Overview

overview

10

Static

static

1

f66c6800bd...8.html

windows7-x64

10

f66c6800bd...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    139s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25-09-2024 16:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f66c6800bd4a6a1cfdb3e50113482714_JaffaCakes118.html

  • Size

    226KB

  • MD5

    f66c6800bd4a6a1cfdb3e50113482714

  • SHA1

    b4f7691e42d19c1127cb679a4c699d5db041c9b8

  • SHA256

    0a68f3943461fa52e0fd3293711cd8ca263b69c231b6bc9f525169644359920d

  • SHA512

    c5829dd7bc2bdd66c1d3fd3c9539653c6421699e8b6532b5114ac488ffb06cc97a7d54edc0cbda64d8e6db3549ccc798aef5e7dcc52d66de180c94c197b1e128

  • SSDEEP

    3072:S4CrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJRQm:S4Kz9VxLY7iAVLTBQJl5

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f66c6800bd4a6a1cfdb3e50113482714_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1168
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2732
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
            PID:1704
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            4⤵
              PID:2984
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:406536 /prefetch:2
          2⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2744
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:603141 /prefetch:2
          2⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2656

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        ef089ba287bc70890df7c7a1263a8175

        SHA1

        60ad7f9fe8926206792ec2909ca8b7afa4cea90b

        SHA256

        bc9d51f8c6a240cdba16dd3d89f331da47ce10fcabfad87824807d4f42578641

        SHA512

        dac819e469eb14aa0493b7e231ce09271aabd39d33af64c67905c06953f5738e74b4aac3e150cc8511d079fe068afe1ddc3a3a190bc7036cfee2250da6f1e2c5

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        1fc5fd65a2f5c5dc334439c7fb9c459a

        SHA1

        bbe9193464edbe3df0a208a97c5955f817ad14f0

        SHA256

        14eab0844e3ab293acfc4b3d3ade1be9e4facb5ed5f66a21e7ee5f0dad444afa

        SHA512

        2fb430cc451947d7e24fa3e9627b2509af6924d07b142b7f7581b165f83e4f309b9b23afc143d5e27802af318b2edea0aa561edba84854fa44d3d0dc3ebd0ddd

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        10d8f5365859c2512087c8aee5b3cb65

        SHA1

        cf1a2024447e2a6dd3ac3642ef3d34bdd286f61e

        SHA256

        82a57b793357854bb086b4c8ee43d189bdc092e08ace3c6ee155dc4f1a97bdfc

        SHA512

        f25e033fa50db2ef6c9e8cecc743c6bb5340210b8190c9cb1ee9b9026f4d9428d8e79cce6372c685a16a6868cb2d8c66706ae3c8b1e3da2488b008c8bb37a780

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        581b6cf231f3129e97066844f9d6715f

        SHA1

        0e5c7b53321f1bf206395e8de595c1c9116fb1b7

        SHA256

        ae524510c72a28fd633e58be7448b6c70afdad011ec2a75ab5c2caf802d68497

        SHA512

        6edc48bb2127835e17fba850ca8cf7f4687a4916e1666b1d55f4b1c3b470a5dbf4a6092b44f968cabc953544560544af5cdd54d0896b7b944d5143ecb29f2d6f

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        14b5cfc4099399d3ac1db93c6ed69d69

        SHA1

        17985ea45c63aeffec66e0491fbcc412905def6c

        SHA256

        b88646b5cd359ddd0ebbb751299ba2cf99ef4bb6b3dae26e878cc23c3d697bfc

        SHA512

        42f09eaf53f0281025b5ffbb5df4bb85d22a6b94c240d21d75e9a234a7197ab0e8772dcefc24307b325baf23c5d1ee83635ba39754102c5cadbbf45275032124

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        d42717d5c3db254d115b4228aea1930d

        SHA1

        19eb27669eff6d8d6b812085b2353247e68a5720

        SHA256

        08fc4a2a203633b6cbae3a26042ec097cf164b11103d29fed2217bb65b141444

        SHA512

        104a53aa4b9f2e960de11682ef5c6bcb01f14922213e65dae083ec30d5f2940e8b25461dbecfa32fb6116af3b2de0d062cf47c6df49f182794dbdf0d34c79831

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        7a6a917a61b2fda60de27ebdb13b9872

        SHA1

        a4265d9a0531d4f0e3ab8db09bd2e6091b3c4a4e

        SHA256

        60a284cd63e185b8b5bf45beab208543016375fade1c8cfe615c225f0e6e4018

        SHA512

        f0bfb7c8fcd1ea7d17c3eacc256a905e7452366a3d62fc92fbfa0c2dee816ab2619229137e9942c238260584d7151ae64c50bc4f24fcdbd5e79de400ddb520c9

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        c3924ae56fc10c75e636a478552cf9a9

        SHA1

        4b3384d8ddc391f6353859f7c9ba0f3a009f7976

        SHA256

        0c2910bb9af18a1daf208e2f96f3c1ed2b29dcb5d11f1b29864b51b58f11778e

        SHA512

        e6f45e4d03605a35fedbca33df840e225dc7d78d908543c25199978156af27b32bdacc8cd734f87a26b104cdd5fe84fc42757f4379359d7fecdc593f398b7c19

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        be58a48acda52f60e7865009089d8196

        SHA1

        532413cb851a958419dbf88b128acc536bfa12d5

        SHA256

        88604883af022457487d24e8d7699204a2fc261d07f4aea1d879aec1bc605ce6

        SHA512

        b416b8d9d9485ed44becff99c781002d9a1197adae3942eeacebf0a3aed9ec96ea065865ab42b6c5be70e96d89e8f8b01f9ed5d8ce0ac54983a3a50438ef878a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Cab8FA2.tmp
        Filesize

        70KB

        MD5

        49aebf8cbd62d92ac215b2923fb1b9f5

        SHA1

        1723be06719828dda65ad804298d0431f6aff976

        SHA256

        b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

        SHA512

        bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Tar9005.tmp
        Filesize

        181KB

        MD5

        4ea6026cf93ec6338144661bf1202cd1

        SHA1

        a1dec9044f750ad887935a01430bf49322fbdcb7

        SHA256

        8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

        SHA512

        6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        Download Submit

      • \Users\Admin\AppData\Local\Temp\svchost.exe
        Filesize

        105KB

        MD5

        dfb5daabb95dcfad1a5faf9ab1437076

        SHA1

        4a199569a9b52911bee7fb19ab80570cc5ff9ed1

        SHA256

        54282ec29d4993ed6e9972122cfbb70bba4898a21d527bd9e72a166d7ec2fdc0

        SHA512

        5d31c34403ab5f8db4a6d84f2b5579d4ea18673914b626d78e458a648ac20ddd8e342818e807331036d7bb064f596a02b9737acac42fbead29260343a30717e8

        Download Submit

      • memory/2732-15-0x0000000000400000-0x000000000045B000-memory.dmp

        Filesize

        364KB

        Download

      • memory/2732-12-0x00000000003C0000-0x00000000003C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2732-9-0x0000000000400000-0x000000000045B000-memory.dmp

        Filesize

        364KB

        Download

      • memory/2732-10-0x00000000003B0000-0x00000000003B1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2732-13-0x0000000000400000-0x000000000045B000-memory.dmp

        Filesize

        364KB

        Download

      • memory/2732-14-0x0000000000400000-0x000000000045B000-memory.dmp

        Filesize

        364KB

        Download

      • memory/2732-11-0x00000000001B0000-0x00000000001B1000-memory.dmp

        Filesize

        4KB

        Download