Overview

overview

10

Static

static

3

fa2e5eec14...18.dll

windows7-x64

10

fa2e5eec14...18.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    27/09/2024, 09:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    fa2e5eec14233d5990a75a46f62d7052_JaffaCakes118.dll

  • Size

    272KB

  • MD5

    fa2e5eec14233d5990a75a46f62d7052

  • SHA1

    938692401180d0858ab42498a2017da4589d21b8

  • SHA256

    cfda592ac1958ac76c35369bd9e01bd3902cc0127ce03c97eb73c1ae4b966564

  • SHA512

    b4039864c110cd4011a4fd8df8778dd5bfa125762950dde169009aac12ddc27fb48dba8531af811045d041cc27eb32a81843b2aa80fedf12be0f1fd9e6e579a4

  • SSDEEP

    6144:CrkYHjIWeWcd71bynznSB3ZOaI4SCxW0Dg:PYHjIWPo71bISqa2SDg

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa2e5eec14233d5990a75a46f62d7052_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa2e5eec14233d5990a75a46f62d7052_JaffaCakes118.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2696
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2528
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2296
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2296 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2908
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2348
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2928
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 220
        3⤵
        • Program crash
        PID:2968

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e37ea8405911a240266ec1f9c0d9d1a1

    SHA1

    7dbde575bc6bf7c8d8080a6c13c77f51d92ad2e2

    SHA256

    825f41ca1e7177cd8a2c8de20015fead4fb1cd113a4b753c117041910b85f7a2

    SHA512

    db5c410dbec22afe6e24ff3e3ddae0daa7e88acd937bc5c68f1b6855ee9f3c536224368dab51683f6cc1acd013d5804420f91f095521c07c874d9c40cf0faab4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9cfd3dadda8a3ce9e3a18233f2c384cd

    SHA1

    7105eb4843d48ca3c2d821ea9cc2c0ad208275e2

    SHA256

    a32a3813f1ccd8cfffa372c0b4b53da39cc44431722602ebbfccefb2611a2127

    SHA512

    6a113fd709f4a3a33e726fbcc1f38f07a03f1fbb00c70e2ecf847d6cbce3a5d018d7f346ceb7f09d8eb553e77a9ec67ab3b300742d90eef3e3f3cbcbaab40905

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    302249cb9874c25598e07d63f17a1ed1

    SHA1

    b5f41b6f96a0eef57b1750397f20d5fdb7334aa1

    SHA256

    c18748eabb090133ef41747af677816e6aad10a14da2d924a34dfaef3063b2ff

    SHA512

    e64de1144d4357fcdc41c9de67f2850a2de31e4fbf7f941e4f42204a039526ccb51175414466d76d7d31cd7270e85791bae7dc18184c614106dc3416a36a13e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c457f5f66e8f25cf05d485778e88f8b5

    SHA1

    8b4473ec01088343114932c6d2a71753479e0aeb

    SHA256

    6359bad9b44f1bee0bb29f57c68a5cbf849eff4146e3be2b8dafb466afe498ac

    SHA512

    161e4dd831d73a1c242752d1b992fe5b2cb1676623ad2ade5abab00894946af5c14896e5128a9c2b4323850e4f9a21ed1a6c454d75a317427866ec1c1cc1046d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d332a24f0c9d1396d7110e2b16900d2

    SHA1

    12262b1031dafccf617d5bcd4c870cbfc1389fe7

    SHA256

    9940b879990b64a9c1ff6519cd3d48b445643b674c649dc46c6ac9870419a650

    SHA512

    adf1180d02a02f6efc211014730de9f938eb2743888f1ad4aa0897da74a93f1aa215fdfa5785fbcbf7ca3fbae6752c762d90506498c810f637beab74eb4f2077

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4467a103ad76e68b4920f726332e2a6d

    SHA1

    1c3d19304516376d0b5157bc7a0dbe7291fcff52

    SHA256

    b6604236187cb98f2f90495fa47543cf28a3e6be267aa6b9576910e080dfea84

    SHA512

    70c177f26e2a362ec737d09cf5a0abf1d4a3744e8794667c94029724385ae505879f0a6c80a72382aa76fa58a7753f9446646abb7119f7750e9f9cb85399a1f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    732748413c1a3fd96f0f04b380919da5

