Overview

overview

10

Static

static

7

RippleSpoofer.exe

windows7-x64

9

RippleSpoofer.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    03-12-2024 21:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RippleSpoofer.exe

  • Size

    15.6MB

  • MD5

    76ed914a265f60ff93751afe02cf35a4

  • SHA1

    4f8ea583e5999faaec38be4c66ff4849fcf715c6

  • SHA256

    51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b

  • SHA512

    83135f8b040b68cafb896c4624bd66be1ae98857907b9817701d46952d4be9aaf7ad1ab3754995363bb5192fa2c669c26f526cafc6c487b061c2edcceebde6ac

  • SSDEEP

    393216:QAiUmWQEnjaa4cqmAa4ICSSF1a0HPRV8gtFlSiZh5ZlZ:bhnGhMAXSmHXFA+

Score
9/10
discoveryevasionthemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 3 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe
    "C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/Qt5NMSgdzU
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2652
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2652 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2000

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    98e1350ccebbdf27be371e975a5db034

    SHA1

    175131186a8ebc72240c4b24df54008eee13defd

    SHA256

    09df15ea932fc31ab443250d29bab97ae2b2567a0abe2cabd7906c3fd9d1df5d

    SHA512

    3f55c6c5ff9c529652fee1fb8065d66975e2e5246b5ee50b37c4fc4ad36faa5fd019f82aa3c660b4a84707c47d9125a04cbaf48cbd8df8f46c965fe5c4a268c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    993c060ee7c76938474432f834978663

    SHA1

    a6fede088be08305569d39c519efd86547a88f51

    SHA256

    765559b4b48eecee29cbaf39ec12726e2e34c786bd952e60b3111d47df5c2d32

    SHA512

    8f68df6e91d9a6b82242cd62359e699076c22b9157efb9c6d9d2f621f126c44be404980ee9fd7641ae8dcfa8395ff5a183c5efcad688736047204361ddfedc93

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0272b1dcacd162b75472956e39a4e616

    SHA1

    4673b75f62559f86ccb6103b3cd38fcc760835a6

    SHA256

    370277dea1c9a049aa0a215a3dadd8d206b551b1d2f99a428790d02c8c4eedb1

    SHA512

    043ed3d56ee009f5c945f63061f1f6deb6c75a3cf6fa9391339e70d0d731d045fc7e16d98542ce77be14f6c80deb873e9a25518ab5c33e67cacb37ba1239598f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d99cbd1777e37ccd7c9f52e5043ddaf7

    SHA1

    f5f820737cb6e9d942fa0fa548ec19e2fdf52cae

    SHA256

    2f74f89f6aa4c88fc063b29cf9fbf6f4f5116326d9fc2282f1ba76215d4531d5

    SHA512

    b9d3c0b1d590586bfc2311efaf632c53c2b5dad2471053cae17faf21cec8212d63396f2e064ba2770d4fa72feb9d2dc89888f9b2a91e75bc1989a63cfa21cfb2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    70f4945cc42b41b41aaff672e0deb733

    SHA1

    fe20f6004f0080b2673734818ef2052b5c8fa648

    SHA256

    2551275d7a14c9a1529fa82b1ac23628048f49b135d7d934e32c94c58b8f6933

    SHA512

    e754c9c288e9d700068f3f48d3da2f2121bcc1dd50876e2f52c734ec7077d91e7789d7eea5106cd9526118db0c828702125659522a86e63159001e4bb8474e3f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    55bf9adac361049929ac20161213d2d7

    SHA1

    842fe75eff79024b427ced3d26c8c1d5bef5aa48

    SHA256

    7e1b06320b5af8edab8b053b3c499c5f22fe18a1da6f8b69b11f0d6635c9a516

    SHA512

    fc138816be0b563d074d5efd3d8dbbb73fd7332959fb5c97a47a62f6ccb8c305991b3ab719de634d1f89baa95b11f1730d3321df0d15cda908c0513e2f9e71a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36ef6fee3c3787d6c11f130f9aae198d

    SHA1

    ed40e8169d6cdced99ee2b07ddf0ded4c3a8a975

    SHA256

    f2325b1e310b05cdd216c4cff8816028725ad0b78aad7982425738bdc5f27d21

    SHA512

    9f311ec8d52cea474c67577684b43d6125a8eb36d09fbd111fb70c8fb66954d9e1696562198b23d2765b54e4b8020ba95d26980fb929578095f13a1207677e54

