Overview

overview

10

Static

static

1

d6cd8e671a...8.html

windows7-x64

10

d6cd8e671a...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    143s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    08-12-2024 11:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d6cd8e671a13fb06cb19c6d3d816d27f_JaffaCakes118.html

  • Size

    120KB

  • MD5

    d6cd8e671a13fb06cb19c6d3d816d27f

  • SHA1

    5eaab949aa5afeb8311a68d58f0e911905fcb49e

  • SHA256

    610325c96cffc00d183884a88b9ce181b875c3267c491195650304b1fface787

  • SHA512

    8aa01d5812319a5cb2b878b39642534790ac1e909d2b8a3ed1d03daf8a11e7208a82cacb8b6f983ac76a2b632ed6096b24007c4fe4646ffadc072eb65e1e0292

  • SSDEEP

    3072:S4+L1lde8yfkMY+BES09JXAnyrZalI+YQ:S4+L1ldehsMYod+X3oI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d6cd8e671a13fb06cb19c6d3d816d27f_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2400 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2592
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:484
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2900
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2840
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2400 CREDAT:209930 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:780

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0a046f7f2c8ff2c77809eec83cc21e81

      SHA1

      fd57d2d252c6cec3818e8a0647c428198daf799a

      SHA256

      b61b010c7207802164cab3f4102280bff07d2c597e8afda018074440dec76302

      SHA512

      b04ed3b2faf15290293b64c198eb39ae318f851836c056fb6570fa8b3efd0ccfbae799edab4566e3dd496e74a1d1763bca57b803a864fb3ae61d218c43750b33

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      deb575cb4c150f164a8c86a18c449fca

      SHA1

      4e0f58393034e7251cd33a43fa260f3872574303

      SHA256

      25d62c80eea942a4a665cc832f10734dcfcc158ac8f53f89eaa48a8ce7c476c0

      SHA512

      e542530564d7ede5a9b6f1c340434e627aa3d74b57ee3f88a4398cc07142430cbed8319be8b0548fbdff0c75f37f68fed5cb44bb5ee0104c57a3727976b55166

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e7248a05753105b25df49511f671fafd

      SHA1

      6b38a5e395f3f4d59405ae97127566ae3ab593c0

      SHA256

      d672e3f5583e9ad2a862406470e403c71d07b640452139179faafbd4ba2d38b9

      SHA512

      341fc2630b0c2b17b2d2e206e9c2ede19a460bcabe9f2c9df10a46e53232e9f39204053536925322ee87f9f4a4f41f74cf3cdf09b8a9bd2abc80e6b633b493d0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      78b6a70b37324f591e7d86933c4acfef

      SHA1

      c2a2a0a9fe3773c4c346b9955abfd230634dc6bd

      SHA256

      027410719defde89adc1338b8e61d6757fe292ca20375f7aef9c760616e22325

      SHA512

      c2802dc5cfcbd43b6ca62e55815f702651cb117b7bc80ca5947d4f42e9e70c29c516b081309388e222fdd629872c7b00a9fdfb0f014ccb0b246ee8d5536be939

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0c7e796558bd795f067e8b8b5ff10826

      SHA1

      037c86b446f13ca1151bd8d2771160798f328b81

      SHA256

      a6bc32913fbb32bed50fb2f733f922ec6866e45a6cc67d48eba0087d6fb265bd

      SHA512

      3f0b1f3d433a8a38f61694962f06f6fd3d1dc19919a5af2e3867c41f9fc44f8366c8b6c9481044407356f1b6801c84cc2c6ecf4d86592632ae016e736c75aab1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dea5bced430003c857ea9056d12c8a5e

      SHA1

      869d811eba9b25f21072d372018696fffefc0fd3

      SHA256

      a411810275f2316ef2d06d8f9819f41c40f95b30e2245b99cc63e611fc63995a

      SHA512

      481152d45bb4305a663c1ec08adb9af2f552caaaed4d67cf7810d13efeb10c8cb476d3442db149a36c542033543fa15127b05337220d35cc47c28ca00a6e876d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8acd3e2ec921e5b4a4ce5011f4f176fd

      SHA1

      1b46f9b4e9594e54478d81c7d6a8cae95c988152

      SHA256

      5ef624b92090c1588c2bf0a6262d4e47047a69323936cbdcbe36d64ecc20582d

      SHA512

      c9e99a140d58a50bfba1ebee732619943c84756505ddbf752322f43048340f76d312f0ad0c51d20a870649c223813d340965447d6df4f68de70cace780ff431d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0271d48dbd3b24ead3fa45779df0ab6a