    SHA1

    30efeb66405e2f893389871dbae935f2cd2d9be8

    SHA256

    9663cd78f3a3aac0f53a652b22e02390f43659688b37f278011a0f63cc23e8a1

    SHA512

    6c9a40c2be1f81b467dbd2e40dbdf03c841a0734ac3cff8ca037fc3525541124e0eafefc5e3e918fff0125d0da6e749597f090db66e4080f0445bc3844e999b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3af2ceed23d44a401287a9c9d754420c

    SHA1

    47e27f3321ec5810723738c0e8bd30dd5360d85f

    SHA256

    c7ebabc7cceb4ce0a0a12fd13e69669c823f30ad79410e7fd5bcfa2ab5d66773

    SHA512

    93ddf98623b331c153d6c096dabb4c3b8f0b647f983f0807434ef9f8fa08590db45fc8ab4b3a64737432b0b38e65d009eddab699589c8885f1eeefbbd2a0b4c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c986dab0d1ba7bf05cc29a974435ded

    SHA1

    f61b836d729d9ce113312652ed3ce8da6ba735c9

    SHA256

    1087da48b59ec606b8bfcbd7f25a3acc43b463813ff5e154ecd2d61a7e4c9459

    SHA512

    a94865846dc0db32c8b343d7b7eb16f83009e77aa791366877ac4252461a3aa0c2254ea4ac93fff584b6ddf53334f3e6e0f0b43034491d8da577ff8e9499d260

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b76e63331c873676efca1fce685920f

    SHA1

    c5842ef64d89607036d02b358b0f02e64a8afcd1

    SHA256

    4a8bab932702bd3f8bcb66ec4109e89019920ba1eed9da9ef7654916bfd1065b

    SHA512

    a14fd540451eeecb0389bb85537d3707fbc164d330171afe9609777734a801c6cb4de607beece5a31edacdb1c26ce8c035bca6f8258313af2573387cdf884968

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    60b8ae77335bf99a2b298229131dc9d2

    SHA1

    42cf885e5016efb07e1610dabe40f29f9281c081

    SHA256

    89584f846c5e75a1c0299ef266ef13a809b5f8821a02293c522dd89f10c22d4d

    SHA512

    a39dc6602597055a91139821a8e7f7c840491e9efe4cdf8678a5eb50967739e8d7afc71420f437fe05ab5316d9d31056845a8433644d6fb676e521f5f76370b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e4a11b0a19f6dcfcdc4efd7888f88a3

    SHA1

    24bdf2c29253a10b5bdaf745afaed1cd8370c955

    SHA256

    9bbbbb27306e9e2fc74f9ee60202cbf6df6f80ce976734d13a557a6ee4c47856

    SHA512

    cfb50611ae63ed8bd0a6ec9c9dfcdd7fb855ee6db6c21501c620ba0586221245cdad95ac20dfea1a433791a28ffd0456fd7b9a6e28f6578d4d47fe7e58fbfde2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    37dcf9a85884ab32a059e6bb00714d89

    SHA1

    c0ddfefe03b6792c537ef7f21192980a6f9e398b

    SHA256

    8be6599f4aa036d139704bfa4e92e8a10252fdc49b62ba6225490be95d455eee

    SHA512

    ac40b24cbdd10142104f2dbca19cd6b27623cb02965edbbab6204448fb8fbbf11786f020909a249dee160c27827719256f492b398b1c255f9414bbd02ee861a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5271da65cecc6fa65cf14fdaa235a8e3

    SHA1

    cfd53a29df6e69d43a9fd65c212067fb949ce1c1

    SHA256

    b592852682fb4ae1b6e8af3f6ed0a3a423d60655e8d9a07c3137ed9e8c1e2386

    SHA512

    24b4782f4513ee6945e8f4c6862cc074fea1ced254a8bd6e908e69ac8fd2cee0c555feea8cb2ccda6ed9ed0821a8a5fa01557ed1b9e4ce48b962e3dc5f28b1d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eb79749c449c7f0e54c5c8fe535e5b1b

