Overview

overview

10

Static

static

1

db001831e2...8.html

windows7-x64

10

db001831e2...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    132s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09-12-2024 18:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db001831e24f9df66c5987bbacfe5505_JaffaCakes118.html

  • Size

    155KB

  • MD5

    db001831e24f9df66c5987bbacfe5505

  • SHA1

    9d5493c4b2cbbc77bdd9cab6f0dd4777876ab818

  • SHA256

    a1f086c81c2f0ad017eb51d44a4644d3e48f1a001ff4ce988afc396ccdf15efb

  • SHA512

    bd8cffef14ff8e4ed3c5e1bef057437b57084bd0d47fe5d0bf3a34164eb7892597e2a67f66d999587015e8d64d34c54a1bd3fb57460de73e3ce867821206a60c

  • SSDEEP

    1536:ihRTAISThfBFdyV5cTyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXAZ:i3osV2TyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\db001831e24f9df66c5987bbacfe5505_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2184
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2404
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2256
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1492
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1920
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:2241542 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:632

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d10769c79c4570cffc72396214508ebd

      SHA1

      e403c25b95b5ed589ca16c4f7ab74dbbee806de2

      SHA256

      5ece96849a0c6c96769ed77abb80405a8e3063499b32dcfae15871da0145adc4

      SHA512

      9b8495069b050ee7b7e2aa646fbe17b40877ee5e04bead24e278c3b76e73098fc06ba54b795dfda37fb48388036e44ed28175540d44c51ab3d26d6ca68c317b0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ca503bfcc55798147ebb7324dfd38ab8

      SHA1

      ce2fddfe24e67a6a99016a039d5600c39a8f6515

      SHA256

      86b9ee090926123ee598f7b3c2fd7e2827f6eca1998b0b1f8d138b0c7f592e05

      SHA512

      6d0cff08b8fe2c4c064216c11b26f8dd88cc0ba6dabd8ded15febd6523b88464a291ae768aa6c0e57ea3878a17bece58be9cbc9e74ee20f4eed14ae09dc47849

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ff2e892383247e94bb52ad0e7cc17a55

      SHA1

      6248231f446cf17bcbca6080928586067fd6172b

      SHA256

      f4aa4ce96fad42010aa99189274a2c4f55a0ec0bb8339709009820a605978a7f

      SHA512

      fea62cab7759ad68c1ad66535735a927ef84e810ab3dc8aac8261db8d6ef5216a430bf43b7eb3d96dc9a876d1e09639cfa4e039e443acb21a86dc0a8885f4ced

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      81c37d6053eef9fb7cb9fc21d183182f

      SHA1

      030b00f299fcc39f2f901296283cc57997b4b8ac

      SHA256

      5ab486cdb942d762d5da28cf67c46ebb45513d645ed931eec1a3d805d2f92a1a

      SHA512

      373663e5b72da187798ffdbda65962fca179ea7522748a453ccddfd3b40780a8d7a8a7cb542f7d5d6309e21756a74f1514a6c58868d1187529ebb95fae4bca03

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      222a9733d3f1e744ed979c2d6ea1f6ae

      SHA1

      02ae9c8e6e8c173b99d1f4ee8fc507dc57bf38a4

      SHA256

      abc906a3e95bbbbf1f2d8b8848677e50dc58d1541e2358309b59ae9af0773841

      SHA512

      3dc25bb25626e95e68c0ce28005c192abdf418b8393b30ccd18c2c24f0a0e8e6039ff22b802cde0919aeba8ec9008b2eb7f5151ddf39c20cf875f374f5bbb774

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c8cf0c6275ad73b1ad87486fd10e72d9

      SHA1

      ea8c676134ab5fa0ef98ddeb0cd088c4b0f78e79

      SHA256

      0ac4ec475e979d4b2d9cf6897084f4395f2dd638112e7558b7643f854d143f99

      SHA512

      9e10c52c7f63692cf2c9007ee0ea7d10b6ca03510f83fefb5ab099ec59c9dea7f03c976a815eb1fc2eb32a0acc49284e676daa64c8e69151d3a5d83a880dcaf1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      88202a0060a9908a81344b7d8f0e7494

      SHA1

      7d9c84e63d5cd98e6dfeb83269f4280b1f97b50c

      SHA256

      91b2e732ad3cec8a0a066de7417c99e261f162a1ab11c8bf83dfe8e5d625df18

      SHA512

      4c7b6848590b244ea9f2322492030a77851b2bb020b04111408e05fa718d7f93e31205c58e4f2c5623d005727f71a1cedbc030eab7209e64e0ad370818a7c6f9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      352f45ab53fbb41e332bade9999b90b1

      SHA1

      263116dbecf2945d99d62531397a33a605ad0a22

      SHA256

      08a2c700b16cd66ec6c408a90dbf08fbfe801ca7a9ccdefe6397a61455ed6489

      SHA512

      490ed901eb9698501b07fe1bacb3c070c23b557199fc88eeb4fa9bffc69f5cac35d7486670a5d84706671399ce6883a0f4ddbf56d1f7c554eb1982b9923c1d2a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0192c67ebac232c3dc7ca6fb37765da8

