Overview

overview

10

Static

static

1

962073d540...8.html

windows7-x64

10

962073d540...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    146s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2024 17:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    962073d54024fb1bf979779599f0b86c_JaffaCakes118.html

  • Size

    157KB

  • MD5

    962073d54024fb1bf979779599f0b86c

  • SHA1

    bbc73f34ab313ceb957157e8caff61ca33277d8f

  • SHA256

    c0d6b3d2b3ca7e9995228e0ca283b576084569b701f4f19cd8d530874ef20397

  • SHA512

    86e1cd65a060adb20e76096d9b0c9c3998d0682196630e50a5575a726a4c5d94d3a251e331059ebc249a3b1b2da0bbe0b40c12402b773a6c50ae6e4560367052

  • SSDEEP

    1536:iORTfMaJwXdwYCpyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJA:iEtdpyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\962073d54024fb1bf979779599f0b86c_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1624
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:484
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2492
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1764
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:472081 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2428

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c057cfb96789ee198820d771315163c1

      SHA1

      93477c0bfca4e4bdd0b39587673059e331c8cd4e

      SHA256

      001e184c1a63a28edec8c14caf5d705d6a0a1a87e222cc138543d34cbf6d81f2

      SHA512

      54a4e79efe9c5e26e075a89905aaf05d02814c7cd34875d79d30659f27502f28f4cb1a59db0c55827ec2153c585007a018991f5b11bec4604ee085f167b4a2ae

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      44ac16db2eaa8fc2d9e7262dd55d5c62

      SHA1

      cd093ff213a1f21b4103596830766ed6881c4a7a

      SHA256

      ecb8e5b2637cb27c3197c60d2463ae66e574405f3d47a56412a7dbf6a8d8ada2

      SHA512

      2da8cc8631056f358f339f84a3f9241055377724ce09612aaeb71357f853d097ad9e61ba4d1f798fd15651c433afd518cb4e2457f95f3a828db3e8c5e09c5be0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      352d2127bd7174a21b4cad62226018af

      SHA1

      c850e61e6a713686bd6fdbec2c19f9ff04558f22

      SHA256

      d7c2cb19d2a1f0c884b7051a23e2f9c52972d98841b68d3a170fde9f6deaaad8

      SHA512

      c97bbd28b19fe659e453119201561ba9704104cbaf6f9a5c76aeeb8469ea6931c0f77286698e872a841b45e3e59f8a3bddb44f2a71e799b6416b6dcea4d03ea8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b24ca8c882dfdc73a7686fabac3656d8

      SHA1

      4f6e5f17bab91020b0fe2b9fa72211fb9c9c25fb

      SHA256

      89633642b33ceaee494225c2ed1a1ed826a596eaa4aedff9cfc10f0082ec5e9b

      SHA512

      dcf3317a52863ae2020554f0087eeedae6582d26db6d0b3dadec4a1009715ef01b53d24ffbfff91318e59bc24086c39c12fb93340bbc310c19194d9f2d0a59e9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ea0fe5cea5ccc8f86d1e6cac957ae545

      SHA1

      2e53d2a975961950d1ac08a5e3564042cae9802d

      SHA256

      c60e7d96a7f8f3eb663c80ad02e3fb98c03bd340be221e8b0c9905ba0e8981e8

      SHA512

      700cd8aa18b613e078a06616d62c7b75e46c33fdf35459e24f490b49bd9fd805df374f4b50898366553bd3c1397c7d442e675abdf7c3f5b66ac2b64fe3628e5f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1a041e64136f79c825f58bef5ece9627

      SHA1

      a084d8c78f0940dfa8808dbb6425581f93d38fa8

      SHA256

      3c0e93f1a17ebd7ebb7382c559b067fbaf3ab633e15c6f98cd780fee95b62fca

      SHA512

      e55074e4ef970e4f28f75dd2021665966abc4fe1a2522bb2843882efc9064c57cca956d0a0e0335002e6b41f9b00a4bdde4c846e0fc41a3b301b8136bb3e6852

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f1580c2b0dd8d1f247605ca39a65a992

      SHA1

      53928dd9adcdd75ccbef79e8208cd4f728de6604

      SHA256

      68e8b42ee9c714d047e185bf23147f8696157ab4481504c9aee0d76fd5c79eab

      SHA512

      756f0a3400bebecb1d5b1e052d450f289dd10fe618422562a3e547e0bec47d563582271f922361fc192144fb2b4eb589dca57b3012f17aff052f06ebc39779a4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      93084835952c2c8afccd399f4612eea5

      SHA1

      f1d0e79bdbdab9eb11a02645f024c2fc2577fb4f

      SHA256

      7e6bb42971232b9df894dba16a42935b430ec577df5cf6dd3c9233f234b0febf

      SHA512

      36b62959e157ee8e82c030bc49ff6d80862431a7c13157f9e594877d506bd3668a884efa65c742084419bca4e3e603f1fe16207a9a46c7e1bb3bb6d56f91cbf3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3eb6140a5a2e93c9142b5fd685d4190f

      SHA1

      8684a26f98216d45d7802da47cc2006496389e3c

      SHA256

      b58b3ae96b68e4946c03bae9729058e9405daeae360433cfd974bd766171ba8e

      SHA512

      63c346f340823532b4cf634bc9580946f92e595b8e6d92d659bf6b001be15485c943e464a1fb23360544248afc39189f8f550db7673576ac6786d6ddc1f1279b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      af48c658392792e3abc2eae7ae3415ee

      SHA1

      1bfa52676c60b78ee7770755bb9e5f14eeb66bdd

      SHA256

      b208150f9a12b36719b6d88c0411ad02ec890a5f87a666b4c1d7fd8c556cf022

      SHA512

      e2ca916c3c25207e96f4c5590ff91ffeb79c03f3048a77127cad3cbae7c77586f6ba66b3b1f65f5902cc47904218c0d076b761b809d1764f45fa398469ec1f0d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab8F27.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar8FA7.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/484-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/484-436-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/484-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/484-441-0x0000000000270000-0x000000000029E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2492-446-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2492-449-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2492-448-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download