Overview

overview

10

Static

static

1

eb41d283fa...8.html

windows7-x64

10

eb41d283fa...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 11:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eb41d283fa2bd1f9c5bed4e1806d0a43_JaffaCakes118.html

  • Size

    127KB

  • MD5

    eb41d283fa2bd1f9c5bed4e1806d0a43

  • SHA1

    b104901fc1d52cb13583c1e5b1b4dffbd0f70cd9

  • SHA256

    7ed66ffcdf86813b56b47dc0c67cc8a164518968f0d71641d68b4d9f2395dbd9

  • SHA512

    67b9164115a9813490bcd203513234f6cf738f1b622d2a2054e70a69705e52dfedd85336855acb35a817ed12a5265652de9a2f394edb321e40e31a27b3639226

  • SSDEEP

    1536:S+Y6yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGCW:SkyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eb41d283fa2bd1f9c5bed4e1806d0a43_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1332
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2896
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2752
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2876
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:209933 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:600

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      70f201a803fc03670939c8d72a454a57

      SHA1

      fc158e07c000676e200b7446bda923608d2f8d07

      SHA256

      9c315aad899c09331cd864f3ddc663419247e40853d84b7721e4e1279dd202a3

      SHA512

      945d3461dad0e7fa99382eeec34ec3ef10d9e890430feaa95c9ea16fb962c06a2b3b925e2a086e754b5bad2f4e3fc3a2014158a30a3921cfb59bca1792927487

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d0b69a79e31f65bed2a3a30a66861619

      SHA1

      6f927f84c7c211ff51a501cb0f99a586df91fe14

      SHA256

      dc9c47d587f4ff895cd04ca9faef20de704ee9da4a2a6398e85e4d54f51d645e

      SHA512

      a62aa58f486f18dab15145d101bab5a54acf8a9a97775ef23dddf1ddbb05e96d83e0778edd155b4f346889f98a90f2765f57ef33b392bb7b53281bddab2c4ca7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c394dd08280b876d78ba538e23b29e13

      SHA1

      c09ee6732b3de19d6dc6c4ee35a4b150389beb95

      SHA256

      aa5da3c96b5b26f6ef9562e2e6087657eb9642fcf2b8b6ad3b940ac13dc415cc

      SHA512

      a8f6def8067cd0b7a1db62b894c5099fc54acba2c972bb662bc90106eb3df3bac6f7c19fbe9015f6034952081724f1af16349255e6a94bd4141f233cd24f10c7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cb4484917bcfaf23977797e913502aab

      SHA1

      c9e0ac79e3f061d5c27158ba0b8232120604d7aa

      SHA256

      be8c8b60a7d3be600e3e570bb63326d29ede8fb4caddce2397b6540d39c307fc

      SHA512

      2c14baddf770573703e2708fdbd9761a2c855fbeb4ed04be674813d74113c60595d6e9a7ff75338d6f55f561069779a9bb5de41afaa7bdb88459c04e90433694

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      beb0fb7aa8d5b49dc53189a5d9b82e08

      SHA1

      d1a0e5632f153cb49138a1fdf66fd527c66c58c6

      SHA256

      51e9c3f5def7f67d2965c544b2b9075ef5842ee1fda6fa97911d7cf8f039ac61

      SHA512

      a9b67794ab1ebe98f2972736bf3538852f215af5cfb09e0a6c124b5a423cf768a8c48271c8630d4ed14064c110ca57089f33653696d7c72d8d178074148d1436

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fbf5b143bad4da21e1298675ccd43469

      SHA1

      a9f00ececb7e864594c68bf6b88501f940616843

      SHA256

      9da2ba01b325739d71db6ce62a4abc97f7ddb06c7c0a7db3629a710cdf61173e

      SHA512

      8db75c5d92c8ea2312971d66c4a9244cdedb4b865d95a1232ecf0d67b7dcd6f7dbe2e5cd2a899e029fb1eb5570355ce263b19a7b74ee8180516fbb56af76e9f6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8e1957ee21e4d7b2af4307b342b82e08

      SHA1

      ca9b43963a32b27b530a16547b334837989aeefa

      SHA256

      ed9a82b9516ca9aa3dd5d23c990bb5aae6d721000276bcfd7695355ba0d1f821

      SHA512

      2a772db39ccb2bc6ca6a6db7d0a8b91a11077c673c866087e005003964f83ee409dd5e31527010b2114b06432857a9cb1e00971033a3819e40ddd52b28854b32

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4d326c1e923d4c18f8e81b85e4e056cb

      SHA1

      1dfea8b8b5c96b6bef3b87ed4f81207d0e344710

      SHA256

      cd02267429c6f5dc89379472d437d9dc9553e1817ad455e9e1077755bc20730f

      SHA512

      66d6ebdc4d107dd65ae68c20c6fa2f73ce691ca33483ccd54e74eeae1dee1e1adbae0a3a951db1637810a65e77f3e595ecf2fb9bf04a58c7b338c68ba60b1afe

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d60cac696b7445af9f6472e438ffe53e

