Overview

overview

10

Static

static

1

d65e05c9ce...8.html

windows7-x64

10

d65e05c9ce...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    131s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    08-12-2024 09:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d65e05c9ce7bb68681a0f95d8babfaec_JaffaCakes118.html

  • Size

    154KB

  • MD5

    d65e05c9ce7bb68681a0f95d8babfaec

  • SHA1

    45784f1c6ad57c879582d0efca73d5285e7d964c

  • SHA256

    c93a252914e5fda359f12033d2ab7573a9578b2613b6f50f095caa04d50708ce

  • SHA512

    052ceeff5fc094d6875a54f4467b60421d7fe6807a029fb59516d927dc4c37f5819f36124ce85f3dbc5745981a64aafd853b610e2543c919c4bc2c1f0a0285a6

  • SSDEEP

    1536:i2RTJKt+94eryLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:icJ9vryfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d65e05c9ce7bb68681a0f95d8babfaec_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2500
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2500 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2448
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2980
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1932
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1444
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2500 CREDAT:406544 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:636

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      46bf01b88825f8ccb0a80c4d9f705814

      SHA1

      732cee4da12044e10196f1c8a35f80cdfe3f0de3

      SHA256

      b0e5736d3c993cb35da04e8301101e28eee1ad82c12da7d4162e565e8e22b3b1

      SHA512

      2a79e2cbf9743e33d14495d1493ffea1ff9a5546003019b370335eb852f178606f7806f700c776fe6096a514749673fc5ae8ef8edc0f532fcdd3a87f93da3aaf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1a44c267ef64e8611ea62022395ed10b

      SHA1

      09dc6b633d7cb00beee0c7c6eefbf62c138906ea

      SHA256

      f595312dd5ca5cd0c8d3e442659ff449c794a70dd1b969c350188ebe9f649837

      SHA512

      de957788eba69dbec5b42825b5eee56f43eb47a3aae33a0077e80b1720b4f55392d8d4c9064af8f0f39be136689825b52a9a888061ddf7d6fff8ae2798758268

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      64f24bd03e2c8b39258ce7e94e8e4e3b

      SHA1

      666579707975610eeb2683111691947db52e1fba

      SHA256

      a751afa469b45fdc6d2da8d3dc832aef76bc2d9126ef2cde4b8fce3312afd70f

      SHA512

      6689a944bc3bea9d917b3b758cc6470cf02e85b52a3e77a8d499bcfc9c19869d0fefb9c2499501110daf380c03fe0f5cd6bb08e94a7023955481252e5062eb2b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      94058a55babc76fe66c1903497dc6de3

      SHA1

      8ef824327f8a4d028b913d60ff0d2cc899cefc25

      SHA256

      aac838ee54a4e6fd5e24a5bf15b73355a848946851868fa7bec5de0f4ff28cea

      SHA512

      c39ecf5e93fd0763bcd41d294b60edab4432571951c68cf6dfc836242d6dc0e97c5de13fd37b3c670967dabc75d5fb694afb4a06b76f106dcc0ed1ed225e5479

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      81745c98723aad66fc9c73bfc9ad60f6

      SHA1

      ba2ba96680c6d0b7fe02488fb35736b12fb40b6d

      SHA256

      b38194ab10cb885a1d4c80982718637ca22af5cee46d169aaa99d2f2b5f9d9d3

      SHA512

      dacf19ccf852dc921315bc115e1106f16fe1c3fec795d3aa9267aa3869626d39c6adf6bfcd91e39bd90b35bb52aa24a60f4d49021d049041ed4d8860b1d3eaff

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b936b32288385bcd7a0730a3c2fb7f34

      SHA1

      8586906c45a25b37a94fed2237b42d6178f64c2f

      SHA256

      b9ea280e02b0fe0ef988b76db16a7f81daa96b281a3168baa8e3f9210b44d76e

      SHA512

      86b868c967babac1823358689595851a8fbb67651a5aa146db725ccc1eb6cea016d9b1bed3d9472bd4287f6a8720480bbf8654835bcad1b8c80e8a1b3bf2b197

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e2ba72a885df1591bd52d8dc8e53beeb

      SHA1

      c032600d73d514319846ef29d63756aaeeeb7c3b

      SHA256

      924cf2c051b60541c67d08b621620b3939110a1e991ece1b3e587c53b32a117b

      SHA512

      1aff5504d3ad6e314403c6fa78e1ad1ba44bb989d3375e88a5ace9a35d22c0f58989f9a1810004e1c95d308508a8ed44bd078fd1aaaa6d42db7e8e5a60c3675e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6804e690658641c9ccae7747ab904750

      SHA1

      ec0da0508c6b927c5fb19b2c12211df82cfbf867

      SHA256

      66246877f85d6129aba15bee811a66583074f0e88a9c26fd8a298579362252de

      SHA512

      75e237b416cfab04940ca5006e79cf195e7bbe3627698b1f98dd0a545f3f54a09a024327500c376c633b0fc777e965cee294e8d2444414fa8dcaae9c78590794

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3bf9d6c375a2a5c005e65b932d010b11

      SHA1

      41128d626a6732be629d32ed674046fb4e7b8acf

      SHA256

      8ca044c4c886e53c45d53da676089ab8b2d356b3f6fec8090623199e1a1c014d

      SHA512

      85ce9241a1e8d2b509ad5a44b535f1bfbb479f16e2744f489e1c56a67f205b5692c4c0dde8848556b90f58f58a4e4016103cce7bc3cedbe2f229aed0f1c41ac6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fc87bbf60b655cc8a155f6e744f8b47c

