Overview

overview

10

Static

static

1

2e37b81710...8.html

windows7-x64

10

2e37b81710...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    130s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09-10-2024 08:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e37b81710153347d02b883b79d0a152_JaffaCakes118.html

  • Size

    158KB

  • MD5

    2e37b81710153347d02b883b79d0a152

  • SHA1

    c6b411cb2f6dfb508758b0a4b9cf8f9dec150e07

  • SHA256

    122a7a64d4132d225593a6f39eb3e1a4763fce9dcbad21d9a6ce4142221a7d17

  • SHA512

    db5ed5020e1784c2624f723ca2176071fe6c3dedb209c4e50449197ab86b02bf8d51437f83703158893415437f5755b88b01ab4ac7a16afe3e168869117349c0

  • SSDEEP

    1536:iBRT1l3yTDH7sUSlmu7yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXu:iXODH7c7yfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2e37b81710153347d02b883b79d0a152_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2748
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1384
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1028
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1608
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:537614 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1724

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a2de06554a96dd71073cfa2535a43494

      SHA1

      b6981ef910bd0bcc6415c93e347ced5f910352fd

      SHA256

      edea1451ef2a411d0dc27920e0813b9cabb9580b9ac043586ab6ac473eb4ca30

      SHA512

      285e25e9a81f7bc3be7108eebe8122644c8338efffa83c3d9d2983562802f5fabefd6ca0eecfeace757dd48aa1312556f5b536e824be43385b7af294351a6c4a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fd2971bca0cb41a40a9a82780d7b7773

      SHA1

      bf2f91032b53ecafb38de739512186d153f43968

      SHA256

      dcb5cbbe6dc8d2638de03b829638fc6611accf2524cabcbd0173c1ff64f825f6

      SHA512

      9c137297f6eb672b7f2bb2d4ad46791cbbb1fefe163b92f706ba3d9925af0274b96102fcca5d5177e99a408867ab450ce278ede2363b2d320b716ef9218b96a8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d04e21f04ea7dcb10860d2a51e1fcd29

      SHA1

      157db242bcde43b7c416adde90e504188607f208

      SHA256

      4c9395de5e68cb1a1108a708bcd1df7ef3f5c13446bacc1137af7f3f92ce5b5b

      SHA512

      b7880d44f39e2feb298d8b20e91b100420ce0c05db5d82f6a7f51e55cec9d8076d62095b4cdbd771a511fb12e6baf67b4886e87d66e8b512070c90724adba673

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      075b73ac41d78de775c6c0012f0fcc57

      SHA1

      0bdb85f3f57665886f25f85e257ab0375cc7b527

      SHA256

      5260c3adcf93bf964ce300afc52fa2cc783b9c58879cdbb4dc47188babf138b5

      SHA512

      c30f0858f9d96f3b07b51363859cffa849151354beb345f000ed0a58737a309b0962a6145e073b7f645089de4fae834d5afb3b7ba073a8366855534f736500d5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8cd423ecbcd4dbf1b9861dcc285f4b5d

      SHA1

      c6567743523d084e3b90a5238e62beedab12fa90

      SHA256

      68918f5a5814ea0c7dc3775140a215779b4ad7f44aebeb2c8f4ad151c52b8cdb

      SHA512

      28af8ffa73fdede41612b2fd27c53a9f134d6069accf113d30988085789207090767631030706ede31144d1be8bd150dfdb32e5007bd2c3461c99010271a4776

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a05c4c35bda860dc14eff25fa49f09a0

      SHA1

      d2ca18edab38f31396a12410a06b93907f0e7b43

      SHA256

      5d8c871a8dbd1ed0a55e2ccb42a9e44b60bc3cd6dcb70f1007d739b6c45557b9

      SHA512

      9051c22a8ff90d05ae2489d00376fc74a6157b3d1e4acfcd507816533efa0af93a657076607c5b28422bf0f01b84f19bf11340718b76a9dbdc9e8f708f078f97

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      950d8d331b1175cde95a0bb49f0fd26c

      SHA1

      05d04a063985decad74602bea11ebd5b970bb912

      SHA256

      cc3764d2d57097702f08b3a50bd7142a32973b9f4d9e9bd1edd751a42bddc729

      SHA512

      fdb6661ca3b79e12260f1ce674370a9f799283afdf34a4988846350ef25638ad2a8987fe7dc456ad1053ae269480ef48b1ba98bdfaa1e75b36d90e37ba96db7c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2504eb2384501d96b8a67ef65941996c

      SHA1

      cdea4b342d4f1784eb02c8e9c0c308e704dbc378

      SHA256

      59fd12a0f17579cb2d7349d35f4d1c33194682c6c7c40260ad0f6c07681c6fb9

      SHA512

      1805f187781f661daad73f66f315d69dfef0524c1f8d590860d1521cc6b7e7a4b40f0b22fd093557bfcf0dcef9977e0de0c289d4de424a5f711cb2800a2a122f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      228fe7585ac23a49fae7172506bbdb90