      SHA1

      ede4c56e5501c16d713f08e1419ed2fb32c2f0c2

      SHA256

      6a516fd7c797022b16b1a801d2271328c3795949fe754753171cf80404ee9c50

      SHA512

      8642bc5654f48302d49180ff0bdf859224f96f7ce18c38c19b54ce0927214a44458037497ec5c7f4b1060e0ceb617e100420a31e00d15415a6a7f785624745f3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bca631e9dba4bd025f721f5ef868aae0

      SHA1

      ac7441d43365bdae5e765d05a1f17dc3341b0690

      SHA256

      c5cb27834251367aa896ae5c15ac9eac26097e8ee1a4de97218e0e9dab5d1734

      SHA512

      d87771790ddd14d2d90d120b782d9a593c9c33e598e83941ba175922ce19d5a6835ef108e93f76cac0dedfccf63fab7a44b59a7375f61857d9f334fd1d5a43b6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4782f5631389554b1376acdc5a61c16b

      SHA1

      d388b167e452d7fc075c5e58075dc7f80782a962

      SHA256

      b4c8aa66287ffcbd0b15030004e6819be3f2454254eebac089d07e55921c10c2

      SHA512

      02cfddf38dc42224dccb9049ec36d47ee5e1d7af2d65575b72a6ee7323070ad518fc977224a3a10935f029cb54fcfc4d5a1c75c23edac15518961927bdd00d21

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      12689b40dd66b59451b62b0eb03f3f38

      SHA1

      c2d82f2ae3df26b8b5109b0e71fb8f760f0bafd0

      SHA256

      1c87ca48bcd8557ae99ea16b46e21bc05a663286d25d468cb8553331813a8635

      SHA512

      1e7f32d3d61f29ef50d5a596bab03123cd5466ea9e5c2324720362fefaa03309ece9e4eef40caeb31136fa3bef6d16aee3de94a72777168172ca64006808b015

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      74a98f317ae8310a0393f888b8e804f4

      SHA1

      a3eb24b85930378d6937ea33734280bace41d595

      SHA256

      0a9be5751356b91b1ac69bcbe95287263c4764e040495d9c3e7bddb7f11f80ae

      SHA512

      024dd9e2c36b5227bc9d60b94b56ece8adb8b55735b3a8f9bb6d7c85f9e3d0761b8df4845d56b14a3040497958a6d54820a75403933f65c4687acfa6605b6e02

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1acf24091f10ddd808ec85e49754687e

      SHA1

      56f0c49a2e655463c45363a457c610c48139dd36

      SHA256

      b27de79b9297973029401f73faf00e6499379bc155fdd6d7491805eba241634d

      SHA512

      e8d3be5ce03b40966212b3fe40d2f84d0aa431e2e9e2a8cab028acbfaf0833afa954484fdf263a5c03194845527e5f4c29d78f253508af391fff362b06f7412a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a62b082a263cdc7ecb20486e6c45616d

      SHA1

      a9b4285585415a6417bb5093ec628da11db7fb49

      SHA256

      4915d0eb8907bf41f6da857c3260be5872627aa0e6bbf6d9beecfa5c9f5c14e8

      SHA512

      02ea1734e3c0f375596882057d80571977e4192ed7ac8830f59c25a00bb5297c83fdc40f36d987e3af4cefb176c14bdc522b999e2b804b4c032dce0ba6dca91f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3631ef69774410a8f5c2bee4bfb43dc7

      SHA1

      8d0d4983f8f907c72e6ed097faca925704a683f7

      SHA256

      6d568ce65b285509c80d655460a8c0e88a3272db34210a63d2e48f99bffb6648

      SHA512

      a8fcf73b7d6ac5aa873f4c18ddf06ab92da1889a790f8f789df79a65abe1a3697761f71e9dad2e9de7d60162638c41051818055a1531580b97507620e5695658

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      01de6814151e488655e80ab71fdcdaba

      SHA1

      b5665a79bd1db930347c4dbd539f6ffab6327241

      SHA256

      113b8a1424f6150a3bd2ae75321738330f660ec81f5988bdf20ab703748f4970

      SHA512

      d84db71482235a3fcedb57aa18aaa5bf7559bb644d2520a29f619f7c6569359e33bd066686afcd1c7bafd27423f6ab11753d5914d723540447883f37a126abaf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      01c0462334397b9d77afec88d880ac9c

      SHA1

      89bcaab0bf5044ea9dd915372634d966556d8161

      SHA256

      d2a48058e237cd9e912371226f3ee0628c8305e960f2dc95112d1038e17e6a0b

      SHA512

      ff42a55c358c367656b3956a68ed62cb409a4ccc0973e3ff94858ede7d06a6fc3cad07d13415a4d3c5ade786dee7de2fe0843e040c5cbd2f52663094dc0ff147

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      011f38b441507dfd3b2720b79aaa3275

      SHA1

      24f0c61000e8c9e4c72bee35f5b574d1ba3faa28

      SHA256

      d41b6b6f5d35765d2c505ab6fe65ed6c78f39859fdc0affe502c02f3b29c5642

      SHA512

      a9f57d57cda76acc85bceab52a6496cee66622be06728303ef1b6f812d346df8018017df20278a718da38d2a6ff4fa051480e8e4635ab7b50009336cf93669b6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab8D92.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar8E40.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/1492-447-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1492-445-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1492-449-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2256-441-0x0000000000430000-0x000000000045E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2256-435-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2256-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2256-438-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download