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    941e6d51612339f68246d9faa43d2bea

    SHA1

    140c525ca5c1c1b8e55b05492d387e7a5c1794f8

    SHA256

    72524c1d587eae86278726a988213fe23e3cebad15aa3a77c93266991546ac7d

    SHA512

    e2a7f4e9a1ff274749a80504597afc9982300d3cd02514f687f911425bd416195ac10d7bb26d8e13dcef7201d4be7e5b5249d93f84487a40af7213a7c30f9721

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7b29ac442999773e67d004658e5cd6b9

    SHA1

    53947d9fa93717af19cb2258ce87887d6ee8ef0a

    SHA256

    526dc7bebe50189736423ee32283895d754b0f2cbb4bde50f6546c4d7e466393

    SHA512

    38742c9a8a08216f46bcfaefe1388550dc1274a9fc7e6ff2121ebe35c93eac762d8c92455d1672377a966a7eab4aeb7ededdc4c968e40770cc99d68b860b4da9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3f3a626c3de2cd7f852addae5df7340b

    SHA1

    8855fad2db9ff9d17778bab3a462a8b714eff235

    SHA256

    a5c1bbd0997d4be1c5c8553b04cc6eca1225db1607028b38464f8fd31ef3a6de

    SHA512

    2fa4f461a72c081d672ff66c5c1485c1a08e8d4b570536814dfd4df727c3ceb8bf0dcf9c72190f376505bfc50d77a84e1a4bbafef62caf94eee9fed22adce1c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b8299484e360e693679d8473ee510e2

    SHA1

    891e4bd68f41dfad3d458767e091d49e38ed312b

    SHA256

    cf58f3c4093e3afa9800abdc3cb6bd026e83b9bc022601ecf7c48b22996fde10

    SHA512

    510cc4eea9bb54627835f7f7a2228bc1dc15d98c1df69645c8c2f9121af72ec92be0ef74091864f7e32488cc431ef8c39c84e51c7118721dde7a12571d6ac693

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce3d27fb61a6905944eda780b8303e95

    SHA1

    47147a48bd817e99b35376bc308940c484d823ca

    SHA256

    2b78228ead3378993d31633cb920d8ef8e6469deba7b556856bae85f25d82e4f

    SHA512

    6fa5a042a79ea48af8fba59da9ffbf44f0742b8cac3f0225e592653221adc2dc0856b8a3d32747d130b037dc70926d81bdcdb97aa1fdd6bfc57e170b6534a158

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    886bebd800e7ea6676b6a51f1cc0d20e

    SHA1

    2bc4f934f0ce9ff4702324f331dff039a3b6e518

    SHA256

    23d856b50ce501aa0a961ce8ce18599880722877f52b7dc86d3429526aec3d2b

    SHA512

    2d845931fa5926e3ea3a4d4275846ecaf8cfff00c9ec605edb05ec9c48dbc89906ac964f142989a0938d4edb4ed186d793c4e84b31e5d86503939ab5d3278f65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da7f1375a152e61cc2445e7515dc124b

    SHA1

    b2c4614e069c2a19ca3c176082a4a938cd343cdb

    SHA256

    66921fd7097ced7afddbbb9a4080e44a6cb6c36e7c91b042c7ac218fa9636ebb

    SHA512

    b9a42d26bfbcb4a6038d00b1abc788d092c48ec00bb2ba625304b87392e350146064d9449eb76b94ca459358420fffd6be4b8e5348bc5108662e3326c8df7a35

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4532d0acfa23e3b919fd37a7cf078070

    SHA1

    f90dab1e3e1887c022c38f88d08955a36c7fdcb8

    SHA256

    df8de2a32ccc9a8b271576d80f4eaebd207ce17870ac7e51f8a13d1dc681744d

    SHA512

    982218ab966a0da9ec3896a87ac80cd936207867e37c1d9ff54d18a45a2a17ea2f1fdf2fc6f44631b44204e2e0322334291560a0c9239d7431aec17cf030294d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11db878eeb21cb6333cb105cef9df769

