Analysis
-
max time kernel
120s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
03/12/2024, 18:31
General
-
Target
RippleSpoofer.exe
-
Size
15.6MB
-
MD5
76ed914a265f60ff93751afe02cf35a4
-
SHA1
4f8ea583e5999faaec38be4c66ff4849fcf715c6
-
SHA256
51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b
-
SHA512
83135f8b040b68cafb896c4624bd66be1ae98857907b9817701d46952d4be9aaf7ad1ab3754995363bb5192fa2c669c26f526cafc6c487b061c2edcceebde6ac
-
SSDEEP
393216:QAiUmWQEnjaa4cqmAa4ICSSF1a0HPRV8gtFlSiZh5ZlZ:bhnGhMAXSmHXFA+
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer 3 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 41 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe"C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/Qt5NMSgdzU2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
Filesize
252B
MD5f4e1b67441237c93d762ab8084506f0d
SHA105a8687d9df7de01d6a0a5a460ed7400c18c2331
SHA256a865cfec55e641dbdaec6234f0360ee137cda6b17ca02f99c3742f96c921d43a
SHA512236e5ddefc5bc2c9401c10c2da9250aeb854f72dddc92834c56683b4456642fbfbdffbd68b8cb11c426826747b341cad0da17697111f86e9b1b61029675a3f2f
-
Filesize
342B
MD5575c63a020f377be790250542e10af66
SHA1d4a74022b1048eeadf2b7f5b7a070453c6551a9c
SHA256f748d862b078e08fc6a79af6268d347ac91ca12c9721ed3867e62894ea2cbc84
SHA512b4d535dc1ef7e4d53b8e8ebb2af8eeafbfe564d50a8490c8e92ba1b1155981b258031173e4934ac0bb59ec83959f0a675cd151d386136fd3e57e214e204a35af
-
Filesize
342B
MD5e43c41680cd24a2073987334f86da229
SHA197de3a4284910e3f89a8a259b3d4662aa624c404
SHA2564a68e2803f59691ef5f4ff8e82d19d5ec2957b26acddc55af04b2445fb8e6c24
SHA512de964afa5681b8d932a25dcffc5d590d94e3e832f3e4841dcc9ad110b106341b928780ae67b759fd74496dab49b2bd62e202fc539fac7374ad5f55def074fbc5
-
Filesize
342B
MD5a9c1030950f70fb09477d5c3df054278
SHA14e36398c9cd901fe5982a41334bba8148d4de87a
SHA256b7d4874225132b51f83e13b300c0d3126bd8dd0c909b60f6ea8938e5b50550f0
SHA51243b4355a8c15d9989ecd5cea8e8907c7593b440700adbbb44001a30a9c7f21bf32451503556c62dc9447b9ac851df42b2795f3d3d265a5cc3a93311af1d3b858
-
Filesize
342B
MD59c735eb20031158278817a6b915cb97c
SHA12dc59f9792e170073ad0b765e9e8c0fbf1baea17
SHA2564ae7ea5129d4bfca34b6665b73372bb17535a81b5f8e82e72f27ac719e22c491
SHA512c2a2fb9ef373caec27b429ec2fc3b7584ae8761d93e68a493f79ea2859fe3f0845b62967b49141b8371463cd34854092a38f6555d0e32d2a694e609a81e5bcae
-
Filesize
342B
MD5fbe29ac8f8e1d9c8919145c750b8d5f9
SHA14a36e3b514c831064e757bfd4d8552a127a5ce87
SHA25632da64b179796a06b51cbb130e05af828f26acc89fc5e20cd6e421360b093701
SHA5127e1bc5c131e4a0c462486e19666620f1dbf427cbe3dfd202c53b4ecd021a069f03ed48b8459cbe7b9541278ed8633528dd2f8eb93bd6c174c6c1dac67587f389
-
Filesize
342B
MD51ee84c962ad774e69ce2f9b09489581c
SHA125a606c04ebb75bf4033b691520bf6cebd9cb112
SHA256bf3e4717dd98930e9453cae5d2a5ad6349e93bd6a79fc1ed90064042fbbf3fc6
SHA51222bcdce18dd6aa4439a774a96535bf47cea1cf00a11168b29d2e249b7a54949fd4732029cfba44914e10426b7bb1898993bd44800c46af6e013d909d8cfefd59
-
Filesize
342B
MD590e5165329ab9ac8437546f4e4760465
SHA1ceeb6ad416dba1eaf5b92d1eb59eb6a15a35f554
