Analysis
-
max time kernel
125s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
23-11-2024 07:25
General
-
Target
RippleSpoofer.exe
-
Size
15.6MB
-
MD5
76ed914a265f60ff93751afe02cf35a4
-
SHA1
4f8ea583e5999faaec38be4c66ff4849fcf715c6
-
SHA256
51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b
-
SHA512
83135f8b040b68cafb896c4624bd66be1ae98857907b9817701d46952d4be9aaf7ad1ab3754995363bb5192fa2c669c26f526cafc6c487b061c2edcceebde6ac
-
SSDEEP
393216:QAiUmWQEnjaa4cqmAa4ICSSF1a0HPRV8gtFlSiZh5ZlZ:bhnGhMAXSmHXFA+
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer 3 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 39 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe"C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/Qt5NMSgdzU2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3052 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
Filesize
252B
MD5fe3cfa8f1ae4a4a33e8f0a2fd27dda6c
SHA145904416ef0d376606b5482db63e2a0e182905a9
SHA256b44832822cdecfeada9cc2be9e2f8feba4e55907c100db0167dc4b6d48f95c04
SHA5123e77c70af0879459b14ebc37505516715d724c08d7a326acb12180e6a6f876accc424a166889cff44d8a7a71eeb7b045241e766318a4e64b872cf52a4ca62a6d
-
Filesize
342B
MD57433b738950807826bfe19eb1d777a17
SHA1d7e7154ab0fa73c394cf4ab1fc7d0c915870ddca
SHA25630d75c1b651b054569264b2008e8142a0c0d4286a18a9a667639e9ed492cc865
SHA512c806eafc7459415fb807f0ce74340d19104fe779e99237a91b4101ef4ac028fe04ad5f434b50b7c4056ed25788f6896dc93b446a7e07cc150083794e25bb05b9
-
Filesize
342B
MD56cbfad59d5585ce73864f561f44e6f18
SHA16bcfc82fca509eb9256723f161dac5896feb0908
SHA25664761bc611873a72b54e1f4b83a5275f41a4f329fc1b3670804ce044747b33b0
SHA512fd3118b70bd1867110782d1dd336b8000331270649583ced56e3ab991efb45827626a68bdcfb61ef637f284343d5c2a036cc15539921c0abaa672a6426c8f7b3
-
Filesize
342B
MD5b40f9b529d9cb44038482482319c6240
SHA12af949441aee5ded7022ca33b74e9ccc1e5afbb9
SHA256af9d48cfd41d0587652c0cfd9801d5f9a4dd4d3460e4a6996b53732fdf3b6949
SHA5124c7621d71fa2e071b47c8968b56a41daba3d953bba3657e7bc72047d57bd155f3ef51f5cfbad09070ce7ecc69b35cc3ebf8836e8da1e180cce408970bde06035
-
Filesize
342B
MD5c59620de66333a921cd6949d639f209c
SHA15086b748aaba5769c92d856d8bb1023fb3ae3a76
SHA2562f4b0e1816c908e3e1934f8347e7f509a4c8160bb090f5c3f0501dda4a843fe6
SHA512a4ac22fbf605afe91488d8b5ecf1294220a3f729d38dd96dd6902f60c4270d2ecc2401f1f142832132c51a79f458525c0b2be14125f3d5258bcffbebaafd3abd
-
Filesize
342B
MD54e978bcf0719e8aa499363861d2b8a3d
SHA107361eb01782578ce2154a2bdeda243e9a9d43e7
SHA256a9e73d404dbc4a54733b617b274ba119cf5cfdc72567d7b5cc1702939544e09b
SHA512caa418abdfee011ec32dc7694ed579c315bd2bb8ebc61dbadcc54e7c3ee8855d6f72a40bb5e73c63182db0a7ec9781590a9bd4216c1e30001308995d63e83fcf
-
Filesize
342B
MD52c2c2592d5d92fc955897246c79de938
SHA12ee6c9db940f7837fd86bfe0a213d48ccdf6c2c4
