Overview

overview

10

Static

static

1

ea7528f5f0...8.html

windows7-x64

10

ea7528f5f0...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 02:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea7528f5f0055659270a053b790aaa73_JaffaCakes118.html

  • Size

    128KB

  • MD5

    ea7528f5f0055659270a053b790aaa73

  • SHA1

    e4263ddf44dbf7e8a8b25f1f7034f59fb6bbed4a

  • SHA256

    5e7cd32c7e3c6c6f4f8eaf762bd8ada4166e2c83224621547a538df0e721c421

  • SHA512

    a9625139e0ee82a0cb0d59757a5aea11db893a7442df5f42b711deb7f5377d3c52cbafb8dbdc041e3eb97e100ef3ee4fc7af55b6b388eec75f740172cf83fb2d

  • SSDEEP

    1536:SKugQ6yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dK:S0/yfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ea7528f5f0055659270a053b790aaa73_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1984
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1984 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2536
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2756
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2620
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2600
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1984 CREDAT:209933 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2672

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9bb44e41191f43e5bef3ae78b45ab401

      SHA1

      d9046b79accc585fde8f083ab58ec05c85555b8a

      SHA256

      fc5d67050a019e1361c383ba90085e30631ba7b09d740fb2f7ee91fe4398bd2e

      SHA512

      e7b15e4cfaac42ef6bef923b8604d3346354704f2dd3bf9758a19be052483c51b5550b94c6fbec47d2d9ef55e85012961e4db950b64eab4d2007a6b809baa3c3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c578209660f96d1ef85f0ea6b00999bc

      SHA1

      0c12fb6c73fe380e7739f45b70095efcfdf3802e

      SHA256

      04e11a24ba1e409e15110ed1b292617041378c857c64dd7eefda8ade4e9cca54

      SHA512

      5ae00c8b2aa3e018ac163259a2dfb33e382df5b3becee97b840143ca3f7934fb6dd5fa94755aa11a5f09228a285d41b91c728ad8818b5bfa0747d946435f8cdd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b4b6764084031f8fc0a8142dc2a63b88

      SHA1

      0977caf0ab555c26a0e1aa952ba4468c785e1b33

      SHA256

      4d408622928ea47ee1685c43e09484edf69cf9ab835c9149c777f93eaeef741a

      SHA512

      d8aa7b6e65410b5f2d5e117632c5459c28e9800d75a4e9ff5e46a0037118603f827b10141362056007d1c41324f6e4877ccd99baf062003a5ad7b2975a394981

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c7cf80a311ce71fc639e4b1db781421c

      SHA1

      f304c51e4d1a1df3eaf4fcd8cf327ac89292799d

      SHA256

      0cd16bed495c061664a1f34a732473dfb0b6a7d47acc18d968f0de1ba642b6ee

      SHA512

      4e8bda183dbd26f94a939f96c0a2c9c83535dfa40fe416e9d04fddcf1134ee10bd65c98daf043a93b08254689bc82447377a6f34e19ea88dc1d8c41fcdb6e8e3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8a91f9e11c56f08871c32562fb7ebd63

      SHA1

      3b1aaa669fd997d88751011c795e6c46533b865a

      SHA256

      ff8f6979d24832b70c8b565e4124892224eb09e9f2aeeb267fc1741677e0de9d

      SHA512

      b124836fc7b3288852d9925d77e90c81a82696ea764936f5fa4a27302b3e4ca303464fab1703b65c2de34c16a3139ea215acadcc83651940d7ece8a093d9498d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      497940d45fead414f9a8d0cf7b0a5b14

      SHA1

      ab9c42b3f5b425ebc58ea92036e0bfe4422464f8

      SHA256

      73a6a3b6db2e92c7b196f30473fc8afba50bbc8d2d9f88e8420f78b8e02db5f0

      SHA512

      dfd4bc6ea565bd08e761e408c00e52708f4c0b4417b5031c9d1f1d830a0d69223e9f6d495c51c90c471cace3a06183a8435b3fa8bb766e58dfe265f6d4507ae4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8469ef7c3f8a7517cd25ad92492c5fb1

      SHA1

      559fa83ef1a183bdd8a3c5aac6397873eae91bc3

      SHA256

      5dd9512c6f719fc33431903751f25c4749333beff5e3c13592425bd160f7a5fc

      SHA512

      dac73744d17cf9a8fe402abdbe2ea467f9f8dc95690d45ecc91832687f1a3522f1ae834b91e14481cfe4f6e85d1a956802b9a82dda4e7d380ef306d835f64205

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f1aa5140c56a8eb3c1a109064d7aa018

      SHA1

      fed2fadc81e79847dd2e819b06508845f74e40c8

      SHA256

      eb44ed7d79f7d1ef03816ab84d47c88fd6046b57b66eb9ce4715602d9d1b73dc

      SHA512

      550fa02b17cc47d0811d348a17d808efcec85db75bb0302b84b389b5752f5c23b34dfff55aeb20efdcd65ff8adc7d2691e4746e07c5f7d01d14e8c11e0eb2fe1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d35eed8254f52558f21171e012628443