      SHA1

      f5d4f14284a9b873391fe46a7c8b59f7e718f418

      SHA256

      dd7139528d612f8fbf7680146145803094aa40f4f816f4035df87e17194882c1

      SHA512

      ab9601878cf9b3f24084a96c70877fa18568f8e150232edd2db0fac02782f24fde44f8ede263e871e0d7b81145cb4bd96602100f0726dc4f50348081c802e6b5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b33f1f1aafa9b78f7c16828e918686fb

      SHA1

      0922b47b672899dc4465ccafaa7fa9e0f54d4c74

      SHA256

      6158293ecf167561e05e6699bad1e207d9294e1dba1119f128cd58c22960ede9

      SHA512

      ee329d8dac6896f3958866bd59b4ae7d7730bf1d208865ab1672fa795d58e6e6ae4ada10f470b94f512789313b425a24e5302e137c6408d4d00516603afb77be

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7b611d403e79486b7bdf58a3ee8a9e73

      SHA1

      a2d9d9b4d8cbbaf4f951c04441f0dee365b025e5

      SHA256

      ce8dd59d44910ac72a3f8f718a1bfd57af09d11d4fbf15982f7f7f4450e39875

      SHA512

      1512315860a593203c2d9ca110587c16db95ff5e0a6971aa49df8aceb206c3d117f8e7adf30cda9c4c0ff27cca66dd2e01f711b4ee943f89f13a1911ae2648c9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8397155716a53e24463eda831bfc3912

      SHA1

      78c61ec0988e6ee8d1f997f0970b08b19bb9c5ec

      SHA256

      10e94aa89d72611755821e98c3fc5c0fd8882dcfa4a10b75534c79710a5c4667

      SHA512

      85844b51d2c2e8788afaf53da31f8adc356a25338a194b52156121b716885f13ac942389dc4f2f24db7c87a160dd3d9abddc7996de50a31bb703298ac93ea307

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      35647432c9860ad580dcbcbc4178af27

      SHA1

      de876b2ed25186bf7a8af5c71166842ca76c4e2a

      SHA256

      ac5ed21ffd1779072a147a5bc275a743bbdfb7e0416be1b06a805908aa0235f0

      SHA512

      e0cc858f5e450fdbb82aa2206d219764f5ced9033ea5513122b80ebd68696dc62f46ecebeff3eedd171a8693c6536f3fdc9cc575ff468ca34f71812356c41aa9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2ee11f132f594e285e9a5070eea39489

      SHA1

      2c27d97ec6ff8797a2353705675d4c8dc64cd546

      SHA256

      830395c151cb3c8c5f499fea33bd0d1ee0d561fcd597d6d9fa038f204fc27d62

      SHA512

      9c8618cedb882b689d6ebe84944a4c358eece131b5e79d223301c2537b3d13fd37791c65735327b9883dff3012f708f6f096d1c4427ab3100bbd3fd6bada8811

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      589e616bd8ee4fdc01f039d14c58dd67

      SHA1

      f588bfc239cf2d20fc705e432a1c9431f42dcd6f

      SHA256

      5b852151350cee324a74d6be95cbc88e17690f25bacb62db6488064b2d96c342

      SHA512

      f668173ce8c7c0966c8695dbfb163be38800a69df5023cd0e13614acb99236f91e65e6f00692e3099701da2b5281eb82a0911957a1804546e27bd26f7a171b9d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      80589699a1e7768ebe0d98095c0f1ec1

      SHA1

      11f841abeaedf9e4d4d63063d4e71e988ad1ce1e

      SHA256

      b0a4d4e14463f504b3081e279eccaa63df8990c40581f4c9c0f7fbbc1d197257

      SHA512

      b5ef0a915b6eea3c606461533aeb449a107732f633ea6961a1fd9e38aabb55fd16d854a4bc18ed15cad6b0fed3a59d479b548095590fdfdc7ed1789d0df4a37b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3f4db3bdcd92886a7497c07a9c399c54

      SHA1

      5eb295e5d061947df7ad67083fa99961a75f010f

      SHA256

      ca9bd5c219e0c7a56899a7f5bc069b9fdebed8a9ff4bb8be8ad647772ffe52f7

      SHA512

      6ed3a0729af2cd3724f1914e3ba4960620a4077fba40860efe1e142ac8341a24c98e68f6f8826bd87d0a97ad60808fe5c432cd3fbd4882bc0c19a11897ee3a15

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      178784fc3d6182cb082c06d9ad4a3276

      SHA1

      444d7b5edb1ea4c6d00e59133883e094b0c12a47

      SHA256

      1a0d0ef07480b2eb41435d53612be1652451679de2584695dc33454d7400dfcb

      SHA512

      c362ff0f130725496f87ad24c31fd97c267bdb7630e2f260b7bb4300d5f8268855879acf882b63649f4ec548cf2564ff4bc3a77c22a8095d132a1926d035ddae

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabEA42.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarEB01.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/484-9-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/484-8-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2900-15-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2900-17-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2900-19-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download