Overview

overview

10

Static

static

7

RippleSpoofer.exe

windows7-x64

9

RippleSpoofer.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2024 13:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RippleSpoofer.exe

  • Size

    15.6MB

  • MD5

    76ed914a265f60ff93751afe02cf35a4

  • SHA1

    4f8ea583e5999faaec38be4c66ff4849fcf715c6

  • SHA256

    51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b

  • SHA512

    83135f8b040b68cafb896c4624bd66be1ae98857907b9817701d46952d4be9aaf7ad1ab3754995363bb5192fa2c669c26f526cafc6c487b061c2edcceebde6ac

  • SSDEEP

    393216:QAiUmWQEnjaa4cqmAa4ICSSF1a0HPRV8gtFlSiZh5ZlZ:bhnGhMAXSmHXFA+

Score
9/10
discoveryevasionthemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 3 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe
    "C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1316
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/Qt5NMSgdzU
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2620
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2620 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    71cd0018fcb0e3072e7a7425bca658e2

    SHA1

    3a83aca4d55479004a35595f5be765ca05315709

    SHA256

    94a9a9854a9dadc3ac1d3e2417bc5fb324ad1651fbfc0c090dcb11a2cbd5dde2

    SHA512

    4bb47aeed9cbd692f7580362477aa79ab733d633850ce62b3638e2212bfa73b26775dc5a3ff680faaf709663bde17bc322b2caf44321be5e48a67ea59e7c078c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e7d43cc8f5cfd456c0005a151aadbdcb

    SHA1

    6e2fde556e08479d934e32eb025e3f69f959491b

    SHA256

    c7c41176d56d1a4e408cf066fdd69f1193deaa9c1bac3d5768a868ca469449ed

    SHA512

    04b1e21fd76dc10a8e5d3520528c70370494e733f6b40d4952558aad19457c03f651f1a5e702c0d704e2e4ffafa99fefe716ca081c713d893acff3fdb1c3851e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    10c9ca5e9e509702af3f2580fe05b097

    SHA1

    12192e053f9073058d377db58855321bcbbe26af

    SHA256

    1dc04c444288a3abafb5091e295d11c120e0d91ad40634d322b8f2a4aa5e54a8

    SHA512

    61ec4c5af995e4f2be683670e7977d4cd9d761543d6aafc52c5db07d8de117bac26bbcc1a1addab20eed413e4f15f2df2a81681e601e846f6f21b3d45056da96

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b6ba1a975a10cee229feb71ee4e5b31

    SHA1

    13a9f8637486bb7cb37f5c16e553d7015771e460

    SHA256

    81ac3779b98c389cbe52661375d35cb16703365c509feeb595405ffdfe11b9a4

    SHA512

    9920223e0373759d62827dfb40c49ba88198832d77164d24f13c8b204ff3eb8bf833e7281cc9c8a344176b5d4b7c55216191f32e5f673427d1413251f6de7052

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a6d13881583441e15a825de4c18a21c

    SHA1

    a97f6130656b847321ef427bf75de9412a4f9804

    SHA256

    4f64cb6a0de7e78026e24c80498a00b8aef2cbfa7542b5a2919c2e66cea678b0

    SHA512

    28fe367a13aeb204ff8e54c74101a9ffcb449e1dda8da63dff088e7eed597358c1d0dc69e5b82a8643f01c7ca3889f4c1fee83e999fc028da98db3a3af782a82

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6d636270a352c30eafab2312f8e9dd0

    SHA1

    fc6b355ceb844819c14ed4a8bec1c3833a187755

    SHA256

    dcc24019ac4f7558e55fdcc05da4657107941cd23a09d4d071e48177d5de17fb

    SHA512

    25146c553e7e02d253f420e53c6f3c820c62df49065a15564d686f0c4d6546742b10ad9f58346e677945c279f0d5d24677aa0b8922dd4fa4b31eb3e0d3843566

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a31a35ab7c537cfd4ebe2a192f217f5

    SHA1

    d327ea4312f86ee05d11822000143f192f6ea245

    SHA256

    8c526184a2a0f881d544a2e99a8a8008df12faac97f06cecb7aeedcb8112857b

    SHA512

    98b182fb28c80b545c6c45f7e9673909f6c19cc6598ca71c0cf704516824eaa362e10dc682d100e17ba82b330ed4550d48c72a96e6bf551236feffec863ac011

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    706578f7176cfe774adf589459f16391

