512

            fbe5b3638a82a1be2e8ad9702308de2fe3e78e235a328805b3ab18c4d67222a0af31c2e90ca1dd4ed59ae363e34509a3404945e685552c970146a487481842e7

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            923d9bdff19535d73ef21d0f2c702c43

            SHA1

            10e6ff76258c58b91c5d0c60dff1834ce6133c0c

            SHA256

            53dff232cf5ed34fc8434d568b25b6a7c4153f934c1746a17c7eb98be84dce41

            SHA512

            3984d6b391abea635e7bd930c7faa5b7303263465103a877bb324af9d3bb139d83378ac4ad447c491272c4cf6f3b977dbc3c8da3066578e26fcb3a2ca765ea14

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            49f385c84a6589507e576e6242cdc38b

            SHA1

            96c25ea0bd22be9a9e4dc2af5849047f32facaca

            SHA256

            6ae1c71e7184daeb1d6e9c0eb2c6c197cd7b88537192db51a7e862df0373416b

            SHA512

            cba4b9eef3abb04439acd81bd1920bb5a86da0c4227b356eaa785f55b74c06540f838a5ef2fb0fdcb0568d3c69f7c1a6768f44b7056e490fd9d4797bce8358b6

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            e753608a556b33bf95d023a617d2a7eb

            SHA1

            7b1e587b3b8489867e9e086d33d547211879c029

            SHA256

            eba09730e2983a7c0267fd9dbcf26b0eecdd5cf2f1a162cd4f291ed13769a2e0

            SHA512

            d3e62934f2a9d5a8d7c4ef09a670d3bda2a98485923ff1b5c93124bcea25d7f95971404ebc4c266919ad0987b96bf7c3c707de747661f7807941f87808f83003

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            270991d27643515c6e27d566059b9566

            SHA1

            29e583327a09bd2b1219f0b514f09898320aac07

            SHA256

            02da600e0c10badcb9827bc1611c806f2d0d937235c50ba37c506e757719943c

            SHA512

            455b0a09c4fabb8e1934a65b7e5ab3d51c1ab53296a9bc2affa6754a2a1b13c616830dee3c1cb3c2f9e354c5fb7b99118a1ffecadc47dfd56c4182f03f6dec8a

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            dea7362f7cdd38690dbe668cb67fa639

            SHA1

            25ea448dbea7b2b416068b346a1a47a256ee3598

            SHA256

            88b03c1e04f4a03dee72d59c0287d6b95931742b79e254b4b99ad554ffa9bd16

            SHA512

            5f0712ca21fb9f2b91e80b1b433a6747186881aaef07ebbe0cd1453ed1f728b38a25c37c7b4e58a64a5f474e05498c140d98d75402a477974c99f6e30fade03e

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            fafd14ba27f4408a5c0d1db3db48bedb

            SHA1

            35a903fd4f7ef4a6d61cc8939894644fd079b6a9

            SHA256

            0691dcf345fc0c563b9463dc4d21f02a905b8809cb7152273f96463c44e9ff56

            SHA512

            87c44665de93a1cb5b095fd985a2af33d25473d0a0a83b38744264d5437d1f013a32b588d9fe992b374a9952e802499f1f3474e0bc0b37dd384cae415e0d40c0

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            acd88e6402133a38699393b0576b50f1

            SHA1

            eab5e4a8b6a3e2f4c9537ced6e4f798795905e94

            SHA256

            f937d2312a0982b242e040282ebc20d8cae758315e37ce36e3fe93c548733b12

            SHA512

            35b4142d390c2b6a343ca49725db882e4165f46efcd8108f5dad5583662e92d9d50b50883d796c169e5c4ffb5c63cce65fb3b4e9ad441f5f5dd0ad7e1d26223d

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            9e86717278a39ba7b65c6301bca7120a

            SHA1

            5af8bbf49cde662780343c62b9929971322ee87e

            SHA256

            022047b17e32312b70812d6967270c670c9970215e35c49db983db2cc9337123

            SHA512

            ea911cccd3f41f72178156d23f8f654d512af1694ce26533ee4ff8de6116ea8bc51ca024e3401057db4ba4c6a2a251b19227ac8ccade3747a2bd473aa30809b6

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            a4b962d474fd9db6a40d0367b4fdeff7

            SHA1

            8a88cbe7e440c33389a8123b97b3ddb93a0a69ea

            SHA256

            a9646109ef5905854eb2cb61c35d924c00b3b3b21d96e2cc402f49ff4db83923

            SHA512

            dba0f4a0f2e63fbfee1211546e2dc5e11d8017abf0e4dee2a38f49405d05b77936100943a5bfa29cf2f060259a43035a9119d104994fa13c69bcc47bfe5cd17d

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            fa4d7a105002658138f5e07f39ef96b3

            SHA1

            e226ed3f179dc374b2f6a4f24b374dda4b7a0391

            SHA256

            b2b4658b0ec6573a5e4e325c37af6d5d15c99a3cc02de06a5524a14bbcc187d5

            SHA512

            0cd3b41a2523e968b14e7ce93cc9fa40486664a948bed7b69085e38699f9c13672bc1825a40d6bdb778abce4716043f167a357333e70ef09f08908517fb90486

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            bf852a4554fe9383c93011843012f27a

            SHA1

            6b8a634b2dc01e12bd58901a0223428d8a77cdd5

            SHA256

            2b3bd713c110341a8c960366aeb5ce69e3916ca4482211c8c8ae6431c571a9e8

            SHA512

            d44576a003ff71f0659fc699441e85d420ff5c766908e3c84eb04a4515d996ed090f2bd1ecc0489c423361573200b37e4fa40ad171c04fb4c3b0abbacaee2ca6

