Overview

overview

10

Static

static

5

dab1dbeed0...18.exe

windows7-x64

10

dab1dbeed0...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    117s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09-12-2024 17:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dab1dbeed0f532bf082fa85a6d5ed72b_JaffaCakes118.exe

  • Size

    116KB

  • MD5

    dab1dbeed0f532bf082fa85a6d5ed72b

  • SHA1

    20c66b7817064240aec652224cda40e8f2fa6aee

  • SHA256

    0a924784d4554492b27911a4a3ff37feef6d2a89855d4b75ffdff8ec32970c67

  • SHA512

    7076f67e53569ec1d6aa62aa4cf737649b7db517e47ecf9818c1f940eb4c7a808b6904dd73a8f675fd96bf679067dd2b654cad8e50298654720d7238017dd1cd

  • SSDEEP

    1536:GOC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfBq:GwV4OgSzBmh04eZFkz3Rr0gwGj9Tf8R

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dab1dbeed0f532bf082fa85a6d5ed72b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dab1dbeed0f532bf082fa85a6d5ed72b_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1816
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1816 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2720
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1920
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1920 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    144e629201b98c1740396567fadde4e3

    SHA1

    bea629125e6d96b4a0b771efe3ed1193f115bb1e

    SHA256

    d4b8580a6e9a11de048de7daaa0ac9f94f391ae980bc32d0fe5a6dcb9e9b6c7e

    SHA512

    b4402625b89d99785799128809c1678b9efe06c1e982b138802059a200e817b2360cd5fc351d2f7dde015d172c561a4ec5ec848708cfeae75146a522f2a5576d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    54ef0ad6868b0533009cb3d7b0da8d85

    SHA1

    3f5fd9f72224d8ff596c74b617cb2809868f0bcd

    SHA256

    c636b7507a6d1e29072f86e13e86d32abd75b6c5b6d7408faf809e5cde09dcce

    SHA512

    4880a9c99b175f6aee3d783d908d8e446069cb6ecebb4f1ea18a8a894a54a0363ec36d01e6777814d768e447e4b9efea30a052a60eb44a01ac646ed80c40569a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d07b2aec0debe19b8936392ed6d68c1

    SHA1

    ae47558b3cca41245c27691274439901567f607a

    SHA256

    4423f8657f04930c4a046a680389cab52080fb48c44f64043171b07840c009b6

    SHA512

    ea9aa1933bcc648db33951f6cce57d8892efd2aff49fdabcd7c0754be76725ff4e87652465c2e49d44876ee056874d9f19e839097b7c509b03a81e816b7496b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    706865f8ea10cf939d817e33a34c4ff8

    SHA1

    d308b384b889896d8ca08bc12c50ff58dc37c16d

    SHA256

    c8878a7e674d19166f382de6ce9457d8f6a81f68c46837779ee86adbf096e23a

    SHA512

    0f60e04a120a48803f138e04934c193b322f2c2c001f9c2d1e870d855d27bfde88d70282f5a8df701ea07746c4ff2c362307954f5d260dc4718ccb14415565fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f9b940647e612e5dd86c58c1a3e2894e

    SHA1

    47f099e205240945fe3e5362247f29f4bd4fff48

    SHA256

    050bbff2fed85626cb122e8fcc141c9b9199210bc7f88787e7b8c424fe679617

    SHA512

    424609e87a53138e1aefa2d025f4f1dfcee03b22923cafe258bff5d069443c9500e45316ff722d67a4b4d60f635c1936a3e83534b222e1b20bc96e168de44ff3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4d0e46b78e45a0ddc94909408c63ea9d

    SHA1

    68e1d3244fb74a9e5e7209c9cfed34b4764f2740

    SHA256

    e8bf4451d1ef503ea737a998b333da8b9be4c65033b41e94b635fa939fd90d90

    SHA512

    a5afdab86267dcfe54d1753fbad2c685082d8632f120def780978d9275b55634ec5da10c26acab700b09898939cd91886bd7ae93bf3c979bce691cd9e111cbe7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    230c76cd77d0f6e4745d4ba48cc711e5

    SHA1

    9f751ab9919f62fd0fe89719f28c03158ce2f0bc

    SHA256

    fc71bcc8928ff69fa581ad90c73a084630cc63988b30597320bbe31190cef2d2

    SHA512

    fb136e75e34d0ce0a75b3206840a4033d966a567f8b92614af127ded213f1ece69ec7b373aec50e82707490b61805d736650fe8238d3a6ba46eaa776b85a855a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65cb3db5a5971b37eb75b6bd892d8c5d

    SHA1

    7c416fc70c021ccce8c70388db8a7a3c77e7c314

    SHA256

    b09869317b21f5934dce51180e912322204955052f14765af59141fa4f27da3a

    SHA512

    ac865ec702bcd0838a4657f8fd6080818978fc859aee0b16055102402c56636ec56fbe4d921bd645ee4e260729b6f53aa688568c54255431fb0bc954a346ea99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a697cc84f25e89a5745cde6f60cf8b83

    SHA1

    72a8738549719c72b7692aa68765ccce832f024b

    SHA256

    d9ba4a9ccd9f73649fcb91adeaf69e46add2b8425278239cae7e8c49c1741729

    SHA512

    7b0a698310f6b582feb9ec650ffd67d4ae166aaeca81f835a0fd4b896e03e5e3a68e5d6f2cb34d5670ce3d870d71852f163b364a139251a129232431b34842af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5102d3cf000151412d4aeb9f73aecc0

    SHA1

    e8bb4970d6752ac40bd92fb221bbfa0b31d773f4

    SHA256

    4078da0cbae27639c55c37dc6dd15dda57e45ce6da3276094f8646f09dca98e9

    SHA512

    bdc85b7119f2bdad30db156b8c1d6a6647de27e860a11166b70009b36f6ca9bbcc14f5b6dfc00f926861c4f15c9cae08dcff36d3265105970a5e90564212d7c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da891ec57bf5f235243fbb2504139186