SHA256c5adf54b980a8e1a3111e37b126ca3b677fa5bc28247ef8beac0b3d51a949a41
SHA512b4fad740fa88923e8f87ff276170471684f972124ec6d059a12288d90aed864698f011bb54d4cf703b0cd33b195f32f8c2197e969d8cf34ebc19c587a27306f5
-
Filesize
342B
MD5952065e47b75981b8f45518cb9922d10
SHA167aadaf3fac829547a8cba906f1fe7fb0fe00ed6
SHA2560186287738c40ca637035430ad7b5bcf0a2e5f5f6db280f48def34e227c8c925
SHA512464fd277e18f52efa76814676cd9f83a713ea827bc5485f98f34147ddd73bdee86e40257a81307efd207e2e9e369c24b1bd51b0903bdcff50173b71b78acf101
-
Filesize
342B
MD5e6b21c4c3f14c366f1928d877cc2f485
SHA1d50d7116b6405c6754da98fea447471dfbed2477
SHA256d23fc9e18c7e66fc538cb810c382518549a6c844c2eb647ec5788e104a4c7af4
SHA5123ea5a59e68e3fdd40c77f74f9aa6205c8189df6717a6d9cbf97ca2dea5ff0c6078b9e9471574db65d732f42f9d378e54df58e39c9faa3d3966f2ca8dcb0a72fe
-
Filesize
342B
MD50aa614bd1af22b6e7431e45a4e740778
SHA186b1b8db85e4ed78bb4126f3b3d167e1d905860a
SHA256b7afec0325a7d775bea3bdf083b6bcde581bcf03a8152ea4e55d2c6708e4078e
SHA5121989afada8e0ab743c8f5038603a5c98e1b5639a4fc642dcf0e3c63b154d3200438e6af08461595e73852d44590e2ff950a1f1182f5c5a0a9614a0dc4001ac59
-
Filesize
342B
MD51583c47193d97e33c48fb19e637c951f
SHA11db9ad5833d11dbba47aaaa2e3ac54f5744676b2
SHA256d3b2cd23b7ae6de08f699b7c02a5fd983b3ae0ffb8ad5b7dd767062f8371fa02
SHA5125c22fc64edfbd1cb6f743f82c11222500214f1965c83c9a08acdd9a7d7c1ec990214fa0b44caa66419a38f01674ddd26ab62d7b08d01ddfa61fb6992fc334c3f
-
Filesize
342B
MD5f6471a13f89b4cbf9897428e406ae6e1
SHA18248c8485f150c74ef9e73900e6bebfc494080a3
SHA256bee387ee2c4b85369c1287d0ea3d5c4484a987a0f9ead92ca3bc83f2f8320035
SHA512f12f25aa48d3af0fe842c2b00177b50fa10bcfd87fe2dd787acf360d92a8e1200807b5409434c74a37eabe4e08f1c392c38a30fb9610e1b528d54897bf5ccfeb
-
Filesize
342B
MD5810df02868f08ef91ab4209e73ca4685
SHA1b4fd84fc0019d7aa296edf5b71dab47e8decd192
SHA256aa8bc03d03478d79e6e91ee0f83d0521e76d55af2e4bdb62e17d625bc1348b5e
SHA5124c46bc7c801c268a5b589afe93fd42bf6e39f40bff37b32d889d7dbd4a6824adb6dc87561e6db9f639994bd48171e70dc54e4aa2770d6321235cc53aa6f89869
-
Filesize
342B
MD56748d3b3eb18b78c393a07f51f0c9b6f
SHA16bc21da367a3fadf2b01efa09431222dad8f562f
SHA25668dafd88a729c06f72bf1616c2b42ac8a956abbdfd3c7428078fde876f7439e0
SHA51235425e521257fa648d36920498c4e2f651f2c1bfab0a5ec3e1180d6df8a7eb9d0996f0a0440108f0f06db055a13e6c825f3bc87f7ffcc52ac08fe1379748c5e9
-
Filesize
342B
MD56ae597805d5212d0c95d4e4b6cb31bc6
SHA18374edaef139cd51703f539aa44e6aed4e0c1eab
SHA256c6d1e25d7d75babfa8f16b28f4ea80fe3adf05543f928f2249a994df0d7cbf0d
SHA5128dc02469bed98a9be00d35daaa6d2dfe5b0927c78c4ff307e5a2087ba6b710e030d1206c2d0ef125b88f5e05f9017a8c2022019dc46e60e630ca2072d5f166cf
-
Filesize
342B
MD598e5dc353b17b461067e12f6f79a2166
SHA18b2620ff57111ba3e518ce496087d5dbe48f6b27
SHA256fad6e096801dc15ef7c29bf36f23397e2d75d64d23ce608dd4fffda900ecc5de
SHA5120f7553ae17dd21eddc2b6003619bf92f7044505e134ce870df08a4b69fdd01458cc3dbde5c7f9bb63cb5ce8f91cde8cff863510e6e6ef3df548aac683571f731
-
Filesize
342B
MD5c39cb5663d53ac29234a24c9dd3c61bc
SHA1afd93a078bd64f37d5808aa86a42ff199f2ced2b
SHA256d1c2edbdecd2dad092a5af1473e5ee00c0d6fe6f9a63c1f4ed749b7a87c2d157
