Overview

overview

10

Static

static

1

95d6819ee9...8.html

windows7-x64

10

95d6819ee9...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    146s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2024 16:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    95d6819ee945104bd9b5b974191b1edc_JaffaCakes118.html

  • Size

    157KB

  • MD5

    95d6819ee945104bd9b5b974191b1edc

  • SHA1

    7e879745175b83c5735f63f51cb61fb3999e4541

  • SHA256

    25d59c9aec063a9e1a463bb073ad3bf975bdc41bb70acf3e40292a03c06db3bc

  • SHA512

    0c5fd4cb9d52d97c3599337a036704576320346fe279d4b2b1dc1bb2bb2e2cdfec93ff8f50140e40bd9b8eef7348dd3276ba83498ecbdf02da16f32abcb5211d

  • SSDEEP

    1536:iVRTWvNvFWu9+yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:iDqwu9+yfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\95d6819ee945104bd9b5b974191b1edc_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2836
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3056
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2376
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2484
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2300
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:537613 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2064

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4ac6a322f31e465b00fe1aba6843fa93

      SHA1

      a24a87056a71637282e4e4773666c83c492a51fc

      SHA256

      31bdbc9bacbc387931c59e600a88127b5243e4c59c7acbced9fd442d9e54baae

      SHA512

      8b1ae3d45bc682926fe8a01a16dd6952cc0f07d08c7491ccf8bb2dc0b51c1d57fba86c0fe41a240ad1c4d9190582c9f3c3c373ac41835dbbf547594291a85ea1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      70d0145f69fa3c14ec16bb8e486ea7cd

      SHA1

      0f82a33eacef92f6518a0541a7cd3510386b031a

      SHA256

      39919a48d91a1e4fc8869af2bffcdf9c0f0ce8cffc2cb1fccd464682b740154d

      SHA512

      2583943c369b1d6d755ca715a272883b8dcd97ea36376539470ae905087492a278bed538e9392bd68bbe70c1a165975c403b61da97fe1a7f5fcc0867f2966b1b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d0969e04cb25b41c7ec9f556f11148a3

      SHA1

      c8f2f66eb4a803e59338d892abe8ccff7ce19518

      SHA256

      9230cd7ae8245982538dc9e604857f544ae0cee1a7f76affed9dcabea96eb261

      SHA512

      f8c992c1b4f111cd14d371d1b01a2618ee484f2757bc8f80ebf6a48588a77412ee3915a510d73b1ddd48c435fd7c0b74d3a2b3c87e878db30948f800983ba56b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0b814bd3d58a146462785919a3258225

      SHA1

      735957252d2f2cb3042b3a4aacebb50865faa07c

      SHA256

      c40568427df5ee754f5a9f99f6c2341bb2f8a9bc74e525e06930671c66b74fca

      SHA512

      ea6cbdeefcafb76046c79866198faa747cc8708dc4b66b24d75ab7ad722f309bced464c1589bb83c6269832c107d12332ed2da582d6264407abb2e374ec6acb4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dde497c470ed27226c54edfb734958e4

      SHA1

      e10a0accc7c4c32ad7be515cfd9a08c8cd9849a0

      SHA256

      e271ee73286c94977d1d2e9543de6836333756cb70e172993d128ba5174625e7

      SHA512

      8292dfbef00633784f005e413e0ac10bdf52f360d773be5b80b80961f1d7db9539372b9c4b7339217543cf4a99facbcb6227930db8751fb63ca1c7ccff518439

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e6a45c66fa40dd778e13fc07a5327ba2

      SHA1

      7b520b6ff8e3b1b5a88e9ad9ac864a7a73b370ba

      SHA256

      fbbcb609105a2e87d540a2c81874b832853f40ad525cb83f20313c4c17a6ec43

      SHA512

      e45a1d58f0523f75202fc925890610288197ff057ca42ac710201efffa537d790e62a4d02a02ee06b48f34f6a69d749fcec6cf461b77fa6997e4611c1e6da585

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3bf979cd6913d2eb71a1f5e429c63d7a

      SHA1

      cf9e907a4f666d814d602abf51646a1e10ad7898

      SHA256

      b400663227306a927ada0801b1792013fd496723a03d6e0cf20e4b25ab116fa2

      SHA512

      87a28a2440ebfcc5f40ec9cebed4e9a9f6762b9c510fcde329620cec46afe253005893506ff07f6dc09b6c5c76e5e1e55a7cf86d8a3e02484ece7d8be2434d52

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4e3e0bf7117a2d90cbc9f1dead5326ae

      SHA1

      9fe03db2451fccbe548c1912f0710cd218f5e705

      SHA256

      fa027255014ce54a373164d8ee9f9fcddc8aa629e877db47a6ff6886a5c25996

      SHA512

      51a0ec35ea1054d9c60313196d1e346275bbd696928fc0cbde33db229dace3e35edda964e21d485fdd7b6dbc7dae91023efa7a767144e2dc60d2ba3e39f8cc0e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      66e4fb4ff4b58424a7dbcee338e8f53a

      SHA1

      67590b47342e2dc69afc51d1b37d9aab7394e8de

      SHA256

      85c0a42f53ce8cb00fbedbaa551a68f6cf3c25d0b9c02c61860b6f57abdc24a6

      SHA512

      7a9f71909ac57fece9f0f9bc8d92258b75062628f52f250b5e9272f0ce1b9b38558eb4307251001793ccf2f8bdb7187f78513bef64673ea6284b9cb8a700d2be

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bc8bc0175189164301ec922a481269d1

      SHA1

      2c5f1a5fffa1d1e89d26731cfe47da59205db6b8

      SHA256

      09d1fb27cdec210e994f01592df08e2c4ee66ae3e41c0ee5132a0853fc83dda6

      SHA512

      ce644202feac76017402d1c287e73e26abff3af73b97955d16a163d9682c5f84a815ac15ebc84fd0f84dda7d6001cafd07154d992f0a4e104ea8d88151e3b55d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4d0121de88f2adf37bf881ab1103aa4d

      SHA1

      d6cd2efe00f09fd0ca848678bf73bea58f3aec40

      SHA256

      c383e5f1d6db3d9adcaf0fdceba4bd65d55dcac92d9de5cdb2991a4b3f5cf397

      SHA512

      429066ae7bb1223b2a8305a83c34ed3d3488a969fddd6c1195556e9cbf8ddd6c58b574c11e7d3d34ec39cd7bfe9d94417674ef1b5ac6db92d3675428442c4596

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5cf25671924650b5a9cc78adf0942bc7

      SHA1

      d791e4edaf9516b00e3aa5344749d3e2534dce95

      SHA256

      e36406a42b11746cd1cf8166f0385287f82ada7eabd64b938ff4da27958437b6

      SHA512

      3f23ecd801e1457e2a71e9a4fd7f87ae14e909c0af4fd1cf009938cf5b2c11416387ba1960753cbf1fac5f723c02cb6bcd2fd30523abae0352ff227743b4e1a2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab8632.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar92D2.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2376-442-0x00000000001D0000-0x00000000001FE000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2376-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2376-435-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2484-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2484-446-0x0000000000250000-0x0000000000251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2484-444-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2484-449-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download