      SHA1

      814414f6bbc52f4205212eb7d1934b812f5600c7

      SHA256

      4b363b7c82bdecc833c4c771fccc27d401c2f61f02ae1dcede273c135f82dc9a

      SHA512

      6299656dc26139e213042ff8756f312a4a42804a66f6e058e86a06c1d4cd9453f3a593d082eaac430cf86ea2dc0741400e47d1b159a03726f303501f1234ffc9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ab11a5f7b501b8de4ad57e65dd8b799e

      SHA1

      719e30dcd6b83fe4648b51074422da9573240de5

      SHA256

      b6c8be788fced1f192b6cd31caec3a64ffb38eac46278e15d75dd29b7c347d76

      SHA512

      7abb0ac03c1bfebe7b53602e001098dd07444b9d31d0a3adb65d4769965a2b58027b71a6d80784fa53e20ed59d979835009b64949556724f2a64a79c8602377d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2d1e04ae9b64ba83bf25857a1248d7de

      SHA1

      b06bd69ba0fa62bd183c92e0f4700ec747f24ee2

      SHA256

      90b688327f66e60a50bac431d6f96806c3942d76dd89c4277753df084d1df79a

      SHA512

      c3dc3a1eccd1c2d09be1a92464d461ac2e79941072aa304e483d0af354a1d639882b98fe2b5371b4113becde23643fe843fb8e1fd7357010944cbb1bac79863f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b29144ad2db25ee7ff065f846cf08224

      SHA1

      d9d9c106012a1bccfbb9ccc8fbafe1ee097e589e

      SHA256

      468af287fabb3d1c084929d36cce94cbbc49e23cccf62897b3505e2a44f3e3b7

      SHA512

      ba61e27b114137b833ac927cfb737cade30b0c0cfd601d44ebd2fa53bd330faf5721b5f3b972d9a65952ef5fdd10ad294ec8a6276fe48b687f81e2390e1ca011

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      691ae2b85db5c823bcc4668bd066265e

      SHA1

      dac18e83f631e280d961558fb467affac3a5aa69

      SHA256

      f8fd263d07788143392435905f7de3cb7a724353b382ee6fdd3f980cb5261cd9

      SHA512

      56d7c123aff456c7e862c2d67c834b0b3ee0264d8d8f376f4de7b5592e113568f03f2c68ebeddcc28e773e39eb80208468698f9d621c29525451dbab56fdf32a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      affffa44eb41e9407f0215ee8e21b8a8

      SHA1

      18095fe37c1a508840032bf17e3045a4679a88b3

      SHA256

      e3d5045c00b09c822abfff69c2a35df666091f412fc328617707cfc5569ceac7

      SHA512

      edf29f7d308676a4aae00e0b9e2a6d6b29fab15ac0c892188cd373fcfb32b0c6554a0bf5ff40a396f03929faf31e7a7e3b4ae82873a74868627d7bd700c1d73a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      badc96e20bfc9343e0635139f82ce733

      SHA1

      467ac19d9beadf5d0f9edf93bdbd0997d8bde41f

      SHA256

      2f036991757bf6a754c9331bb4a8f6fa10361a82b820688d6bef38f8d34d47e5

      SHA512

      24b0c30c94549a5d3e8f4cdd7556ce4ef4ad7ffcc84c3bd8b1503e874ea8ed952fc1f9bec0e3c3cb2115b5cdffd7d3756bdd7ce9b5517fd84cb3040d6a1b6fc6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8f9f6a9e18ede9a8bd26b7131b259765

      SHA1

      30a1a0b133559ed05b15e072116f6605c46ccbf7

      SHA256

      e19717345ecd496738d4e306cf69e55aae5676549276634a5a49a9680ea019ab

      SHA512

      5ee3e930353b844ab6c5cb07298f3e492b3a3e9308aacee90e916346cd5869c141dc98483f6c2c18101b1efe579a127ebd3b10959edf99233a1430b284e6a60f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      86eb4d2851bde19d7791173e80f62eae

      SHA1

      a6330b934eaf3fc09508a480e5a5e814adfefec3

      SHA256

      3ca8fb8c56891d84e046f7ca4e021b0e2ff1d9037d2ea3628b66395444bfa966

      SHA512

      c456e6ea8792d9a4d406414cf5e7b296af3de5e5a62608239105a1e027347d9d8b024c137cee31065d3ab951279b45dce58f46f6b472d7319a48fc5a384e8da9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      54179db2a7824ee82eaa9eb47b5d644d

      SHA1

      1caeb2b5acedca173841ed38410e0b3fc4af1d4a

      SHA256

      e445144edf556da704a012cc09385402622f202ab36832a9d53537e655e4f658

      SHA512

      bb63b288bcc6ce6f853addd1e3328c8f0f847ff9c04f27e19efad7b5ad26aefe6e307d512a14caf3a2b74087fb040731f6026782688cd3ecba585aea00ded742

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6d9b7127ae618a8e5919670eace7a05a

      SHA1

      b5306716ed26608352db71659561a4299a97a2f7

      SHA256

      1bb18453fc551fad1cdc410b9ae3daccd8a2af9e79a2df7d0fd3be0c4430d22d

      SHA512

      0ca71d385db5258cc4a16664c55755ac0f9923d0a2b67adf9558ea2da64e832d2e649e6f76648de0288cf4c0180609b637fdb3d16b3d0ec277d181f471d855e4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab15B4.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar1625.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/1932-445-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1932-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1932-448-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2980-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2980-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2980-436-0x00000000003C0000-0x00000000003CF000-memory.dmp

      Filesize

      60KB

      Download