    SHA1

    539b263e75c89bd9b9b43017a4893a39d0366b05

    SHA256

    74e04dfd8cf6a32b86efd950faecc9b43ac054d728ea1cc285f9a95ed09d4ead

    SHA512

    6b8648f3639a487c2980806824563193147cb67578f8f5b865372d7a96e4ef4f136bd49d5a776c065443be3e4608c8a823f7916be35779689875f4dd471448d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aa16f80869e3da436d9fb700c28f88d8

    SHA1

    e0aa6bfd10c6149fd872c638b6a31aac8137fcad

    SHA256

    9ab9c261fa8e4adca845919cf1d1f6950d3db9309293f51fc2e0f530b3613a9f

    SHA512

    ee3e7aa333cab91c5b25277f5fd48eb0d1c4c02669f6cc1fada17ad23b5287a9849324e2d1329a8c8a925cf83794cec791b04b9e9f440c5efa0ad6ca70a2f945

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ae06d37c63eea6ceeb38afbdcc2e69bf

    SHA1

    db244556f339001451e385f6c2dd1efcd5ab83c4

    SHA256

    6298aa1a7a116b7b92cef6f091ae9e5e15797336e56373c848211a2ede785b7a

    SHA512

    266861100c592d85964fa95d16eb73ddc671075c7e5f8dc05a58d0b4348294a4ed951fdd1475d7b8f446c5fb131b35dd1e21b6d9ddbc12b1ed157c58179f4a47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3903d1abc36f5651dd5a335178bc303d

    SHA1

    185d969c146449476287949269d449cedfad2447

    SHA256

    6fa94804f58f12190847edbe43477344dba4e68362ac894437cf6e4aebc9047f

    SHA512

    18f322965f908bb2708deff40a354046a47813c37e6686f752b3f36c76f879dc84d58cad7411a2fbc8b13b579a7c142e2e51e7ea306675b6a88ad6cd2525342e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    41e977f56efa064266a59dd64056e6ed

    SHA1

    3ba3e1df5135bb3bb066598878c8fb2d623d7542

    SHA256

    9761cd3f12dd987386829c37e02c1ed11567d94fe3b1c0ac5b283099496ec3b0

    SHA512

    bb02749c807180a083669c2aaa69731cb2d9c187583a6c425e629f9080e874e1696d2463fbaab852c389d9aefb66c379520766f5dd2c9741114274a52b941522

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f14777d5f4b4ae8b2b7838739f79105

    SHA1

    540d6a407a12f64b2a77abb14734ef243f9bafb2

    SHA256

    50ac7017c8f56316ec50981c902fcdb62d0ba9bae2ea87cbabb005e97a4324ab

    SHA512

    690ba1d0cf3bd6aa2bb325020f532c77bdca252548f51525a7067abe4ecdc32dbf5ba200e2d37b2cea60fd9ce2fa02cd5d453051e74c55943fd7e1b28a423347

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cffe6cc25dbd8adba38a46b6b34aafe7

    SHA1

    ac3942c2f9a0d9cb06c2da8e78b28d9bbfed163a

    SHA256

    c3f15436f5d4bdac4468d4a06e34a095597b6a08e217081aa40c54b3df87a91b

    SHA512

    38f52f746355091ee7e23b4991ecc4d306aac550368a9a5362781c21c7bb4cc64b870ed65c39515b8611a2d162a9fd8309928e194bf53d216cd50bddff8e2e23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    08ad51ada74eb1e934649f66e9fdb103

    SHA1

    bd2582fc0e804be55e9dd32dbe5c220887f620d0

    SHA256

    b5aff99ddce9642f83431221598143e26db67de205b2b0c14b952a3781cb02dc

    SHA512

    d08af39d9a8aa2f86599223c1e2c640efe0352e170126f9630bf788a2c6b83aee54783cbe33486121f906ba24e6dda296a5110f6fe7b9abe26d0da71d52bad1c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4146e530c587ecda4b39cc5c52972232

    SHA1

    e59be837f5917411a8bb45db4753a006e03ca6e0

    SHA256

    23ecffd0f161995815b53b3a4859d85dd9142a88716658d3a3a27425768545b3

    SHA512

    2014673218f914d9206d2688d469ab9dafe42f4cf4baf1be9f3160fb263525ba8df47953581d790f9a6b6a55396c6cb072a6b68823ab166ad993c39648aafcb9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    653b0bb7dd0f09329a94738a716c4250

