Overview

overview

10

Static

static

4

d7ae97efcc...8.html

windows7-x64

10

d7ae97efcc...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    139s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    08-12-2024 15:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d7ae97efcc3514505f3b4d19e71f9309_JaffaCakes118.html

  • Size

    126KB

  • MD5

    d7ae97efcc3514505f3b4d19e71f9309

  • SHA1

    652c97c1e877cb20bf623b3e361be01cac5743ab

  • SHA256

    a519e723dfea4d3ed80a61ed074a2100094e9e79b82dbe2b5057dbc75df8429d

  • SHA512

    4edfb6b6df50772b72bb305c62f05a73449c76d7a822ad98573b65be55936da23bde25871bf486f291374c7dc17b1891e6bc9d4a18235f8c39a6eae3221ccec7

  • SSDEEP

    1536:SQbHvzTzM4ql6QpEyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3om:S4yfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d7ae97efcc3514505f3b4d19e71f9309_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2292 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1536
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2436
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2120
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1056
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2292 CREDAT:275471 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1772

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dab62690fb0c30de9d6990898312df37

      SHA1

      76273eb7680579909f347b55512cf8bf3d0d537b

      SHA256

      6f13cb6f9c371d3c034d2d59fee448bb69aa2fcb91733f33261aec5b305aa2f0

      SHA512

      e9c3b21c70eb11eb6f4c5837de60d4987fd8d38c8d16d60077059b27ee0e8aee50c926a49c7e9b54125494c8bf25a179ac75ab4513aeaa0de0c3485cbb62641d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1b97348aa8a8d81ec358da1974308bd2

      SHA1

      a336a0f6245020145820cfb595914f25f868ce37

      SHA256

      1158edd01dadbef0b42be5b573326803627e1b020938ca823b4322b33c036b0b

      SHA512

      073c6542499f8a6d8c762582ac135a6b504ba2d81b631ff26c28a9231ac66b20ec10d76ba480516dc82d87eeddf3fc62e30ab52b6b34ab7bcde4e3401054ff57

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      08a13376370de5d38293f2a685d40ffb

      SHA1

      bafa19af0efca5366d73330301982336cf1c3963

      SHA256

      3c95fb48b2d08edc7502dc5ef998815755e6fc5f79ba9b4aad95b2795f8cb269

      SHA512

      4c6d8c4a02fd319ff0c80dd088fe4ab99cc84a6ce77088a017d54edc51966ee98a7257f2ad53f243aee2c29ac21d95413e2fcb4ec161fc887f2f72c6fe0b8617

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3f48c53187c2e784fa4d28114ce4a66b

      SHA1

      a586c2b7c688beba47f69a3e764c0e53b3450534

      SHA256

      c8c88c397ba93598a9466512e7fe7d7e1a6cc434b01a928eda208b97baac812c

      SHA512

      00ee8989f5bbe100ef873a1407ffbf0904e2c114cbcf3ecddfe53d926a17ba7a3ff0fecd9b4dba792fea3b78f3b58486322467aa7eb740271a34c7f07a8e66a7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3d77a7022adda09578aae880916948b3

      SHA1

      b490b2ff371f50fbbf41156632d5f11b7644d074

      SHA256

      599b3cb0a9a6f51717811739e7b6d3ccfcad16ec0e4681f294f3339f1cf2034c

      SHA512

      f1cd47658b4c307f81a32b95b2fad1af8795b84e70f63f645bdfa77e5cb539e359326a57209be4fb7b58aa6fe1f2e7b8a5282039cd5dcc71dc4a228275c28ea1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      526198953cefefe255e393ca1f1eb9fc

      SHA1

      eeb790635a0b40b4b7761c296252cc1fb52a89ca

      SHA256

      f7d752b596827789b0b671b7f869312cba66afb9bb6171709f93188072eecf4f

      SHA512

      5abb885c219bad690e508b7cbc789629880ccee5ff21affbf717650c184f6d5ca74657521c3f78f934c704c63e4d8379daa5e8fe025a8c40c6324ac490218dc1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      333436038ba57e3ee43acb77a274a2e0

      SHA1

      c349abf52a9a9f3b44059248c45195903a3d9563

      SHA256

      b86fbaf0cdb46ffe496119dbf3e8b1d6502c0cbb7d42f9759c230f1d81e6b420

      SHA512

      e07b90e1dd2f2a17d7c079bf83ea899d31e4f7a5eae6d41af88a1801d101d3e35ab36dc940219f42638e54974bd274e6deec6da695aa1bca5be90364912fb1a9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9cd133cd68943d218cfa2dbf58246dd4

      SHA1

      9961d3c34122a642236636bb9aa52832e1e8858d

      SHA256

      30aeabb2340e248c993898ebf4976160123ca434d39e7a4402b01a1a6ca8a4f9

      SHA512

      cae3f77bc439c07e45c66fb08e3d36b7776881dd1bec64a05546d8d28c6a227a5b2c76510bd9ea2bd63c15c510657a4f05714784514237e7c2c99ed1845d4771

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9c71ed9c7378aa2e4ddfc7b431ef9cb9

      SHA1

      e33d2ec6bc95d51d139da41b7431e43d4eea2c70

      SHA256

      18136b9f33fd70d3f244836ed6f59ef3e887d490b7078e38090452db04301e73

      SHA512

      5276e860e7335f23e7c0bd509bdccc6ea1d964efaf63bc6c8c5c46be58d66897e9f9710f7142523ff770b056c347f19beecb92237ce91586038df77550fb4d48