    SHA1

    b746f5bb74e6f2de56fa424a7390b136815e5d6a

    SHA256

    ee3f5bf18672953d00f44978c2468fb04e22de2b66e01ca442e5975a06c5295f

    SHA512

    af0d3137ccf5349c22fd58ae7845531a9fbf8ef8d0e0cf5b3bc793658d8099048a763706012d35b8a10f518f73eeaf3191a14763f017d3da5b02c3c11d3df389

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    696d0e546a7d620dd7f2e96d3755a30e

    SHA1

    ed3628ffa4d01950361d038fec1966cb2c4791a6

    SHA256

    b3f3a8db3c9bd67893a8b8d6c1ff8434c8063d698dd5f469c01c101a0c39e6d2

    SHA512

    a45a5b60ede0b32c8fc7a59eb2b6ec969433e9113bec9e8fb520fe2722d31729694fbffb9396ff35cd848471dd853575711dd223a05f60dd03348d9a018857b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    974aedafdc056a47aff6499c0dfade74

    SHA1

    27143a79bb8601ec36e7f401402aa49acb7879f1

    SHA256

    076b5f420fee48ff0fcbac97a58022a0cc43f2d7460d17c516d1536e0c8f184f

    SHA512

    987e9b3f8072207f3e4b58a8ebf8a753ec016ab1cdde2266b592a560ffc9dc888596d09c3dd17120175ffc1077bfac06c18d669a163890f032dac6dae7091fa7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{90F73E71-7CB5-11EF-A205-6AA0EDE5A32F}.dat
    Filesize

    5KB

    MD5

    2702c8128f41ee6586b30abda358dccc

    SHA1

    a52c3978215d7fba9ea79ee0eb600fa32169aefc

    SHA256

    a3205f736b2257c63d4f8e4f58815b810299249e59a125c66b8d594aa271282c

    SHA512

    17e3fcd5321f19023905fb666267635b2140e08d117ce8148b1ae0697f9990484cb5993f40954158c3ded4f98a602cc43abbd168f6d865c2d6b008314dce9da1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{90F9C6E1-7CB5-11EF-A205-6AA0EDE5A32F}.dat
    Filesize

    3KB

    MD5

    103256b3fe5b1c2f2187e843c7de1d27

    SHA1

    64ffae024ee381693babd910c9435e09d1165e5b

    SHA256

    3a91d3a03acb6c718ece9eb5894958a6ffca1164c4d9039d6bf64360be7dd6a3

    SHA512

    6e0696c65f226f38d334f5fd0fd3c9293f89f6b737163d2b84014dce97f6344eb38703a64c6bafda0b85e704e32fe886f1ee0a23f30917ef1b66b48080cd5c10

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA610.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA6B3.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    105KB

    MD5

    1713dcea0892955ae4ad238bf4b9a34d

    SHA1

    172c10720153e717402654f97ad56516f43705bf

    SHA256

    e4cbc03a8bea10728e756b7187435b3675af2d45ace12e6b6641e44b25d54b23

    SHA512

    e0a0a1ec9e9380bcc1692016dcadb6b794ef13e3a49b9709799c8b281401cd0faa0b63b0aa0fa750820cdec674f7c6e02e259e66cf843975fcbd49e9c1be021c

    Download Submit

  • memory/2528-17-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-16-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-18-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2528-13-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2528-19-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2528-14-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-15-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2528-22-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2696-10-0x00000000001D0000-0x000000000022B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2696-1-0x0000000074CA0000-0x0000000074CE9000-memory.dmp

    Filesize

    292KB

    Download

  • memory/2696-3-0x0000000074CA0000-0x0000000074CE9000-memory.dmp

    Filesize

    292KB

    Download

  • memory/2696-2-0x0000000074C50000-0x0000000074C99000-memory.dmp

    Filesize

    292KB

    Download

  • memory/2696-11-0x00000000001D0000-0x000000000022B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2696-883-0x0000000074CA0000-0x0000000074CE9000-memory.dmp

    Filesize

    292KB

    Download

  • memory/2696-884-0x0000000074C50000-0x0000000074C99000-memory.dmp

    Filesize

    292KB

    Download