Overview

overview

10

Static

static

1

eaa1f65e7e...8.html

windows7-x64

10

eaa1f65e7e...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    136s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 05:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eaa1f65e7eaceab1f5abde343e85b2ec_JaffaCakes118.html

  • Size

    126KB

  • MD5

    eaa1f65e7eaceab1f5abde343e85b2ec

  • SHA1

    766322ed56558cefd57ac268c34893ba13a12565

  • SHA256

    bd5feaac23c23c2237d14690e3c188cacced32201d562fbda4fc38ebea89c0e9

  • SHA512

    858ae6d083485f3246c024f176cddc253d928b21cb96d41c123aa96997676b9a92b3be6efd439ed4343c8031fcc95f6fd4744c8f7fe06507886f84f21dd06b09

  • SSDEEP

    1536:St2n9iyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dK:StlyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eaa1f65e7eaceab1f5abde343e85b2ec_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2648
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2648 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2796
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:660
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2732
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2084
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2648 CREDAT:275471 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1208

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d6f6408b7bc092f785c7dcbaf59c188e

      SHA1

      f7726ebb4c6f7bf0a160ba48a4690a7219c5dc54

      SHA256

      f2e36d56bd65798231c5c543d1687841f50dc5d2d2877222f246714fb64aa81b

      SHA512

      99069dcde360430e5eaf7b6d95793e2c1307e111cf688e0da21dd56d9e576da0c272a2aef60bdaa8584005a60aa23a7c809b642462ce0f5f8e8ad875331afe90

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7171345632def8f3e81556c71b8fcc73

      SHA1

      9728b5bcc299084329b3d5cddca8416944a6d633

      SHA256

      b837be481c17d9199b95cb72fc1477cff9a51ff2557938025afe7864a445f02c

      SHA512

      acc2277a4eb52dc261fb3d9c040df2461b9e5645843dfbea69cbd4f41da2136d58fca01378afdd053ba1a67b03a01b5955572a002d9a9e5858a32319eca0deb5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a1a666b58d42384d0d4de492d1c37a91

      SHA1

      90b62eb90a48bbdd5a8f5b28338455451d910441

      SHA256

      a3aa5fed8ca33a98aee5191b77680a3005ea8245c2a0117e7b61ab727f719c29

      SHA512

      704ee18e5a6fe5418dde58436bcd61d4617ac5c975ac270bc65a48efe196858d413aae4a3e7a6dd8805e1b8375ff42c70d94dc08fd3e1e9c76e7f9e2f67c58d8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c0fe2619f25d0118478f1d068189c9cb

      SHA1

      c8e61b1c6a3b1afa6d5e3d7e69a2000d0cb16dc9

      SHA256

      54d10508aa7a5751b4704705b249b412ceafbeedf42aa63aeaac785ebd617d6b

      SHA512

      bf8764358f1fc2aff3ca95675268287d0442a121d194d849e50a09510fb453ef46e6c2e7f3be3d3bab43243eb92d44ed0f7a1038c902accc2c9d7dcadb08a1c6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4ae2a5e4a9c668c02837e9a469efcce8

      SHA1

      389a4fd383ed7009015ee5669b9e864acc8953bb

      SHA256

      101dc607c768477a83963ef34ced5616a2f05f0ebc0330ad2068761df9c36c4e

      SHA512

      29b4002ffd506303fddc3be1ee4f5586007cec8793305709d4a292f6fa8e5505add2aeb344a5c6d0b92c51e9e6a4f2117c3f5d5d1583c401e5a524e6d9014fb1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1a54305f381842c36ad8d21bb479bf8d

      SHA1

      e990327ecf72ee76f40a801f2f414d05c3bbbe8e

      SHA256

      090470425dd4c410ce2ac82732ff45d8004d483ac3ee3352c88a6ad4799d6dd6

      SHA512

      5834b36d7e13041bc9c60f9d9c710a1c37d8e0ecca7ab15558dd9db358a0971e270b18c2f06a70a2cbf0b42310696dd71fd8555efcfb4312b7934ecd063673fd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      033d6017338f0adcb947a37858d09a80

      SHA1

      3b4fe5b081bd8c898c3d1a4e573d6df6456880ec

      SHA256

      0b6b77c4eb34cd374fef5609658b6e08b6c5cb2076376b58086cad11b3bd7c62

      SHA512

      e3298fbfdc4dc00238c5fad7473af8f6016d03904020296df21a453d64926bd848f720bf3cf9fcc0e6b0aac6117126a85b79a0a05a2a5b5e719b8c2a7e974986

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f2e68db92a8d3d04935f6b4dbd64546f

      SHA1

      1b8b56e9c210f254a7934addc6b4a84ca4b9e3c6

      SHA256

      d8c7553b773991983b3cbd8e94b251b4b4b46ed61c4fe69efcce876db69bb52b

      SHA512

      c369bb54708b0648ba45d15005ea1d545a84a0c121b84a9c21f2c2c2e633d365af2b842cd362d7c4b4bd72705cf5ab4e6a7e56af9a265c4d7be3b3c9b52fb587

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3c2cfe8bf31686f750627c9f73f7f863

