Overview

overview

10

Static

static

1

eaab3abf1b...8.html

windows7-x64

10

eaab3abf1b...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 05:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eaab3abf1b8d789244d1bcae64973dd9_JaffaCakes118.html

  • Size

    124KB

  • MD5

    eaab3abf1b8d789244d1bcae64973dd9

  • SHA1

    a0e7b6a9262dadb66882c6a859225de1d07c6e46

  • SHA256

    33919653083e326eee499f27bd6dc33780e9cff1445400df4c9ddabdac02e7f8

  • SHA512

    3aac3f5c5c766ae88c7c739a8b0f1bfb889417542842d12dcca7a536c5c06fcf6e05f6532ad4c7eb1792b4064ebefd3ca9b00e09f9b735842dedb7555ac23d1c

  • SSDEEP

    1536:SznNT+ilrFfKtyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:S5T+iOyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eaab3abf1b8d789244d1bcae64973dd9_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2524
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2260
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2900
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2836
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:472071 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2888

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      da40670c8c35bda6ee8b30ccd32b6a5a

      SHA1

      cae6321923c6fc57fe7fc5f2b5f8a8776bd3dab1

      SHA256

      2351bb2543322b27988db470be7afb22a611764b83dd166405cc9c3b27b6a315

      SHA512

      5acf1fa2234a4e38f0e4b979cf3e239a5df02dfdbbd530b8b1f5e5a9a10276b87d38421b31738e57cc4218499b89c4b552ef5157fc1a7636d40d87db22493277

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9f8df166ee012f213fa7fb8e41f257a3

      SHA1

      d9d5df2955440174a33405c58755f5b2649137c0

      SHA256

      b0b671c20bde3a2f0b1ca5febfa2e1ce1c51d9738b440e5939c8085939e05176

      SHA512

      669857219067cc648b797227bddd891b59e1ffbdf78c1de2c832519020a282a112dea54faac44e3e6d1405400d8454a1fa2380813733e7f771da881b52f48f7f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8130c5e37e5d94f83b034c108afaad91

      SHA1

      12cf8814497823d4ad5511f2a3966e382074fdd3

      SHA256

      c0f46eb4603b11b831820c75f28de2538eb6f05b30363f5186e9346103dae1a3

      SHA512

      573c4b609dda7815a2ec360095b8cb462ca8e155e9684f9b1c817512aa25aacafcdd3797d4d0b13a1ce174d5f304e3c8209b8dbe93c375334fc55acb76fd4b4e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      64da3f2f64b9845a2c76c09dfa4a7c30

      SHA1

      c8e25375520cd9eaa6dc5d6053b977977a0f7538

      SHA256

      406f0f3bd54f3ef955c0217e1383119919612bca7472820906430f4518bb2f33

      SHA512

      cb67122b4d05d4f21ddeb8fdd82802754d164387a9a8ef69eca3ce5e5ebbf9ffde2a35531997cc4d24e9098c085c4c383acb139a903aa4cbe88b8b98d44b6143

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      de79db3560993bc1f809f5253c6c6fb3

      SHA1

      35458cb838de4c20ca7f49e2770a7a70ce087b55

      SHA256

      c26e0bb41b6366aa7591efa8ee6a3891fda675f3dbb2ad9450160792094bf047

      SHA512

      8712a0ba717d8cbecdf16c93699d4c731c10c0477cd5a1feb70463dc36a0911e0cf951baf13defc71106d376fef4bff0cd9d39816d448f24fa0301b6b2803f7e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      215a95854bd79d4bc91d4ff11cabb0c6

      SHA1

      2fb76a2e3cd5cdc61c54d0621c23a96dfe7af747

      SHA256

      9a0d82fab98085f2134978935c4ecb56e3cbf3d2b4a092da3f9889a483c69460

      SHA512

      7af07b8658faf2aa4987b407cd31ede63231eaa03257000bfe8d94d3851c238d0d6b11762de949e2c5d3c4cc7751a8f2001f1cbd63a0415afbd414238d177251

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f0ef5c2a0d32b1054d248f328d008c72

      SHA1

      88f77eca8c7206419fea801e37ad3d4ac36cb87c

      SHA256

      6c91292e130dac8528d9efc1e0726c0faf74c27273173ce0d383e9cd1b59cbcd

      SHA512

      80ab9f59294aa185a145d85c438dbf9605d4eaccb3c1c936cae35aa14409f2bcb66a0ced23766b1aad2b74798553583c2b8f540e413e81f2a0fafdff5c840188

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a32c6ebf1c63a7817dbbc360d7322d97

      SHA1

      ab59952f2864d6516aab77d874966bffd68579af

      SHA256

      9197222b5c9802b148e3ae99511b032f1872cd71a82b38d6a4543a3b18691bd0

      SHA512

      f68e2dba3afd23293eeeaf3f824cb7ed71d3b3032999c189d8064b375b55c3d675e530e8a6898b7f31cc24bdf13e0e95e857a6c101653898c9fc82266e105313

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0e8360370d1c2cb3a09b4878c71fd675

