Overview

overview

10

Static

static

1

94808170f5...8.html

windows7-x64

10

94808170f5...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2024 11:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    94808170f5f8ccb32f2bb635d436ce15_JaffaCakes118.html

  • Size

    125KB

  • MD5

    94808170f5f8ccb32f2bb635d436ce15

  • SHA1

    283b5081b5945a2c600033c0270431da0c5dc74c

  • SHA256

    1691852a9e6138dbcd38e76f56de8665f278de92ef53e326ee7d01d81189b2df

  • SHA512

    8d63e78d026dbb14ec9afa76cfb12796fea9e51fcda0b5f271236caf78f1dfb94ac6e090d41983f8fbc89ffa913da62e6c7499b3ec865860263e0cb2b7dbb5ab

  • SSDEEP

    1536:pPLfyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGCW:pjfyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\94808170f5f8ccb32f2bb635d436ce15_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3044
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2076
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2908
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2784
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2644
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:537606 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2228

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      650b061916613f40657e5161bbe7cc19

      SHA1

      8db014bec8bef1ca0ca83a20ea64687ed3892c6b

      SHA256

      6e9f9b7a9e6182a2308e1f97d5f26d76f84db35f19173225a08e0689286b6b6e

      SHA512

      7950e63f17f79ae56c2eb6af70ba7f961dad993cd9dfd669bf16525197deb42f174d35f759b7f604fa5b405e985e17430a20269fec3359304cf3895643865635

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2223e319fbabb1498d9837e8702dd7b0

      SHA1

      82a1889ccb95a6b6edda7613b5ad24f71bada3b7

      SHA256

      8bf00754b15260e3a03b5c6c5a50a0a6886bf737cbf73103e4a1bb80f5232d8b

      SHA512

      a5006e86a65d32cae125fcb2b6cc2fc33cade38cb8b932250461d92ed24cf192e7c2a5bf474b68e56c05ed722218ce4c36c0a1a25c018b2be5867012849bf358

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bd97d4934893f167ce46d205e8d1fd3b

      SHA1

      2f9a36d20b3b2a8bb5074f7eff41bda416e8dfb2

      SHA256

      8102937722130780c1c48ac4642f297326fd4f4e5b981f6eba7c2253a3bb82b1

      SHA512

      586b570d41bfc2f1e6768bf802a596ba96910ba6df74f56c4b476b4cdfda93eab5d841498619f5356e802196648f49858010515142d136f837e583d5c1ac6cfe

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5b18fbd39525f4fbe35a5ff6d57dcb6b

      SHA1

      145821c573cc1b4db7185ea659b872e5ea18c47d

      SHA256

      108f6872746787a3fa1ef112c608c286342d2e99602d2e9910b3f5bae0161e0f

      SHA512

      7067d13944cc8bd4fbbabeee91e2268296dd5879b69b4d6d48043d81eb5449bf5a05fbef0a772f537b916c1d70ab4858f8695a3e25e90ec78822c19ddfd976ac

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ba61d5c109be3f55cd5a510effb84327

      SHA1

      b4849ec8862e05c9ef7a282ec41201b61808bcf5

      SHA256

      caa8d4b2e1bf3583ea6461a43e4da591a6dac5f5db7294312c0566f34a8df0f1

      SHA512

      b64b61525092c3cc2bbd0ef3a413272dbc1b39e14bdda13adcdb6da51bf2613a40cc9e8fe035922da6cc4c22c192fcc614e712cd123bad6e4e28a846d5b2ed67

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      84015d6e4d8bd2a1a34c28b718889733

      SHA1

      1b9c9b3c119293f35c0c99ced0e3881063e71ea3

      SHA256

      22197f39371fc722e9e6dfc547de67b541f3481586860905f5cedf10818fb7cb

      SHA512

      e0f3a737d828d1da75f088608ee9e0fe5aeffe574061165df65ca16468facbb715804fae81821daaf7951f174842e8237811e5ee3da68a8a6d6bbde6c46adb73

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      eae1b8249d88fca3930f7bc90df975c4

      SHA1

      7390aa619cd402d3cd7094a6642994ff451154f6

      SHA256

      f45b4ac7e08992b9665a4c51b438914f031f4b92147e9232234aaba7502778d8

      SHA512

      a23bf8a8af04e8593c7f7206c69dd5ccd715797680062bdcb887b9f925bbf6efbdb7c2f0cc994c115c5d7311856a38926247e0936aabf5c8941d0876da72facc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9255a1e4db3252cb04396df4c414aeae

      SHA1

      e6dd8827b6a7f50909eda8fe8d756a0c331e6a46

      SHA256

      4c6f89602ed1722f5410ffd17204637da255b1825136b6c217121980e7d43223

      SHA512

      99fea63ae01eae1c548596395b58068fd393e170c7c2ca298784ccaad863e1a65870b154ef096a070d6c46f366174c369a81ef23e51136ce5eabb6d33e17c14b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c9fb79421c7474d77a24ab489f693e23

      SHA1

      ca0935210639e9adac37692b719b4ffac1e42658

      SHA256

      353eb472ffe322c30229c765813b08257b44e983e1607a525e63636f4026a63f

      SHA512

      0b2c1ae84ef51a6f765fdd3502b285bde1433253fcf45f8c06311a2ae6475d2f3c604a63e222fcbca3b9281451a109eb54cfcb8908fff64acfbe499c2627c3ac

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      88c34b141f3cea7f7f1487bf0483972b

      SHA1

      f8b06166e01e60fa9bb04e340c79a37756c0f2ac

      SHA256

      dcb0c2cba057b2fbacb56bd55dd86ca7785bbbc61fee34b9006f547bf07eede2

      SHA512

      bc595f5fc3883494601bcbb7329d691da67480d88cc6880b0afeaa488bde0b8c4f5c10a62480992d1843432c0e63f5ba758a967de3e27bc6f8ee9a6396cbdbfb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c623c4c5b732e29b3675bd25a9c97503

      SHA1

      e1ad6afe30a6d5c47e4c7b24c8b87dc75d0d5d33

      SHA256

      3fefd88f62ef958ad8db3a7123066293b949ee6acd42d3aa400bff4a54f528c2

      SHA512

      f45f2c752ea8da875bf2dad0d061917a5d4f59211447b83330ed79bc7cc8a65ef06bb61397dd6bd443461617b27e1f4990e749c1436c785600d52919df831982

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab2221.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar231F.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2784-19-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2784-21-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2784-20-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2908-23-0x00000000001D0000-0x00000000001FE000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2908-16-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2908-17-0x00000000001D0000-0x00000000001FE000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2908-10-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2908-7-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2908-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download