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3c3ccf17331f3fde08d5e02b733eaad4

      SHA1

      1494e54eab297715fb9b643c98abcc8bdbfe39db

      SHA256

      6ea4e27d6fa67b086003cbe43a9080a856022240a67f94877deb8a720fe0a5fe

      SHA512

      fb5015c1068a055cc4ac2c6def6a48895afa5174f5ba87d6d678b8c737e7936b44c1fd4b07749232f7623e032a4771c21426be043fcd0933325c7ae70a6f500b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      72fcdbb0b552c12230fe687747d8fe7c

      SHA1

      2e7367808837a01609ba1a7ed9c3f0e1d38bc170

      SHA256

      9424548abdbb709b88a415de39c4305f938bf55336fa1d855702be4881acbe67

      SHA512

      2daf5ac843d0f0832f7dc208200a723d3452acd16bc40b37a414d25323b9346239c899d32fa0b2adab7572b2e250967f548fc3a0adf37dc5e35f4af945bbc016

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e49f0d6a8717660edff51c6f10f2d6ff

      SHA1

      9ea0d2819e276d22e7b003cdf0dbaa489468c3d0

      SHA256

      0d81aa2ad493651ab1b399ae23fc1cb1aeaf9b25e067be6ddd51f8386b83ac21

      SHA512

      532dcefcf718ffeca1ed40b4f80359b6dd09ea564070a80e56d23a0d9ba09b3381cade843550be68b56846b13aae430ddae3750ae59e7d0a73f37af6cfcbc99a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      73029e4339c6e55175a6c7f8c0bdfec1

      SHA1

      be6f8fb4b03c246b3c1b49c5ff1ecbea53c72d95

      SHA256

      d572e22af439f53a3a65aa978c1da9a9784177685e22ffca3731660c01f69aeb

      SHA512

      4461c478c897d91e645f53559f62d5ae436ad83236ea953362d42ac6a44971540edafd6af2b5aec5321a03d0f59c08a9b2a9d6178ec49ad59e9d21f27d97c5d9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6485cc434e84b10292d2c1884c4dd86d

      SHA1

      eb07d4d1c6df7c187891e144cab1f1cbfe8c387f

      SHA256

      fffee4586e55b6d593eb6f87db1f2a80ba38d14621109fe9744496705c0624e5

      SHA512

      ae296003643ecf08d31010701e1d6edb6c98d216884b6c142d33afc6a1812398ee815a67a2166ae2fb4431eb67a68c103a3e9b5d214f0e76f5f1b2b0534fff01

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      61f8c8f3017bf561bdc7a58cf384f596

      SHA1

      61ba86063f4d52eda3493392322a4b0165bfa82a

      SHA256

      de63905b1f68f760b576e73d4e6b86e95258ca7f44b3e037f0fcae1ff7d0453c

      SHA512

      d0ff82218def0315702853e85ae682f852c97b88ab325a5e748439d4d0fefdaa63034384e0947c063eec781f085e50a98143c858782f2a1fe9488285a1ca7e34

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6d1b42b6467f78445b66d6485945bc9a

      SHA1

      2df82b2d4fa8696288e077fcd72273a7a653823d

      SHA256

      2389d583e9c5cb027ec306bc5ffb046d5de27a97b23f0946f0d28368f8cf069c

      SHA512

      85159d7205726b0ccb961c033952d9c5c781d2d972ee0de2af39b8b781ca495483ca11e1dd1fdccb304c5c84690351d1bc6ce843209c4ab9667ee0323e4ee9ff

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      46389909f4d9f40894603f48c956540b

      SHA1

      d69bd6e093c8a5320c4c8c944d22bf6d6656508f

      SHA256

      c60c35e82ada91e411b3db5c8f32c8147410b7f49eacb18d9908f0b4347dfee7

      SHA512

      a7bd51c037c6b222874ebbe57c84ccfe466cd11a7d11f33b01ce321219ed803c2ca06d891a8cf0182e6a80d6095aa7b71ddd29ebeb7acd860994a7dab4bc18c6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      73fcbb82abb149cad59f7d1b5563f8ea

      SHA1

      d92b8050d0dab0da875613c0218d8e3209832190

      SHA256

      bf7b2709a55de3d48311083782d0b40acdec5c44e35d98e30cc318fc99636cbe

      SHA512

      62c81107ea94c353c904b260b4ea1a1f3f11c3fa5cb6ff141afed95b02cd172f073b897d5c22ae985dea666ade74cf7f7da83277fc37e08659592d8ae767bfcf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a1780b3c6f470e6efe0b8e0ae103b887

      SHA1

      997354f3b1fb79041ca137d434b963a40885ae1e

      SHA256

      125f47398453defe4d16f95f42e87124b430200244153d14deb14af3a1111d24

      SHA512

      3fcdf110dbdb75b3bc42ff7988569b00745ec8e1361adb7c7023211284b3b73fdc486d084f8387eb68fd90e9a356e3898ec559b0e230559d2aa13ab7b0b0144c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabD402.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarD4C2.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2120-444-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2120-446-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2120-447-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2120-450-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2120-448-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2436-436-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2436-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2436-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download