      SHA1

      214d8e4569910747ab348d027b415e3dc6759bdc

      SHA256

      e24ae6a6811f5ec2b26806f3f2a653acdfffe1b264142c8c17796d3a8484c2bc

      SHA512

      14cc0d2cce2d37cc73d96087255394ddfd606525462ec42d6bbdd68fac902efee1c3d4de92598acb4ae4f59dd9686194ebad2017f14e85f641a59ed5c2e1e9d5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1ebc3ae3daf7d17f9e3f1306fffe6892

      SHA1

      d056b639490fb4176c11d73c3c17280d591468a6

      SHA256

      1bd32005af932a0ed3ff71f21a506298c6b0b9f1a109fbf92d75a57a500b4e97

      SHA512

      c77ca11e2f6bef38390a8c28d49112eea7471a49d251b59b0534724111f12441085cff7e4ae1e94665a8694f60649d2937cf2ccb92e976a31aac7b0ee3aa0293

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4535fd5ef267868dd827f2a2c977acac

      SHA1

      ec2e53af8eb69351fcd6f4394605ab1b8f47cc6e

      SHA256

      0d76b92a54207bebd0b70a96bbc367ed21a0180b8db155951090cae5aad90964

      SHA512

      800c55568a919de49573e61c6cc63f70ca095b38a031823bf26a8f59dd2e02903adfc7aa82e341fa11cd4495855071498c1308fb76d24bd9000938f6b1ef07a5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      037a1fe592f0e9539f90178c9608ef94

      SHA1

      c31a143c89bc7f2ef4cfdaac454a13049d9482d1

      SHA256

      314d248fdaf8b94acaed657e4f3b7b94c8e92e6d1ba50cf157579b258c093307

      SHA512

      b5a0fe21af5f814e1d910a6b521622bc70c3d20c6f368443725bce669b6fc6d0aaaaed0e384fbf7ea2b110808d168b4f4d5405df1bef8ecc8cf11b3f2883ecea

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      05fb9d879c1cb6b4a463be0611c88362

      SHA1

      6da2040aac1a3e6a81b6f7d4cba0add8b15ffd5f

      SHA256

      c0e236fd5685724efd6bb29ada4d91c9f65d06fd956c10d23ecc4b2d6b35cfce

      SHA512

      016bd79e6e8c1dae84a21ef7203bcc579af9750f5f4592876d82de31c2777e136b7171076d5307b9d2ba11b4db11e728078a5a095a6624cd15f70cf0716774b2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      52dadfc83f15aa5fab9b856b2aece322

      SHA1

      c23f9a2214875a8406e494c017e6953b9747aa57

      SHA256

      4fcb8a730cb1acc61183906d7ed535d8bb62922e288384d7b496578e9e1ce94d

      SHA512

      485ae32544f557b361bc9306cb2f51c3bf34bc64ce7df173be537d2c362416c01c72172e307c241a91ab7335602e6ad36d60dd71e462b090537049abe5a75546

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      853d71bf9f4fd94539db61a208e6698e

      SHA1

      5681637f411459896ca91df95abc6afd7aecce80

      SHA256

      68ea892285eadebb04ec4369e58f19363f88277b18ffeb28d4e9bd5f6894cc4c

      SHA512

      75545860ff76497b1c8e28121d743211c415cacf8c34161cff808a3669a1e78e4067acd24de6b95d6d6695a3e9654298d2ed7f6c21fd0517b40697b3b8aca552

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e54d12f21ddf9e3e8dc8c7abb0e0b8a9

      SHA1

      f6099fb8fa85451a7b94b48de6b25ba52c8ce638

      SHA256

      9d3b4d95ea5996871b2c0aaf2421d341d242795943d59fdd262352a8b1dede65

      SHA512

      0fecfa1bd896cb29b7ed60de3705cab3babf4c7a00471bd33224d655522376c1769f919873b1c441140d71c7730613bbc031661b3194cdca11904ed30f2268ff

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      036511ca995776517380e6555a180ed8

      SHA1

      c91794d2f725ef0c26353cbed4c80cc33336198f

      SHA256

      e47aff8b5e7ddab6c5721cb434af9860a0e2cec33773f26ff0e537e8679d3618

      SHA512

      af63b7c898bd034d440c764122e6c25dff3c2b85c532a1c22b1ca1ed28a4f488985db970dacee7d90deac7607902b726621505108a2b987554387b79a7528cfe

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      66edbe2f9266ef04991bb17f5288285c

      SHA1

      13dee105af059b40368fe2055137569e5d898fe4

      SHA256

      61240bc0f040a2ac668dbd4a009da7965be471c384932ab4a8e6e7dcf58078f0

      SHA512

      1829eb9bb35764db6bf6f5ece8cfe2007692844901f8cca6674bbfce20855f5dc7ce284ab0129760e5aff84340754b84a0c250d88ddddf1dc82c9e68969f919c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e9f4b02bce6593a6d1cf9fe4f75f7a5e

      SHA1

      83b0313f02ad7749c2d5f7a3e22eae6716d696ba

      SHA256

      ad84877b7532bd20c04e94c729c37f7a00c097eb8e15449ac8f19bc409d70208

      SHA512

      cf8309166f12243e083edac497c12df90406cf27b399200db79de8552177614363b8f5ee50e1f704ce0d00d3ea639d842db6f3e8f44d18c6bc443f7b87b2bfc1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab9C3.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarA23.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/660-439-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/660-435-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2732-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2732-445-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2732-443-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download