      SHA1

      acb57b479ca3ce130ff1af5cc32d284412b8e346

      SHA256

      4984f8ee8cd77596f5f8a93e6ae96d87346b7665e119ca3db95351c52c041451

      SHA512

      97d2e4ca17db88eaae15840299c804447c7bcd390efb9b4a326ccda4b104f5501d0eb95bd96d002d9986b521431b796fdae43a94119839de0d17ce2b45511878

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8aa3cdbeed08ce412e673d59c01af6b3

      SHA1

      a72204cc461ef949bd498883e2b52045ef417516

      SHA256

      7cae42211aea31d7175e442afff50b7328ac7ecac1cfcf45904e999838181a9d

      SHA512

      ae2993dd2380b8bfe1aade43c402453c1455c72d364da3dcb5b7b57514e44aea9f83994eed927df6b6f142f2582b9e24232db3cc15ce9c8edef9d4f3b900bbf3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      443825d678e375bff58708e618512bd3

      SHA1

      8647f60108bc81e635db38f0bc2d0860815a5a7b

      SHA256

      be8954aa907962a72a9489a9b25338b9e874d3707e75256e696303443670617f

      SHA512

      250aa4322c9760c31a1d2e61891b824a252d5bef507ccea0e40d6dd8675d2e5ac8d9df36d225e8a2fd720d2e284a50ed00c6ac5bf46cb93847bfda22c6326eac

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      06582f988e82323dd468b88b3f551221

      SHA1

      46b879328d2e0056c0b96e13f9adcd9089f47756

      SHA256

      b2ed927801509c61106607a921b6d960de0d6dba9792ea7fd3ed39049c9a264b

      SHA512

      cb3b2965276af33d91d0aec4f765011cac0403c713c0b97305d59d526dc91cb095d2c618e60d135f15d5516d330590d97333ff0d4df221fa8f975cefa313596b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cb89c938f51f1d78d250f42aa78d8697

      SHA1

      d718e9a7cfd9d4272f085fc4e18264a83af7ac7d

      SHA256

      6283fde72f573dc43cdfbdb4097095c2e480925aab578352b22670ca47829528

      SHA512

      8460141a999d501c19dc4c75b36dd8462072de6f8346eff2baffcae41072124c035e64c3e2e0801e8b2e2d65affdcf71d6a301110e21ab85a1804debf590c189

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8cf7b084cb2175b1360ee895652db574

      SHA1

      971b445f7337d95b8e8c74405a3f1e14bd47dc9a

      SHA256

      75533531d2c5e74ac8476f7c8e9dfba15cc63e6265f3301c9877bda8a1436b56

      SHA512

      bb204be278e67c455095562c7287770150ca239fc964ef6152c5202c3c1db86fba595c9d6bc43f461f7e96d6baa7285186d56bfb9b67c3bb6ae1c875116a5237

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      276436a9fd3b7b57be6b1eaa8e835a37

      SHA1

      420b8e3fa9f00a8673801b8ae0443f1fd16f4176

      SHA256

      62dc59744a17ac0c5871c29c56840fb80cb61d2a9a27f4d6800ee5917073d820

      SHA512

      6668ee4dcc69414ff4e63638aff468d128240e5a60592ec51383a2bce847258a3b046fd505209bb5d179e49084a00c2d121e122d2d5c6e9d31833d29b22959cc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c001dd8d9510b702029b1d6033a0087e

      SHA1

      c6738dbbd7a80bcab6d25702b3e184e2d46a537f

      SHA256

      cf931ac6fc01f9fa1e5865910d530d3668b0c95b633760c62576792f20da20d9

      SHA512

      7fb723c14eb44f924664f64446a3a4c874d6314883ae0e99dba44b6f11f17af945ba992fb16a6c3451c09838e917d00970399b27079c6c8bbad403e21b41462b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      18fd4cc9c3d17cd7af238d1ed35b7cc2

      SHA1

      d17630694403b552de15f87d464474085165b07d

      SHA256

      455564941afab066501b31d18246263e00cac8317bafad01017278e95ba12124

      SHA512

      27276df6f99e8755a0cb40655f3cc49599dbb1869dbea197f1d534f339decffa557d23a22c84ce65fb0fd8ec42558901138703f139de7cd14fab41272ae16f0d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e9657d8e89497345885a1d4be5325d20

      SHA1

      012c5fb1a38b73f04ab5ab098b87ea777bf47bca

      SHA256

      ec07427b04ac02a3c7acbaf83355c7ce5fdb82e90a49a50f00713e53cd3e7218

      SHA512

      61d801a0a5396b90de7bd716029839ad48ea8ce098c6e7ce2abc1ef94e36292289ae16dfc473cda9a8d416a0f49e779d27b2e0b73eacbb6407cb9f6219b64792

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab54E6.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar5585.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/1028-446-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1028-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1028-448-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1028-445-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1384-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1384-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1384-436-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB

      Download