SHA512c211e485cb999fc8e0917f637b0d9c2fe12c804893cb77ddbeb3d3b60b0ba08e788fb4f33692f8f99b29219771608b45a285466f8d817df33bd32606f425331e
-
Filesize
342B
MD59cc7ce7386c04bd55c4968a763b475e1
SHA1197689cbe4227b5ff70edd3c7597f4433443eea7
SHA2567c08d4bd7316be17b3e88f46571ffbcce07da1693a494277547e8f454f22f22f
SHA512046d5b8c4f75c8c3e35cd31256f489309320e24e6ce21f91cf99d5380a71ca127a63e238f8bdee92b12556a971b422da937a1e7bcd821000cba13dc851cac9fc
-
Filesize
242B
MD5e73a124b3c9dc9ef0dccace169602466
SHA1c0982ffe902c37d3b1b7a8db7f5b8b52ffa91bff
SHA25673437daad8b3ac1bbb763937810e9b7526c3defc10a8c1759d96d1283652b148
SHA5127ee4a14db00dba660b770d721645f5a7ff0accc24936b80e703156b0460f6a83df8986c52bc8c8787b9ab6870c87ea62eb1c269048536be0dcfbc9088a8de6b1
-
Filesize
242B
MD590e1b26a763426119c7f634a3cf52822
SHA1d63faf252fbdab123490b62a1c930672c5c1a33e
SHA25645a40dbac59ebd8df0e95691e95e4b8cd8a95656c66a7d9fd96a0f4154b05f6d
SHA512f3c088ebb29184137d050d3b3a487b56f8237b579bbc0d3c6c05f5b895b9cb7a98629a68d363c0d4d0e3be5b57347d56838597792c41a1e074815cb4802a2bb1
-
Filesize
24KB
MD5b1103c039805e52284f67b5219cf5d60
SHA152b2e5846017d88dab865bde39c775f30b65676e
SHA25628d5d3cc6397ea9471d219e8aa2eb4da0ef392448f7a9c04c12b2f7c7a980da2
SHA512c59123733ccfd9382ca2b960f0527ebd1bb2272e6ea908dbcfb717caa1087e7a0517f90e82656ba19662cd7cfe0f9b422fa761727a63fc8973abbb76fba35d24
-
Filesize
1.4MB
MD56f2697b21dfb2b0a876a9097229581a6
SHA186620def3962d855aa56505a849d1466ebcc2c79
SHA256ac07636c7da69ee8d2253f2161bf83aafce78a29c3bc63b697effa07725a2185
SHA512b65c9992b5f01cacd2028e642ece3beae7e844d1906cbda50fe7341055836290c1a2e6d8de9045a0e07e50fa4599c96cd021706146854026f5eedb30a6fc4578
-
Filesize
23KB
MD5ec2c34cadd4b5f4594415127380a85e6
SHA1e7e129270da0153510ef04a148d08702b980b679
SHA256128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7
SHA512c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c
-
Filesize
1.1MB
MD53f954c62bf00e87d8efe0f7744b8d279
SHA1ab84ec89ccf53815db2b6391fe22212d552f3c1c
SHA25622321f9adc27dd932c2f6e37e56776c9184b472ea3361c795d32cc47315e955a
SHA51296a0a625ad4a4a2d437cc08459de22ff70531933c89fd1c3407aa8d9d0c39f5c77378216e3153c53a5b5f5f91eeeb75b77bab4403f52c9888c1f5b84cd4bcbef
-
Filesize
13.0MB
MD59038f52f2d236b0d37c6e8472ad2d8cc
SHA15a3dece78777381e48c5b71cd66249e237877536
SHA256ca39a5026f8c6c27671c2de53e1871cad066acd539388400bb4465db65faf507
SHA5120aea9e989365d31b86a2fcbca237d9f4066320c9713fd0f577f9837a50c932c3b2961e27f486c66c1c6863c8e54343ea9684c2ead8feda6b39be48e6bc574346
-
Filesize
8KB
MD5a27495b884408cc0896f6f7c4499023c
SHA19ef0aeae241a40d061ad8d05cc8564de5d7b5e74
SHA2567d3f8f0a3a85a6d0851e57beded112fcbac28f52f5f929800879c12a2dc46ccd
SHA51213a2df15cb1ac897782de1bb11ca5d47f67706ff2800d2eddad217f7febd66364cd399752a314da81ec3e1492ff6729aee10226bd3a6a43968c0b10ab8535362
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
28.5MB
-
Filesize
432KB
-
Filesize
28.5MB
-
Filesize
28.5MB
-
Filesize
712KB
-
Filesize
432KB
-
Filesize
4KB
-
Filesize
28.5MB
-
Filesize
28.5MB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
4KB