Overview

overview

10

Static

static

1

eaa4599f90...8.html

windows7-x64

10

eaa4599f90...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 05:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eaa4599f90ea041bd07243b34e52e65c_JaffaCakes118.html

  • Size

    338KB

  • MD5

    eaa4599f90ea041bd07243b34e52e65c

  • SHA1

    c952861c7774127f33169563427aadfa0d502751

  • SHA256

    d3ea89b67eb2a21b9d8b3fe8ef270d97b5429a4253324d847ecc223627af3ced

  • SHA512

    5df1d1749616ffd0b12676fe294316ff930f91ce3193caaf54bad7933b0ea4dcd8c8ec6f78315631270d89ce785c8da02a8041cb84f369122d48cf0296557c43

  • SSDEEP

    1536:Sh6FiDNAyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy4:SmkNAyfkMY+BES09JXAnyrZalI+Yq

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eaa4599f90ea041bd07243b34e52e65c_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1644
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1644 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2400
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2324
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2020
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1772
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1644 CREDAT:406540 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2864

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bba34b71724f4f6ec14ddbf45574bb32

      SHA1

      e2b67970a010e940fabf2dbb5c183fef0428c298

      SHA256

      46c0b1105b4c0daffde38ffa7394c37f01f74989f225f18acc073238e47edac0

      SHA512

      f0cdd3c6059da3e95b113b23cb13605619b91ff967886912b8efe5c549318eeb9031f39d4dba8cc1e9d0ee887beae0ba49d954cbc423f4715cdb711eb8d58c02

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ce4245457a11eef2dfde7eeb22b2cac7

      SHA1

      fb9c89249fd31b2fb8ef7573126add683919e212

      SHA256

      c769603208228a182df792f71f6617f1e10d41894a2145d4964b52dcbaab486f

      SHA512

      db8c3ff6feea8f6caa5e26115150995533d71fd47e9474004bb7cd8fcf3afe2b010869cc1f7a163910b17c36472a126c30ea6a687f8a01466d1b266e674a0797

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      15affd9a53a0a04d374525485a3e7063

      SHA1

      8f1b3ad14004885520e7b717a51acf859a8bcb1f

      SHA256

      c5ef70ca35472497a432dd313cf0da9ee54ba4d85ea20fdba2a628de44d687e5

      SHA512

      60fbbf2e0cd8496df6b180bfd0d896e70d64b6f4d7376045ae7a5c13cf77729f53330d25fdb9c4b19a37446815932173b5286d7486cecddf8bd2a7ef202a8ccc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e15ebe062cd8a592669b2ba52d88b7ab

      SHA1

      434d3240510206bdf910f4c9f10257792e5564e6

      SHA256

      fd111ae1185d92740c3ef4f230450955b93e3a6b67b4ee2e25041428130d50bb

      SHA512

      91462c441397fe50c7305306425add5fe8f6a71b37715a831d05e51696752abd415c874688649b4179f0aba321b988d33f22ce303b397d4c30a6c1a67b960aa2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      96d50a3527dc5a020247ea69d47678fb

      SHA1

      4b267216e026fa0c0d2b1a1938ffbc9d24ca0a37

      SHA256

      9c08aa667f9d90c4603f76cc058b9fdc82928f85f3163d60e27188aacedb4882

      SHA512

      dc85ffa59d08e52e8202410855890b5790fbbf9600ab7a0f44246893fcbebb315eef705b198061aed5dfffb04d8231b7dfa0fba1b59f681d302f767da47f4d1d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      898b6e1a602a577dbf33d6f2b775c355

      SHA1

      c1b87cc4d2d1d741ae1620fc886ad3599c4a7544

      SHA256

      657633aa90936aefbbd90d8d403490fab2ae6585a0a2c111ec6bf9cfabfed5a1

      SHA512

      3fe5cc562c661c53821ae485b122c44e96b35d163591d9f0742ff2299cd9b6764bbe394d25a198663b3c9c44104af83341cbce5919675e5c93257705c472a013

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fed1120b2e74f499f3712950250652e5

      SHA1

      32aa7407178fa5efdc0cc2803843e9c93f9b582d

      SHA256

      9cafebf103ab2a57330781c8f8b47d1c520e2013c21a1f272dc17b3e275e27b1

      SHA512

      4391347a941493ce82273ee0f95082657ecad597afd286cc26f54df8d69bb0a836799f8fdc4ad4dd4dcc7ac7d6fb2b378534afb6e52d60b6f8654705e048589f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2d88f839315bfb0ee3a1b32f0a1114ed

      SHA1

      c81c172abc82f72b96b41f57d1ddf149a77b1dd3

      SHA256

      0de6afae4d9cd919007617ddd1945051381de2b713c98be856eb0ce4def4694d

      SHA512

      b565a50913fe3fbb368355bf234edcc72d7e80cf781b05f50f822dd57fe70cddc210a669e55eb4843179c157f8eabcea42a25ebed0cf87a118bdabfc6983bab9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      04d02906e04acc49c64c736c8cc7a3d2

      SHA1

      9f38e904def3dfb430c52bc1b2018c50edec7674

      SHA256

      c4f6315eadf8e24a17967b62240f881e0e0e94b55cd133f652a47975791c6372

      SHA512

      c314a7fa7cbe698a4044b986c27c919e4dc70e6164054ef74292ad1d25e77953d8fff2ae679127e29ccffbec44539144e4a4a4c3bba446fec9ed77c6734a9eff

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab9ACB.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar9B2C.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2020-19-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2020-17-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2324-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2324-8-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2324-9-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download