      SHA1

      8b61de360bd6fe776c613c33c78af2495de5b6b4

      SHA256

      c5d042d10b555d71b9a225f2065e1a9e1174864802ddccfa67465ada086e98b0

      SHA512

      8cc6f35b95538a90471a6fdd15d51ae1f11135b4c802a60a46f162bdd37852ea06def7eea19806f9dd86ce925ad64a13bbc66f4521e26975345e939af9bc04da

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c21132628704000ebff4044ef3b5a40e

      SHA1

      9dcbeb87708007ec190067ccb583d50047faad36

      SHA256

      9acd9c57fc2858c4847efcf4aecc03e41fc60cc9d6d708362e5ff75bc95c28f0

      SHA512

      177713334f21b73f814bcaf4c62748cce73293991357e98c0a72ad3645d873559c63be923e112022ec7e8c8b85074988aa64e0d2cf4cd0d0a3f264d4ee484fc9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cdd84bee6aa8d38be010b74fee405ad6

      SHA1

      17dbd11fedd76c43346381a2241424d85a929817

      SHA256

      daba23820d7c225cfa8209bf0e5bd4f0d6f771206c700d1e5fbde5b3e5619567

      SHA512

      abe50d7cb54969efde6afb9865575c90cfa25ffe7fa830a863ad56dfa89fe86fd60df8f74f623aa5e6f5aed4ce77a9f5ebfd25c8b9a9b35b33d9ab1f56c37e4f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8bc81e0678734bd1cfe82c87069c2a7c

      SHA1

      f48e9ee7d5e49f34214c0adbe897bc62ed42d6e5

      SHA256

      9400900d192c4311ff677d6c3c5e06b40a4efa697c1b85092e526857a9ee107d

      SHA512

      82778b4ea4b00417aade242745d552df6c9056c141be5e087c22a67bb5dbac3df3f85e9ad076492b878496be6cbc0bb20cf4ca495d184d081e1e5bae33309126

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cb1c5c6dcf2be4694fd0d4e883e899b8

      SHA1

      607ad7f75d53dbcf02d6876f49a06a25ed0bb3c2

      SHA256

      8ea205bb44c5867163c82e68379c40effd03e6da3d274f130765aa6661240a1c

      SHA512

      a3d910f8ff2d58c308589656dbf56d65ea3045874262fb0467a2752ddd74312c57672d9ae1618f620f302012eeb0ec4a25dc98a7663302d1017fbc4b7d1000f2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1d6cfc4c483974159bbd1b21a4e05b86

      SHA1

      4ad71b2e81cd4b5673f7102cd8941795298e5e77

      SHA256

      128b5bc394a6cb0a6b0da28470ad7ca12c8d2edf423682169b9f16eafa1ffe33

      SHA512

      8ff057db5fd50058d8aec0dd7eb7fd67b803354d4ce8c82f497d11f21b159d7c6d84634b0266a7e691155652c44afa7385d0821cc2f9d50663d1ee4e462e30b9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      df625579f0b9902bb3f0069e01ee7a55

      SHA1

      e2655ac32da26076621b9d6e0d72911a9867527c

      SHA256

      840dd970d9ec7ecb2610a19784d3ee3e406ef49f5685f0f45ec0f1c4412d8b05

      SHA512

      49ed3e57cc32e592c958f5864e804d0d2f56c833fa4efcb684802f3984761d3e4647617556813dec8dc512e223f99f8d03edd670c8198e443fe7f2bd5809c785

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9d7f7604602cda34ae7ed994eba4ef22

      SHA1

      f980f3b1afc7645d8a6370c00f212fab83b234fe

      SHA256

      b4eadda84218563ab377f8dd121314f7e9491dff98b72b8c065402cea170d9b9

      SHA512

      5311eff5c94b145fdc71b057db358e6e81a2eb1c76564fbab77b94c37a6bf0ae60da29d6c435dcfbc475875d2395fb495ac4cb701def8de54e3def1e79494753

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      71881a97bacdd20cfd8879b508392640

      SHA1

      30b669e58a37e881ab045e9c12b495fd48549480

      SHA256

      ed18c9e11683ca49257acb971f3caac297786e121bc142a3199b691deb61764b

      SHA512

      c2e0d69af4f5d0f148638b80fdf596483a32ba2087377009ed1200f780f8c1ccfff5a50ead5a71e7e5d7ab2e6f57ceab51b089451c92a7f15df7f8850ad02e2f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a37497783e3045a4388c345535e7a638

      SHA1

      f0c2c62adf642cb0f2d5cec66627da91794c370c

      SHA256

      3e1c2f1e201c4b9a31d999e85b04607280d0fb47dae5875993b1651b1d6fd451

      SHA512

      ca81d65e9ac5bfd847e6dbe232f30cadbd1e9fabda9a7042116d7c12fd57d232bf023155f860cae7a1ea2e1de8073645042678089e8314070894bddd905624ac

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabE3FB.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarE46C.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2752-19-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2752-17-0x0000000000250000-0x0000000000251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2896-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2896-7-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2896-9-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download