    SHA1

    f6cf172448132165dc9e8662e4d03a5c42399eed

    SHA256

    93308fda688b980e2121a379760fcc4a0960fb467e7e1d2d786d407d1d8a1e9e

    SHA512

    c6345002d32ca6aa482e322972df2fdea96c6784c0b976e414f1825cba6e03a7ae929e3820d8546155eaf584fd252fcc9f63680fdebc14905da683b216f32d5a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    17decfa0ff0833861183fcb087c1ef26

    SHA1

    7c7a2ba65eea705f76207e860f7497e47da9c95f

    SHA256

    63c7dbeb0d84dd31668056afc5e9b27bbe158498ebef24eee9bd89d04f7a4aeb

    SHA512

    b9dc13034a003a6b23c51eb066ac184607b5a333688b0e6b822908d279bb7742857af18ee584153782420d5f8895ad90e93798337903d2dbadc7c94e47c1e40d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4cf2d71c1d6560a0ef7410f0d9ce206f

    SHA1

    197d112a7c486acf0f2e5ba8166cf79d73db6b59

    SHA256

    ab10c539768eff83c7e7d01d9ab4181b708515f507d67b6657eff13d2b325aba

    SHA512

    c6b4e073bc210f961074ca99962046f1cd33518bb309534a2963a1bffff37efb751ca43c2a5554f97efea0ac0f395247dafc5af574c45f7258c2679fa9e3975a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb09272b987857a927d8acc9bf27fa77

    SHA1

    fb668048f115ee3b5b4979b41e4d28836e0f3cf9

    SHA256

    8679bff295562db90ae35fb9707bdd98e0b67da7d42d55fd23927c8f438b80fa

    SHA512

    b0c1b48e7e8d7bfe3c504335039caec02ae4ea613fa6ff6a7905b4b8e05318519d31038c6b17c629b625f994719e40cb6a35336e968060b45d402d583f92dbbc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    9b787c50ae734fb2a347881bfca73dd3

    SHA1

    5e76e9c1a06c2f14cc9e51c4969e384f98a0b3f9

    SHA256

    2993ee42d913f335d6a646c7b83e17088f7ae851a44918661d52ca185f5e621e

    SHA512

    803ee1b97457680d91fad8f7273690fe633a2c0a506345f967609542d29f4628a9f74301e875b62addda9ab09454b5f70f202e4251e3094064aaacac12ad8704

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0qn8gcy\imagestore.dat
    Filesize

    24KB

    MD5

    0577b462f943840cca4b31f5e79b2156

    SHA1

    6da41d105c526e8d0d4c698a1f976a0940f93353

    SHA256

    11b9356ad0ad4456b9e72e976aa20befd21f528b1c814dd1bf44919a566c0bf0

    SHA512

    ff904e3d15cf368d7cdacd312d80b8960d99b2f9fcd54bf13afa54f3ae2492cf5064553c1b4586cd647e974131264d80c765bb4c4f4c7f3b8ab52a1009fe1c79

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\favicon[1].ico
    Filesize

    23KB

    MD5

    ec2c34cadd4b5f4594415127380a85e6

    SHA1

    e7e129270da0153510ef04a148d08702b980b679

    SHA256

    128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

    SHA512

    c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab936A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar937D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2252-0-0x00000000001F0000-0x0000000001E70000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2252-18-0x00000000001F0000-0x0000000001E70000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2252-16-0x000007FEFD110000-0x000007FEFD17C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2252-15-0x000007FEFD110000-0x000007FEFD17C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2252-14-0x000007FEFD110000-0x000007FEFD17C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2252-13-0x000007FEFD124000-0x000007FEFD125000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2252-12-0x00000000001F0000-0x0000000001E70000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2252-11-0x000000001D600000-0x000000001D6B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2252-10-0x000007FEFD110000-0x000007FEFD17C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2252-9-0x0000000002400000-0x0000000002401000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2252-7-0x00000000001F0000-0x0000000001E70000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2252-6-0x00000000001F0000-0x0000000001E70000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2252-4-0x000007FEFD110000-0x000007FEFD17C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2252-1-0x000007FEFD124000-0x000007FEFD125000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2252-3-0x000007FEFD110000-0x000007FEFD17C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2252-2-0x000007FEFD110000-0x000007FEFD17C000-memory.dmp

    Filesize

    432KB

    Download