SHA2566f6d210be4fa7e82edbca4ac8464ca9c5864a666d0c18d701bfcab0f4a727861
SHA5120c4c13ccd16c40be0304dfc558cfee2649b718aa12cdc450877ed8cac5ba5945e4839bd8f782aae9ec93e6f192f6280ecb7fc55229049dbee2dd93d3e4a0b08e
-
Filesize
342B
MD5765500f1c55913d0aed3d854f1d2fd24
SHA16bd28a67244da85f01053ef08d775f8d71872485
SHA256a26698188c5cdf70b1678195b3a2140e6dc4579991e9266bdd2deb047dc59bbf
SHA51229f85418022ae2264c644c5d98ece115c30b7259934a4fae337e76e07a79dd0693c8767b9656eaaef9fb443e1eea3cfbd002dd281a94ddc1c4a28c651b0f1ec2
-
Filesize
342B
MD54baae971283974297a67bc4cbcbc13ec
SHA13cf65da66c370367d65c3958688df3bb5cd9a42a
SHA256165107039147763edc5c3184fef44f3c9435b5a4255039bac1034234096debed
SHA5127d8b4ebbab3487d0f13c6883b31e2f274db0f0d1359353a7af599bc915c58f4a306aa7cdb704c8051543a1a3c5f1211b6fa3bbd0ba094e80e1c70d85290a70f0
-
Filesize
342B
MD58a7ac2ed9d002cf305518faade999bf9
SHA1c69a3b3d97c908ff04c8cbae22955a40bbb074f3
SHA256c870acd3b8c6ec81da248673211c93dda78a8a6901bc2174a3806f9cda58dc46
SHA5121b48987c7df6718d5dde65e598b80ee6e37140253a770f4b9a676f74daeb57f1c339dee3250e28f6e6a828f087c956a7211abd028a80729cf9f19b0e1321d1f9
-
Filesize
342B
MD504ca8d573ce0dc8a04dd6c00698cc6f7
SHA194c2944223803161d9f1392b812418f73079a5e8
SHA256be7b3ff0af8d983f892538e259790ac5580db01d10af26ae11436c0f18e071e9
SHA51258e85c13d9d7bdf4713bcb058f59f8af4ca2fcdd177010f3a7cec45c45054fbdf7b00fcb4375ef9c5b6ebb98b0c9084aaaac715e2cc2fe8b268c22bb00dcf14c
-
Filesize
342B
MD55581eb1a727c32e22e7197f16eedd48d
SHA142deabf8392ad46f82a15b9b75a26353f63407bb
SHA256aa3af2ce94d3a58064f5992ecd90c4b0590b56d160ed7520f77ffdc872a02c7f
SHA512ad58a580f5ac378f0005f62ff8dbfc5f761c37d74ab34e3c6589e3f03e77a984db70be9e4d1746c48e612375c1a9832fb7d2c442217c6079f05dc3473cb4f360
-
Filesize
342B
MD5ded8d87895138238060077b4bd949fe7
SHA1562878c4ed8f7381cb1e953b49585ad815593737
SHA256724023302ede3c7a9a97cf098b1e38b0873aa656e63f5e68abca5f4229c176f8
SHA512b67784246136f46280f8d0e070c32f1e0cffe3fac889303767b764395e41073ee4f46d019033deb0a846f45266a74d9c5962ba39a14caea26e0eeb034f8fdc08
-
Filesize
342B
MD5efe2ce7679732c19299868a1a758f13b
SHA12d56b7eeef6fb6c0299674fb69a8d8a93853679e
SHA256f1ae51b725ebb5d3f37206a5e861055a0db8c0eb019fac7c6d7b6046688c5bdc
SHA512dc630ce1a7ea62a90bd74cd49212d17babc75d73b19532227794d017efda39f3a0377c05ebb242462d66e353e30f9fdccf3c0ef5eb6abdd29b553dccd639960f
-
Filesize
342B
MD5b081b3d71c26d06fffc54b181b151f9e
SHA15cd013a8711c68bbc1eda5e34e4145a177ed951f
SHA256576896ee2c7b80c713076eb65bfc8ad5ee7ac559aa51fcb463c65746595a49af
SHA512d9b017a040e654880e3699ea88175ab4ca1d32e7ad8268054c9be79f3cc9a1e0da6d054fbcca29c8ac76ffd2e363d37620de6259ad71f101b0f56a9aa3785da0
-
Filesize
342B
MD5eff0b931cc432817a0fc276c95a7da5e
SHA13f8fd79b9247ca506241c96166d61ed7d226c451
