Overview

overview

10

Static

static

1

d7bad80e5e...8.html

windows7-x64

10

d7bad80e5e...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    134s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    08-12-2024 15:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d7bad80e5e97ff233c7acfc880f7ca41_JaffaCakes118.html

  • Size

    116KB

  • MD5

    d7bad80e5e97ff233c7acfc880f7ca41

  • SHA1

    c9c39582f0b2560fe892d43b5273e466a6601d0a

  • SHA256

    f7147ae3b7e090fe771e69740e5946e331a1a23e0c41bd3ba62ad385e7c8ca5e

  • SHA512

    da4f221ea4df61ed3cd1307c6e8839a16b33572e0813e1b6059e149b9db6d3a063f9ea08bb8299f1c9a4cd3351665d638fc9933e46e860cc284d9b0a3c17d8e8

  • SSDEEP

    1536:SnzwI2ByLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9w:SzqyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d7bad80e5e97ff233c7acfc880f7ca41_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1760
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1760 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2788
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2820
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:592
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2888
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1760 CREDAT:5911555 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2868

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bf2eefbcc98c4b8872278af2b5da503b

      SHA1

      35f3255f4b4e9e8d67a4c252063be341553cca4d

      SHA256

      20c9fdebc045bf61e53587f4d3ed816923be41071c4d8a4da2b0977f8b8921da

      SHA512

      da63a3099a698a14abe522039c8e9a7590b551cb4520f628f490f2028c25efd47d231237c7935f29754f7d8727f7cf252b40581bd6fe83f73f5468f74c043e3a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d43dd3f82669a5ee4629d9d5ed2bfa63

      SHA1

      017ab0f016a561c84c8b7b80922d7450815d700f

      SHA256

      d332d766663e4d6d0c28054862f44da4cb4cdb8b98e300f750a3f2740ddd3045

      SHA512

      7f4cc91a146833f9aa293192b6b7019bd2ad5a05faab3733cd8f756a4299ea0eef74621ec09294a900ca28af9e422286727c706609b28e44857442593e9eccd5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b24f3a22354a62abf46a5337fc7f2715

      SHA1

      2c3ff15de7c61f9fa4de3e164bcffddd7b68d866

      SHA256

      71eb50c4918195229171b4958abf082e8377d474276e77abd813ef6b8d07a4da

      SHA512

      abb8115b16e2a970f6c3879d9b5eabb58cd4431cf7933adb93e201b9ddd38c3c1ad3bde4823c9a5b4d4221bb20e939c6e66b44d71bddb68e3a9258fe6bdc601f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4cafb44f377e7ddcd31084ee82bf7568

      SHA1

      8a6a63b5ea2a8676448cabf5e9927f742c990ee7

      SHA256

      66b48fcc7c2c8656d208134dc612faa60b53015d14255044c9c230986c231c26

      SHA512

      88caabeed7da8d521a3c88a698e7b6bdfefb14582c7d759dd6dd18e2106ae47a4b2a13868d7411ea710b24400f9bec6c141aca2e284210723ea84a71ff5aa920

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6b934586efc7fd93498748fcdb42756c

      SHA1

      2469215e566446ffcb0eeda35525a13d23ebdbef

      SHA256

      3802f7f0f3c380900e11730a0318ce39eba76f76569d7976e32ca7ea2299e5d9

      SHA512

      b3a42c6d6ce6a1820abefe0886a4608c7f3a973325e724387442a9db165f28dc69ac45ba5e6a0a2c3e8bd0483b3e1a56c118e17a2e8fe4a9342f37d235552152

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7e6c3d522520951ee09ee959eefcb2dd

      SHA1

      9e1a4ccd3981b5651c440078f26f561cedac626d

      SHA256

      e3e9d56a0a65ab91c98986ff5c9ad76ca15b7809e3c643822416d3cd9c8c2421

      SHA512

      d94bac17006581e95f44a62fd39bb5d35e5dfe15ac67ce0d5185fa3b953091fbb43dc263a5c1d7c9253deeee5bb7bfb8e62c2e32bbdabca3deebe8a1496a692a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f9af71b5328437322dde0c34fe593fca

      SHA1

      13ba8947fa0cb802c3cc02a8916d022136aac728

      SHA256

      cd10cb127417ff72908409efb190fa494869fdfb83102cf86f89210ab8e9ed32

      SHA512

      7f4c7cb63a055456a4e56da97a5dd65a7e0d433bcb1391b348cb0371128e5f5b1f6f10c79971b89855388845d030f6f24251cb1ffb44bf830d41e5b786630a0a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      31021683fd78b51694f51874043e765f

      SHA1

      74f364ae665d44ffa1b6439e36dc59b986c1c21a

      SHA256

      bc6d727c9ab180b5498ba21852494cbd870c427922178ba93bba3407ea968f0c

      SHA512

      16963fb8e03623c04fdd5e9638919f9391eae7db84041c70625fa354b63fda988d99865068f6cc445e8ca98503d5282bc8962bf50d1cae23f26795610ae97519

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e5eddc963bdb9b1eae97fd756853db48

      SHA1

      36719dc06dfecbe9306f3642f7c60e8bf34035b9

      SHA256

      11deb46c74d51c78715a97efb827ddd06fd1b704f35845105fb4b613faac50ad

      SHA512

      a4fa483dae9fc8eefe6b8e55a5da0f2e703f31f18254fa5a08d1a9378a1756bc2a2f0e9c224f4f339922a179e55d47494cf9c1f4a7eef746c5d4a485dd68d9b6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabB403.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarB485.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/592-19-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/592-17-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2820-8-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2820-9-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2820-12-0x0000000000240000-0x000000000026E000-memory.dmp

      Filesize

      184KB

      Download