Overview

overview

10

Static

static

5

9cc392e797...18.exe

windows7-x64

10

9cc392e797...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    119s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    25-11-2024 16:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9cc392e7971a8b0404ea5db2f4079866_JaffaCakes118.exe

  • Size

    144KB

  • MD5

    9cc392e7971a8b0404ea5db2f4079866

  • SHA1

    fd3648a1afb19c140220043482faa9a96bfa9d87

  • SHA256

    1fd4e230844cb70059c299747dfebc82f75487f2fdcf2944d7b971f160bc766d

  • SHA512

    480b53080fc105537042fcc0bd7359c120a505b71a7e0cc401f934e74fa8e245a122262ea2ff4e511d8d851afa5d8a55a921b134cb9973972a58ee4dd3dfd985

  • SSDEEP

    3072:8wV4OgSzBmh04eZFkz3Rr0gwGj9Tf8L2:8MzzILGFkzhr0pGj9oL

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9cc392e7971a8b0404ea5db2f4079866_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc392e7971a8b0404ea5db2f4079866_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1372
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1860
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1860 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2856
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2780
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2280

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3238e79ff345bd9b55c1f25300976b7b

    SHA1

    615b7a63b96c923c85b4a3e06656aaeb5bb11f9d

    SHA256

    bba7426d2a99857f84372bdf398df33f9c15fe0a47ba7da6a9738390e17e1495

    SHA512

    ddbff97ad9f41a82901105bd70aec2ae899ac7144457131a48d38ef8daa6ac3446237f08d645311d1d4c3d5163adcdd3baf57a3495e1844538e62cb8f818d602

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    856e58edd2e10bb2bd66842c62151041

    SHA1

    148fde47102815a172e4b11f5ede33d57a76e2b0

    SHA256

    bf11e963e4e42d6ee3f1f9b5672c47fa8e299a541d252bd329770086397495f7

    SHA512

    7aa9a86aebd5fe854be3f30e636714e39be369ed894227cf01ce3e97d99fef1e29920f9dc64315818428f8b4bcd24ec52a73dde1ff4eed403cb6bdeb0b86d07f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1bf5e246108e1a211137811bee2fb2cd

    SHA1

    334a160a59b640b8e5adbbc9f37db36de0693acb

    SHA256

    627a4723491c28c682af69a0eb2a055ae00902ac523bc16820196268381ac630

    SHA512

    f1d30c75b95edc6bf0375d399c436fed358a6287b562934a9091e15a7532451ad9d8f3be45acc6d3d5d270c51b046601dd9d51b9ea02510198901d0ac21de226

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3144387ca4cd303423431db907933d2c

    SHA1

    638794e12cc927b036db4c29724404d0cc444dc3

    SHA256

    677c751509361541182acc06efd5d4fdb99b7cde3223d42e1b4b6f4d84d01c50

    SHA512

    5dba939fb8fd0ec228e2b4896e2b652e0ba41654d6f816db93282f663479942b2b50960d3260caf1dd98b2ddcb90c6a9eb2bf187db323f4740165c31970ad160

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d0bfc6ac03bd0a8e1dfe512c075a150

    SHA1

    f3723a8dbec244abd198f233a997b088ad791740

    SHA256

    a9d9cf15d076a460ab10d9718f14a291e2b4736f62d731c94d1ba3bbbed2482f

    SHA512

    052764aed593e1b8e7279aaaf7f0d400c8b2bb149583d0d0c5001028dfa5010b07ecef090f6d05de4af21e35d547f9ff6d8329cc41ab93b4e9585dc2725cb8f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a6342c05ea8f7c039174fa2be11be708

    SHA1

    b763ae1846c3a8be74029e2f00dfba36e81fa86b

    SHA256

    611ae87659b44db162b15f78d8036c465e1edd1cb12df0a794a30a6af76f612d

    SHA512

    6e876f3a07d4560320c3f1502c097b030d20a7bb8bba11889d2141cc2c10234e77eb8b8e69bd4866474641a85ddf27868f313cc98d43eb2c63b89efe5de7dc1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef1d5fcf50f8b0ae454bd23218121237

    SHA1

    5c7a8561634fef97f48dc489e598455a755cd9a1

    SHA256

    9d521a2b5e187ca87cd92532f74a389ad97e361da85c81ea1cfa7a5030a6c2b0

    SHA512

    d678d288ae772a2465f1f233bc8618c9bc6b4a671dcb3e527d5a1f85b023e099f81e64c027a8661fa4e6a427445043cce3269edcc78c91dfa47074b5f05102c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a86af336e92d4bd7e616cb2398dee5f

    SHA1

    67a0c1bed68cb6605d5f273b688c01ee15ca7b9c

    SHA256

    017804aa362f4f915a7b50bf7d3368cdeb8f6b03d67a3e5c74bdc92b5bd3c7f1

    SHA512

    100c6e3aacd3ea35b09437ba9ad24af1de887d234a9de3061529c5870f8ad00fbce36834a8a0d900518f3e1c358996eb82de531848656f1bbb7a1acdc3932afe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    83459b56a1778fa14bf693728f55d231

    SHA1

    57a81a78eac7df57f76dfe134ea278b58dc6e4bc

    SHA256

    3cd56ac7f470a2ea1ca740baf2c5617c9311dbff9d925fb87f989a5c93e8914b

    SHA512

    1496cd89fdd2eb1c09953f92bfbe387a4681eb8293b49798838797d6065b5152229791fdd994a13f73b580a93143ee5e31fbd09da1d7068c741f4d5e6114f9bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    efedeb2f57307f7c9766cddddcc5c7d7

    SHA1

    e55b9ba612525e82add2ade2ab61f21a778e4f9f

    SHA256

    5ceb313e61493581b93d39828af32551435fcb2391114b0e269df7378553b12e

    SHA512

    cf2aea814b352e733ccb5c0cde2630dc0fed47157c30dc500fdfdb3d3ce9f781dc6fd505a8f41e4bdbce5fd7824043ad3335f2e69092e9ca02c62d3fe8613822

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be6e6ec43e7036d0d20cec1293da8d83

    SHA1

    be4df209b0c0ff90bfc88e731ef80ebc3b24de90

    SHA256

    2f12021f2c450258646f9f56aaa0e32cf0d539c9fc143c973cb7c933ec8b0bd9

    SHA512

    df717107ca93d0308c4c62e23d673b6c6d2a68770045e5336e3757006f229e23b91a2f1723c60a7c820cf5832ee6385e717c07e780c5227ba21c449030f144e8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{870D76A1-AB4E-11EF-8B45-D6274BF0F910}.dat
    Filesize

    5KB

    MD5

    c1935bc3abf7c47e12ed6cd907c74a6b

    SHA1

    8f30c6eafd4d5ea8761a03c4ff97b81e13612b4b

    SHA256

    649a79630dc035b1ba725879d97d50acf1d77a9ad64a0c06e60cd708fca2d50d

    SHA512

    03d9cc9858b19986be9a3131f52ea5eec4a45df77d9af628c687318109668ded2e7e268cbdcd28ee36179b8bacfd4b0eb0641db8f5075924d43e6694ef64bbe7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC757.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC835.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1372-3-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1372-4-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/1372-5-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/1372-2-0x0000000000320000-0x0000000000321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1372-0-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/1372-8-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/1372-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download