      SHA1

      4efee86431a8d7154d76a706047965ff751329a9

      SHA256

      ed9477a574124bdc62839def40194e60dd30ca7a82fcd878ef006cbc422eec8b

      SHA512

      7a84d8dd9fdda609801c552ce4aae9e643be10e7bf8d5e9201ed88d040107bad0ce070442774d416992e1645cba6b68fa67473f05c77ded08fef452dfa9c9a12

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6c0b76e5114711c60449b11be5ec7d6f

      SHA1

      8c8c669531ee6bfb125220d4c275dcf19358df70

      SHA256

      734cd93649edd8fab017a2cc8002114977f903fbeb741a5f24db5f2e0048148e

      SHA512

      7dd22958213c2cf5863eb9b76a32def0a345f452e3bf4c8c1920e2a2990de722d6ce29182c48086805215d72dee0b89850844b7d064175634cc71aa9c446f6c1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      662a74ce7982ad5a6d16b43688cd7f06

      SHA1

      87cd4484f48b7631829f9cef8ceb7ae7a3e05644

      SHA256

      08a7557b6b9488ebcd62b503155ad4e1509495bc152d5121aa880a6243594271

      SHA512

      3630097c0bde8c89d59fbd80718e3430788b46a7079f3371fa4d5dfc2a57915c141fb92b0203b8c59c068acf505f7b0412cb49198f06a3160325b469b560fbb3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cf68302bb3102562f7913928b2913f46

      SHA1

      c60e6e153821bc401b4f08a05e139c4699529daf

      SHA256

      8786c03575a64803f5d704c69ff630ba3de75cfaf66baf2478ff20e8a13f6932

      SHA512

      9aa13b771240b422e4876143b61512acc51c7d64f1129d0eab95757f80a47f5afc8121cc8cc78d50e97b51badf601e95689248821ee0ac5589dbbf9f4dc695d1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ccbd8284c8681cb2322c784bbef1dacb

      SHA1

      2ff440cb1ea47818803c4c572c60c7b7325eb413

      SHA256

      36058e0713f64a99ab2c95ef55428ce197bcd081ce850732dd1d4d063b8b22d4

      SHA512

      c4f62d2f6576154387a69e785f627e078f78c69aacfdccbf2e5d9fd0011c4bcb681cb7f6ec361b0b4fe011660157e7f455c442f9284600ddd2125dc551f96e92

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f06d1792c048683aef3bf15f441fd4f8

      SHA1

      b16cdfba4e4e07e5906dd95954eff2578675ade4

      SHA256

      0120e7bf84005fc48a7d604c137a4b099f3af659833aeeef7778b07d21dfb123

      SHA512

      6096cbc00000169e4cc7b13ae1ec100c6b355e37ad71b7ad58a8bdc7a92263c2fbcea969325f577eff17a09dc46ca69bd42ab36062ab59757ab33363cce3172a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0b1075ad37fdf2774f886710075c9de4

      SHA1

      759fac97d5dd5a9491f746ae6741d91f7f23554e

      SHA256

      807e88338fc3d8ce6f08312d7a116b84155ee98ace17b53c843ce252efed1223

      SHA512

      282e12c028e0346c8227571d104f8e1083385c8f46ae4021c2f6355a62f71dd801f57514dc9023aded3a3a450d02814ae4aecb2a5885cb79a79751e664369de3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cac2d8a7ccf457832953cc7e8c95e536

      SHA1

      b173730b87d2c695ce4d06abfbbf08f0d92c895a

      SHA256

      957fb561b4e37db2fbed97541aafa9ef629f1ef31c9e358bf6899cfe799df1ce

      SHA512

      dd887f4856aab4a5571022a0966fb4854b382a124a602161b9d50aca1beccaa432cfc54992c9a5a9624e0b4f4535829ec331bb907fa26d50f983c7073124c12b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      eefedf56a6482645e6e145419e60294c

      SHA1

      ec16d28c5981dacfc826b7cd4077cf9c7faf934a

      SHA256

      2a03a94db340ca42cafc73c128cf0d0835a1e3623841275c1f220fc7a7f3e01b

      SHA512

      662b2e14872dcaa66417dc6eaaa36e6e9cb95359ad022822bb15dea5c46773f2e840813261426483e74297250cb7c185e78d7d21fe740f4aa227f46366c98e22

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0ba57dc677dcebdb15ec980cce1c335f

      SHA1

      2011603630ff9f4077bec3a7179c9bf33c1d553d

      SHA256

      e012b662a84fc8041f8942ae026d1cbb5a4efd7b887bbb77d60007874cb81745

      SHA512

      da8dbe1276a1e3c6d9e9845f8d61052f6497be4aa6906489466ed9d6198b721c4ea42b51c6a784bab2bcea88d0012ce934d699baec2b0fa1896ce03f05ffc939

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f27f4fa7b6896c3a984e5bd2c99cb562

      SHA1

      1a68e0645c608142fc207a801eec7e726970aed2

      SHA256

      55937d29ca5de7dfdb8ee804469411ce6f91ce7b359f773b8160b27509e23fcf

      SHA512

      dd4891cd1366fe71b20c701c31e9e40ee6c37077d8e96b701a8099a57998baab6edb2904ca9b40fce0968c88ff5eee986d4d719beb289446a71fc5022207d448

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabBD77.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarBDE9.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2260-8-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2260-7-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2900-21-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2900-16-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2900-18-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2900-15-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2900-19-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download