      SHA1

      95c2f27f106857f42434111804c80beacfc5a8b6

      SHA256

      e0a7e8d87ac588ef97e49ed47e04180d8ec4e35d39a67782709724977451501c

      SHA512

      1ee2a6baf7c6bbe46aeef955bae75afd568ff675de633c7133e4e74e54a4999875bc115561ce6a67c50d806aed41387bb31f9d3e50a5d5bd40155cc65ef6d3ec

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1e2813b3cfb41d082339eedf3cc4de0a

      SHA1

      80176b6585ef2a6bb0c3823fc5cb88897c2ff02c

      SHA256

      7172e5515cbb79181b73b1ffee851263e38f42ceef6d3689aecaa97a1d51d579

      SHA512

      08c4a973c08c092197f8e68c6b28f80479369e088d130c85d6c11922b43a3a7ea23291e955efa05c957e11a54a82688cb33e2f6745285efcb2c6afae428ea90d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7d1a106b9aaaa01fa5b75c5ce941df6c

      SHA1

      e2a6f15145ac6e747e50ba76ea235c258745f803

      SHA256

      86e129a66cbd98e790c3911462180c64091cef7923def4361257a574539ab118

      SHA512

      556c84e6fb074537ee9f03e52883f78d5529de748db4acb4f216f5db86236be3cef43711ce1b88dd829b28f7150c6bb0a35336b2bcce356c9d48d880624fb5dc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      038d8b22c403ae6e2259ef746adfa368

      SHA1

      189b16915acfa3d7a738aefdd0062513695c9619

      SHA256

      c73ddfb8c75f75ce825d4a8acc7d57275b6b69f7792543c8757d8b7011c67b49

      SHA512

      755a54a21094ae1e79c48f1883bf72b11668f425797e3057482a5b6010cc7fd5e066d7ffa9502be469702a58c138e3fe41b3c712ae5aece679cd9640c9092900

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c0922013a1efa99ea47ce423c778e935

      SHA1

      b53df70f1c3ad5a5630548d2f922924b595344bd

      SHA256

      2d8db8ed21097e793648274a0a85fd2a8d72894c6813ed02dabc1ba34be44f14

      SHA512

      8ed57d48dd34f388ff26c962994dfaef1d76ba82213e7187bd2ed11da44f274681ac3c64f4698c1a57b66e12a109d0a344a22e0bb25502513e45ca884e5fa274

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      93633faa27ce5c3facf69c69e3b515bd

      SHA1

      7cafde6e1d95854a1be70fc1c99b632aa18bd2a1

      SHA256

      4ce2e7fbb3cc428b5c1bded4251f357cd7b66e3a8a7d2864ed728aebf34c5e9c

      SHA512

      74133794fe8cd7008a93db5a70cdc4f3d9f2ccdce02efb84c17d0c0f6472fdff51c3e8b4cd18e9ae6198abcca775e8777e74872dadf8636ebd9c93fb597211f0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ac0c2f3bea22b43f4cbfbd8307a4e88d

      SHA1

      25cf1521cf46ef7c2b9519f90c0d7578b158f95a

      SHA256

      eee6ee60af8f2f46a5a798153ef812f8b50e4746a680826e5d1653068250795c

      SHA512

      fa8b061acc9c2e6b982beead563e05dceb23886c681c990001ad02454e7467748f6e8e35351d06a2797ba4f0b34b9e1eacd8171a5983e87c25e586331ce64311

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0104546e5aff9ddc1e0aace5c0476859

      SHA1

      d23dfad1c97102706affe45332db529d9a6a410f

      SHA256

      cbf131fb3f90574939fa33c9b70e1362df5fde13347232fdb21552779d9e03da

      SHA512

      72098882cbf9d0c4a88bca1bcd3eaae097c3d2432767c8db84d181f47e92dc449032cae20217094c09ecb6e5561687a666b3c4246da383850c94b2b06dcc5800

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2167862778702f48f05c76ce73665b77

      SHA1

      d28a376024bb024aa4838b071ee5c179ee2f7042

      SHA256

      3d9a5e4242622c99bb53d3cf92c22eb0afb77a5ff6c5949073762ff2054ece53

      SHA512

      dc8ca5de9c1b38c12208126013aaca058f1c8707a169edd4746db62dfa3b26f2d47c90272ee69c4de00698e0291fa0c703d757378cc2e6497b5c0228b311e95b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5e915c3a2d08c90e9ba132d52b785d48

      SHA1

      e1090f58874e236d22e6827c337e2c85a21d6f21

      SHA256

      374f443d015671cc779d5b346497c9604be4b6169dbc21ba88b4fce17b708a8b

      SHA512

      c1f7f0e7bbe660ba4db8720983dd6affa867046987f0bc0c5f9aea4386442b949792ad0db10a0dc0b9df67c83163a9e385189638ba4d748d95bf24d9d595366c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      79f26a167add67b61ddf52a96774f1ec

      SHA1

      eed454af14ac92e21bd558fca45bf5cd025b0681

      SHA256

      64563682639ce7f20a7d6dabcf1b09ee7717f524b3244c76227ddef37139a30f

      SHA512

      eb9c70f803064c39ae571e2d339a400a5bee356f6e275f5a19362f532d02ab1b5222ce4a54699161c44e2a23beb0160ab109fcc855b4675882332bfde627327d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabAD7F.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarAE01.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2620-19-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2620-15-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2620-18-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2620-17-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2620-20-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2756-7-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2756-8-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download