    SHA1

    72e58b67e7e18bd18d6a6e5d1cbaa9e637242897

    SHA256

    f2465ed23ea447143c7258bb76eeb7b871f52cbb0281f758e292b64c7174555c

    SHA512

    d0865265b921ea8af027a6401aa4a3ed7cf3fa0d297009c8cc9fd11aaa8782c7954c12b5d4b801667c584bb8e71e80d241934e9f335f18652ed5ce5c923668a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    76692553195b6358f1bc67cfe9948128

    SHA1

    eafb1fb07e80185baa7b3ed6d831fc08a453a9c8

    SHA256

    ad929f71f3eebf0c6f8682a93c19ef732467efd54a4c5c5e4bbe1b25654c886f

    SHA512

    d1ce7aad726959bd70a17094116dbbc7c49287445b72fd3cfb3e32494c907d3b6cd1c9efaf1ae21360c61606a8b96cb8491eb0f3359e7fc62547ae6b390e1b96

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    207c7e53b812e36c129a20635598c1d8

    SHA1

    fd812c3455d1aee78e71e275f2f5c93d8bcba729

    SHA256

    78c30a2f76c0188987ee7d3e23cb514a5c61f6d33eda5b828966f7deb7d63971

    SHA512

    90d988e45beaecaa784ce0f67135241843cab1ea2f7a51ee2fd50447ddb0c83030681d433382dc517bb6b28f0ee3198782b9d7ba333a6af81fc3b62778b92799

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    240a7194d408dc63fb7825baa0e11523

    SHA1

    f912b25030dafe12dffc0fe02e1bd6c9705284fb

    SHA256

    21dc6676c30a65e77bde6f3c83b97667b4f3956400bc28ae8082d3013d910dc0

    SHA512

    0b1e0730d919566f1269302e079b32f74a1332ac0e5921c01fc9528905bd189067205c587fa6f65bb5e7df16af29e3e19fdd458d3d02c1c2ecac1e0919c34fb0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    04c3bee0d04c029fe1edca505348993a

    SHA1

    0b08d2f23d6d0801df18d3e4828f0f8461e0aa93

    SHA256

    80e1ecbf40c1d71d5000cf2faf6abe7fa183c224ea84b40aabf804b18994bd3d

    SHA512

    8c567860e2191e416c72d39c8ae5f5f63c1395e70ea8326217a6b8cdaa2be2df3f4b1f4cd799a279058a7e102c40b981d966fd7900fccf5596a11158bb94f19b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a87225f0a0441361438b94fe812f05a9

    SHA1

    85c133e7dbe1855fdb95a39d1bc86ed115c9ba15

    SHA256

    8b2b230eddde3d02454ea0d691eae87eefc01544980fbdb8f45dccbd4aea3c53

    SHA512

    669eb6eddc7eee1a0edb0de3c607d86438a29b1538322833347752a9b428d4e1c3c742c8ff795c58ccf0d4421ebb4a06c548ec687e286e648bdbd4fba4102210

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e69f9fd6a76b72980ab766c4c1c03b3

    SHA1

    1b445bb93b5ced18e18c9d29b857a819011237f4

    SHA256

    54bb7427e3d1cef256491a1aaf7a1196aba8d4a06551c7e4b4cf76a6b1847688

    SHA512

    be25ca3c516545d24f5f976a05f2ba2b323831a7af9dce817fadc16875541474cc9441aff3ea63828c1f48a32dcdcee41e688541261b4e0d754d7354ac92a09f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5306ec632996c373ebcfb0db2b1db118

    SHA1

    7e0867e03294a1217127e663108fb31f4325f225

    SHA256

    68828cdb4afda4e36eb456a77c25ad0081abbb6221b171f50dedc7a803990426

    SHA512

    57ee65d0647e51b5916d6327a91ebe8afb23759842e49fe166b6c6bef342007fa87687677e77cfcbf9c30e467f3d788878b57e7c59b07115bc19d4d00a47101b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ad3325d337d2de98c088d1ce3bb0578

    SHA1

    8d0743fce69b13e49dd4564983c7d15b8a3e8989

    SHA256

    d1e36cdd3713cd773719d102c6c414ce8c93ed55ad9f36f8f89acc27ce3476c7

    SHA512

    db967d81c8215de8e820fffdeb27e7ba294999e5b2898b353f815b224f0650d502de78d8dfef41b6f2722e4f187575a78a71df7c8b5510802f28aaeda4648815

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A2F0D0C1-B651-11EF-B33F-CE9644F3BBBD}.dat
    Filesize

    5KB

    MD5

    a791ac9b2ea8d5c5c7bce86c2b811e06

    SHA1

    266fcedf8302ef777fbd841218dbc8d1915f5b76

    SHA256

    6fc5e139b003232c96f3457eaa1e2cb3bfb796d8dd334dc7ba90504b3cfed1fe

    SHA512

    1c52b0b484aabd388a30dd76419e8e72a0b1c50580e0cdac315783cdd93cd0aaba98d93cdfb721a7bed60d170d27f2118551f2ed64253f3b35aa8b4142334c7e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF577.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF647.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1976-3-0x0000000000320000-0x0000000000321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1976-0-0x0000000000400000-0x000000000045E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/1976-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1976-2-0x0000000000400000-0x000000000045E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/1976-5-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1976-4-0x0000000000400000-0x000000000045E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/1976-6-0x0000000000400000-0x000000000045E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/1976-8-0x0000000000400000-0x000000000045E000-memory.dmp

    Filesize

    376KB

    Download