Overview

overview

10

Static

static

1

9590b86328...8.html

windows7-x64

10

9590b86328...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    133s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2024 15:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9590b86328d7578fa4e668debeced95f_JaffaCakes118.html

  • Size

    159KB

  • MD5

    9590b86328d7578fa4e668debeced95f

  • SHA1

    95f3e846587b56b9d783c0f40786135e72e11682

  • SHA256

    67991d50759ac1059b287d075893ba9181b38d62837feac0036873fa5290b9ce

  • SHA512

    9b0375f3b1db3606a602c6aac73f040fb1311b8ef07b768e66bc7852a57bf366c8e906ab239bd40ec2a8a622388899dcf6cf0729a874f92e911f96735a28c8cd

  • SSDEEP

    1536:iYRTGuLHBHlaUWSmyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3om:iSRN1WSmyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9590b86328d7578fa4e668debeced95f_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1684 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2460
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2660
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:948
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2128
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1684 CREDAT:603150 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2716

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      923de8d3392f50f8e699cd222bea4aff

      SHA1

      6b2f4fbca319cf55f406cd3001008de93f865648

      SHA256

      4e4abf8dd35bceb004357a663715ec857bf1b4d0774a32f57cd7c00d1f52b971

      SHA512

      d04b6f273457a60dd03a9ec44b0cb6dd6c1d08d6574851640ff39b26563e7c85ada4336819776c1525410506677343c8dbbbe01d9fb1a6e437aacea3a0f59529

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2a9b80f67a68630acec9fc7b8a666acf

      SHA1

      309aa1a1ad3cde44326a100198e59d5a1a50b3a6

      SHA256

      23837aa8a03a4c86ec223e08ae21311cfd24c5845d9f3337ce1234e5de761314

      SHA512

      7ce4fe146c17df984778d315f3f83371b73ae26777d29e58258494478a7ec11cf9d80ff22f95089772fa533201ac9a0ee85022c46d80c709c50f41eb25bd7df3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      abcbb6fac641f9980b8109e4dce91ad7

      SHA1

      2e5ed9f39a9ba41083ad1dd4561ad679fd272980

      SHA256

      7303de504d69c3b9f683998348e034e9189c0c846c5ed3df59c0c8806a433d20

      SHA512

      c9c968f4aca834678cb65239ea1fa7449cbec890f9f124b2f55995695c23516320072d162aab900e3d383d5ca4eb4f93ff3c8fb0a16f31bdb3a2882757b0959f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      32ae8bb8ef0e75b7ca509ab19a2dc1dc

      SHA1

      c8af9ca9440fb27803f2e3da6d3a786f44ffa87b

      SHA256

      c977d5a14e0bb3ef19c65bf8b9e6d8e44ad9139706cc9cc63bebf479d20a4c31

      SHA512

      3a3ff63c1fdc1f54e4f73609843efe67f997f2b47b892befd4e8b6a79fbf7139f4e3b8df191654a42992d8a41b8b4645368755a09dd38e37144d287f084e3234

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      54b56de37bfd4f97e4100c09defdf549

      SHA1

      c203134c89b25a233c464a35493bf95bb5ae07be

      SHA256

      44360c246d37d3a4373be10ea191ceab3e0cd5493f1b93d57ab5e0f47e4e940a

      SHA512

      74eb166da029c5eef31c66941c878214312e23d6ba979d679176e3ccf5b48327be057cfe42e622b0904960592e06da96db1b9cd7933eb042a5c7daa69e777a08

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      07672773e3c4d8768df8a60c70ff1db6

      SHA1

      22b1f1cafa83a19fc2b7e2fe0094e8dc870025d6

      SHA256

      44ffbab53ba769e0687b9f955b2629c6e116d5b6ed63e8747d0afac9e7e60399

      SHA512

      ce0236d9c8f46071a42307a9cc606538156786230d5e9b70a43c3b45b533b6fe7f9bb9188eefbdb5e8b0462be8ece5949816b55a7aa4501896396e0a2bb8c278

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      aac6f9b007bb75491dd2848d9cc2b022

      SHA1

      0aae5ba758a7114142b0efa39d16dcb3ef3d3a7c

      SHA256

      40c916c328db6ce00ccad610a225ca201fe1c6183f19dc88bd64cafd7b131bea

      SHA512

      e7a31199cbe58cabbf8bfd99be05f67a2298ca41c9d1894c712cb8ae176a8bc0670e0357fb5bb22f427ccc43140ced9464584ba1ffc58c27ebdefa10df58f295

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9515c4f3914dc0e5e12a458c2ddf7ef0

      SHA1

      ce236f2ccbec8ac482ca005e84b43d28c33a02ce

      SHA256

      5fc92451d7fd85e92a6314c99febc2a40a57935ba3e4d1df2a38238218cd3813

      SHA512

      a08d77873f2d5ab081c73af740c4e6933b85a725fb6a188e92056d1501e8d79f9fc0863eab9fd586e3b72fb9a2f63aac4727457535c77ed5eb84074e65536a30

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      48858f8b697d4974494e3387c4763c0c

      SHA1

      260442e376512a7b34dddae7e8afa290c04f6a31

      SHA256

      729d73eb92998c01de7aaaa1e79dd1e3c6c3d8e47b7a1b2afd7f8554611dc9e1

      SHA512

      fc4a31d1066537843363180bbaf28089d85e4b0a8cdeca26566ccd4f923896382d9661e7fe5d249c128d48d1577588c584ff8d3419de1f6cad3424a07d941575

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2cc9625e713210c6f69ffe3860469305

      SHA1

      da621cf68ccfbda072986dad5c9c0473c3b039b3

      SHA256

      a6da8e5fc1d02d51293eeb699c8cf6961c249e6608f3a7fdf11dfee18b44c19e

      SHA512

      002742b6a801b5ea37373b1e3f00b876c6ca8f5a742062362e4e0dce9736eb32e5834e291d171fd25bd9ee39b472aaca5487082b761587c88bf69c5f8a917dff

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabCEF4.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarCFB3.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/948-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/948-446-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/948-445-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2660-436-0x00000000001D0000-0x00000000001DF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2660-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2660-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download