SHA2568a6b4538180df9154a8434e33e20b154cdecc7e911276f4671cd8dd65a537798
SHA5121c55aee6b7dfabd2fc83e14fc6b072c2201e3750f526d107a5ee44f88db8c9908945b01d6a4b402f8c14a2dc6d98c14714378a47d0adc3451dae419259ccbbb3
-
Filesize
342B
MD5ab8e8fdf93ede99922a13b016cf9322c
SHA12b347948bdb8e06098585f82e42a177f9b37632a
SHA2564d60efb6560028bef0690432d08e3f4c3d62da7a34d248875a56f9cda7a66126
SHA512ab9571db9b3f6add1b4a16843615950680bfb8db625f86fea2b1183a2a508152ef9f0f1830e5f217845430182a40cb85dbba9b0fa4adf9b711fcdfde89c03fcd
-
Filesize
342B
MD52bce968283804848a3471bc94785b341
SHA104633bc0448b3f14d6a2e056956af6ef6289d93a
SHA256b82b2745b16c8156fedb1344cbcd3ea14230878cfddd6f40e45d4758aa7b3db5
SHA512fa3905e50c342860d0a676f169e36e3c3d0f560a52d30f0210dc89b5559087334f43138180d7ef3fae7ed36d074c6edcfe6654a31e4e3437dfbd396125d088c3
-
Filesize
342B
MD54d9ff68a64ccff080cfb20f665dcd90f
SHA19dfc89eb0880bdf32fa70d4e73102d555bd31696
SHA2564967857118123e2b5e1394eafaf1652ec3830cff30a2b989fc994cd2d88ae675
SHA512698e46834daa8ec1085dd2361ff6eda83aa9dda02494dcf9608a2ef6712c0da322ace29deccc242711dc10c7fb33c8e9c69b37cfd8c12f4eda0dd0a76ed4653f
-
Filesize
342B
MD519e8e9603e6057c5013ad3fa7df1196c
SHA18400216e19dd640249eacf1778c5c422db592de8
SHA2560f921f89bc383bce62f80c514e71ab2866618b62f099440c404ec20464f71e65
SHA5123d4f1ac9c13da1f9519b7f895950e65ff9cb495fccf753a2d25f51b0286c59e8f135ffbb9c55c3fa863c86c90fc7b395b8169d46341899a351a20ff8d79c1995
-
Filesize
342B
MD5e8aed1f83f12d5316e138fb6cd264413
SHA127649509dfcc780a7853d95256188c770fccebe5
SHA256e8b7a92b7f15eabb923eb3e7b0e6d9d96220879c82874716573c23ee74ec400b
SHA512471a8d5867b81eb07d5e3f9ab3dda172b03535aeb2f9980b5366750cf9a343f72db931a9dc0d94561569c0cf83d376cbf4be3655d2bb0d644a71a65e58ce252d
-
Filesize
242B
MD58120ad061a98c618cf4771d625f54c67
SHA183e86d70e44c7f177dfe75f6611cc2ef18743c18
SHA2562ec599984df91180a04e1d529015540181d1363556f44f545b8596422b47bed0
SHA5120a8983ea9ffd2507021f1b5f9f2e5c450fd083a534ff7a40cbc186dd7494d1faa2cae2c80a7f3ac4eaa5c310b25a1947a1f8549d956f85231260f8ba81d3351f
-
Filesize
24KB
MD5457897ba58e3b3c4e33e6003b7203f36
SHA1028c2fd7c02d09f040ddc8ef5fe616618889751f
SHA2561c25923e31519efa7546499c908ed31589c63323a51c9ee234addb1fb58a18ae
SHA5122a85d09f2ca23bbb044800b0aa6a237c8edbea39d0ebb24412f76ead74d9d8283c121d80d78d29da71c283257f06788c74058d93d597d4e51cf1f95051aacb0c
-
Filesize
23KB
MD5ec2c34cadd4b5f4594415127380a85e6
SHA1e7e129270da0153510ef04a148d08702b980b679
SHA256128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7
SHA512c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
28.5MB
-
Filesize
28.5MB
-
Filesize
432KB
-
Filesize
28.5MB
-
Filesize
712KB
-
Filesize
28.5MB
-
Filesize
432KB
-
Filesize
28.5MB
-
Filesize
4KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
4KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
4KB