    SHA1

    0e29015fccf223b37cb100e1e8d171bd16f08055

    SHA256

    5a2c8ebfe8b4838d246487e4f57e84832252c4fccc571457def66ec58657ee01

    SHA512

    6da869e855eb7fbec92becb8e36101ad32c6c4e4fe6e26d6e2878e5c355d91ed1e2e018f3e4714b53dcdbabaf3ad4f7e1e472282e04efb031f53034ac72dbcba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0db0ea70f16bdef38019082c1b5fc464

    SHA1

    8d480e71e93b6e45df6019c0fd9087c7e375a801

    SHA256

    cbbf399b4e6149788908bf28c15421a2fdd147cb10947a9b11a186687c0c9d2b

    SHA512

    8a8606a8592528d3cf02cd8c8b53a7d71c326abf73b04a08adc039fefdef4d7e611b83b3f3918064a66e45d59898b69286263d457e41e28e147117a0c9d0db27

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db83ad987cfc1e170270f7c8bf1bfade

    SHA1

    8685d333db304bc1330a56a4a8072c2374d995d9

    SHA256

    53b84688e0874e42b6a5154835ea4189c096a41da64bed5b6b515a2364eb2a2a

    SHA512

    29b65eb86cc4f7f9d28ea4196cb1e4fe3b6db08ec47b21c977f0b8861d1feec49c47b5f2ae6989f3776c7b46417a6f770f9f445d832f12f6814ee9ff69665276

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0246155800bb8880eacdc89d57d3f9b0

    SHA1

    325ff7b55635d3aca15b4e28129fed262a1d93ca

    SHA256

    de8901914f1b655e1201e1ff7bb146fd660473c8dffb8f14cd18242c1e84d108

    SHA512

    9bc9b8090f358ad49bd40adb78278768d94599fdb40dc61d8b1a47fe5ecb5e97ea4b8305735dadbb96db10202d255051f8076135ab11833f940aed2b98112ace

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    7a4adec43a1da21b50f0504ffb6da684

    SHA1

    92121cc697c9ed5deac5ddf810695816e3492dfb

    SHA256

    e8c86de9c7f76555ee29c35e2f13529f8c2d0fc3cd5752b1a05a51c1d407c8f3

    SHA512

    2d3a6549fd34edf6906b7b09fe8f109babad049d2f4fa6a1f02cce57739b328ccebe087c702b3d2810412df7e64c8b00191b62e256e3eabb83fa36c2c89c2cce

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\bl977i7\imagestore.dat
    Filesize

    24KB

    MD5

    03123473ded1876612c86874c503cd77

    SHA1

    7e6b4f2b3ea5dde6bf33abda1d2f851d40a0dc1c

    SHA256

    0deca6c8beb276f98b8ec51a798201f87f02561942d3b62880dd6db96e084fc4

    SHA512

    6df0e3be5f5fd52ac8da91bf51be81cb29d137b21170c373908c942ebbc9af3472b9fbf9ccb749102c78b45197bd93b24faa699772e95adf75a465def9dfe581

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\favicon[1].ico
    Filesize

    23KB

    MD5

    ec2c34cadd4b5f4594415127380a85e6

    SHA1

    e7e129270da0153510ef04a148d08702b980b679

    SHA256

    128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

    SHA512

    c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab39E8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar39E9.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1316-13-0x000000001DE20000-0x000000001DED2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1316-20-0x000007FEFD4C0000-0x000007FEFD52C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/1316-11-0x0000000003F70000-0x0000000003F71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1316-9-0x0000000000030000-0x0000000001CB0000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/1316-16-0x000007FEFD4C0000-0x000007FEFD52C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/1316-15-0x000007FEFD4D3000-0x000007FEFD4D4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1316-14-0x0000000000030000-0x0000000001CB0000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/1316-0-0x0000000000030000-0x0000000001CB0000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/1316-5-0x000007FEFD4C0000-0x000007FEFD52C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/1316-21-0x0000000000030000-0x0000000001CB0000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/1316-17-0x000007FEFD4C0000-0x000007FEFD52C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/1316-8-0x0000000000030000-0x0000000001CB0000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/1316-6-0x000007FEFD4C0000-0x000007FEFD52C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/1316-1-0x000007FEFD4D3000-0x000007FEFD4D4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1316-2-0x000007FEFD4C0000-0x000007FEFD52C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/1316-3-0x000007FEFD4C0000-0x000007FEFD52C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/1316-4-0x000007FEFD4C0000-0x000007FEFD52C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/1316-12-0x000007FEFD4C0000-0x000007FEFD52C000-memory.dmp

    Filesize

    432KB

    Download