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            d9f513dfaa5aa5d0601a755121d00cdd

            SHA1

            bf9769507ae701d2425359a8300ad5f4f06bbfa0

            SHA256

            ebbb427b17c0c9aa35f257e6c4caa7f34ed3974d0858e9dd306f97644f825f95

            SHA512

            3efb48feb3648abcdf103c515ca8eec23b95f64bd067a14d1b9d921e216a94803c7f00cd5567761881debeed877a523acac077f164b20e825bb1dcb16be6a906

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            24117e5eaa93f37b95e1fe508d61dae9

            SHA1

            770b2021cc954c38ca08b2823c74f7514137aff5

            SHA256

            8b6f36959927064587c434ad0d0e10b5fe3f851e91f453c59f61dfec6671a434

            SHA512

            5017ca54c159bd3215531653f01298c618dcc4ffcd2ccd6d86881a734fd4ce63e2ddfff37a4bcde0b6b2dc8b74fc863ad11a63764ddaf89f349c228efcc9e365

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            d52f16cbe38e16e3b86b05cfeb0edb9d

            SHA1

            2cd651ad1e5b921f24d12ce2f46b405c9bcb15e2

            SHA256

            dd5291057e666a440384ba5307c8812dd38eb81508aa0d1da8f41b431282d174

            SHA512

            e568b3d7a13b2f2f505184584ff6dd239eefb71fbb8433c8f4812fd360cfd083f14d98acf6ad9ad56c744efecfdbb0a21fa4a1c3147c77b5dd75916dd8add73b

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            c0412534fac4fbde6416bccf0599702d

            SHA1

            3f90fc64d20ff3ce47fe049bda43175fb53cfd84

            SHA256

            8c7b8af6b5c5f4de1aa4471fddf337ccfbc5b51104bf200e1857f42c56e342c5

            SHA512

            b9fbb691f7512c56815d165e64d6867a37189888fdcb486efa5f0cd404d9bb409112ed996ff83b6c8f5c14da578b95b96ed22d1c7faa0b7228982b6c5e486516

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            2bbc65543fad58be30d26fbfc0098098

            SHA1

            d3b55c3b8c88621c2a032b13049a80a49c4571ac

            SHA256

            4ecf0a2fa4cb4f694868752fec40ef979bdd4bfe17355f28f9aff89bf6150cd9

            SHA512

            d1132c4f548cf340385bda6f6e6db9d01c9e61958ebf60e01a4bfc466bf19d787b6a6979315bfd26d95f2784d7b30bee4edb04e645e9985ff67750f9e1e8bd33

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            96b93778f082a2bc72ab5604d56dc236

            SHA1

            e971706a8cd971e8f1ef03c6ddfb7f8aa114bce2

            SHA256

            04f6a9b2ea6a43d8efb93f1d0d0c239648291ce1d00ffc12689ecdea12422ace

            SHA512

            d506ababe05e3891b5581d6a682c22464e196b858e3d975724e9c315df14134a178a739ecc355d79cbaf8a6691c95dee3591aaa15d85477eaebe2f47e773220e

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            37800089fab12ac5108c9390f9c7a2fa

            SHA1

            f7024cc45e2e6f26c0b1b6912e818309c4a729ae

            SHA256

            31d32e4d4a44d39c584142afb168bb680503b80d514553a3926fed013f57e4bf

            SHA512

            7db4c06c5f7e18b05f42dfd58735d18828e8bcfd920ec55d2d4ecb5d1ba9558e641e60ba7c21020dfc46c490cce56b095a4382d2cc01307e429f7a4f114a98f3

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            3c92206d04d93219ac253453523522a2

            SHA1

            f16fddae6d9ad10e8f86180c96ddb2767e4e3da2

            SHA256

            cd849fad7cbfdbd276f872e83d13e2aafcc7f1b4c8eeb9fe1d0c108404f2bb61

            SHA512

            f7d225ca480397870c78f004bb97c310be6ad75e1a847619831ec41c23c5c78a7a0a2a5d9ca0041f7ca2cc17758b4cff03010147b8f9f3fad3b55828cf98bec0

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\CabD1B1.tmp
            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\TarD281.tmp
            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

            Download Submit

          • \Users\Admin\AppData\Local\Temp\svchost.exe
            Filesize

            83KB

            MD5

            c5c99988728c550282ae76270b649ea1

            SHA1

            113e8ff0910f393a41d5e63d43ec3653984c63d6

            SHA256

            d7ec3fcd80b3961e5bab97015c91c843803bb915c13a4a35dfb5e9bdf556c6d3

            SHA512

            66e45f6fabff097a7997c5d4217408405f17bad11748e835403559b526d2d031490b2b74a5ffcb218fa9621a1c3a3caa197f2e5738ebea00f2cf6161d8d0af0d

            Download Submit

          • memory/1956-454-0x0000000000400000-0x0000000000435000-memory.dmp

            Filesize

            212KB

            Download

          • memory/1956-451-0x0000000000400000-0x0000000000435000-memory.dmp

            Filesize

            212KB

            Download

          • memory/1956-452-0x0000000000400000-0x0000000000435000-memory.dmp

            Filesize

            212KB

            Download

          • memory/1956-453-0x00000000001D0000-0x00000000001D1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2536-442-0x0000000000400000-0x0000000000435000-memory.dmp

            Filesize

            212KB

            Download

          • memory/2536-439-0x0000000000400000-0x0000000000435000-memory.dmp

            Filesize

            212KB

            Download

          • memory/2536-446-0x0000000000240000-0x0000000000275000-memory.dmp

            Filesize

            212KB

            Download

          • memory/2536-441-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB

            Download