Overview

overview

10

Static

static

5

db92102c14...18.exe

windows7-x64

10

db92102c14...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09-12-2024 21:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db92102c142a97620d0f02b3321d235b_JaffaCakes118.exe

  • Size

    106KB

  • MD5

    db92102c142a97620d0f02b3321d235b

  • SHA1

    84adf0da0cfa131b61a23cf26719b5d0c75702a9

  • SHA256

    12dc8f962b54cbf925146db55709c9ad8465e392aede3a5095f74e7ca6ade2a5

  • SHA512

    04bbb8ca5e5e63e85da4c4a9de8f46352cb9437005c0cae014da1d61c58916584a284fb7fba21b06f963de440362e150b6f2ef5d69143fd6a187c0712bf28d65

  • SSDEEP

    1536:AOC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfBb:AwV4OgSzBmh04eZFkz3Rr0gwGj9Tf8M

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\db92102c142a97620d0f02b3321d235b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\db92102c142a97620d0f02b3321d235b_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2072
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2656
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1592
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1592 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4997fabef929d465428533e289cc989e

    SHA1

    90bf89ba59ec176c7ff2e17261a0b848b2287b59

    SHA256

    36edaa2bb2d02352061a6608bbeedc776def8fdc7ae50e490fe763ef35101592

    SHA512

    04a91d6a55b59368e658ccedfc41ba45add135bf78eb9e6d6924e7bcadb1ed5e105edbe94bbd052b31bd6a400aa91095c8626a1cf9ebd70e11def7215f4456af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b967065e64596f4ddbaffe1bab38a577

    SHA1

    c4b58bcfa48c85de8b4c77fa35850de1571ddf91

    SHA256

    5d74eca5f58401f955de0eeee524dcaebb8f44b5a1cc7819f77e02a82def519a

    SHA512

    fd1e52e9b3b1413a1a0e026f55c703491fd0c0fcea4763999a34007c8f1b5acb48d39c87c4f64ee626cc62bad77b29d0b47ccb049c6fb43a0c0e9ff1741c6f28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db33a7bcb80fc79a7901c5d5372961d9

    SHA1

    3434fbe2b427632b02b7c6738cbbbd62d332a157

    SHA256

    86458ae0a39bb22a6787329cd12fcdcde44931d611e122719beccd35810c5cd5

    SHA512

    b3a76e5dfdc024b99df6af364e831b4bde88976e5b694b9258aa2daa09c841e9090a6c247aa05d610ac5df8959f03248f5375d0e8e418c3717f0a5f7511ce5c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    50c14a834db160f097ded75caad7350c

    SHA1

    fbb5ffe0dfca5d04a8a55b5118158935265b392a

    SHA256

    cdea3f9580da778e314fb92641891e7177ac1473db2b4fadc3bc32494e1f379b

    SHA512

    31b86c5ad62310d27d745a632561cc6084f1f702efd3202de92142405d2f6dde47ac745f1622d5929757ca68d9c252767a15b5f988bf7513461558d08f61562c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a239513014397ec9df4b09bdc71c613

    SHA1

    1cb7c44bb0e5c23996bee29366f245849645b499

    SHA256

    d85c4a1a66cd7c4916fa9064785f0107ad352118205f86ac0d4ca18a55324f7c

    SHA512

    9f1292b74fdfebff2afb860550e4f3f32b47bc6092b873ce7589cd2e1261eb6acd589e765d1b7615d15c658ccf97ac6f8fe5f191038d546e166626b53c459e70

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a51e081c3dfb155d1c1ca7e52f48d57

    SHA1

    08d5e713176f3408add579663546b7830ca21682

    SHA256

    d4c189516e526d78e4dd30b72e7b139fc40da966c9f2177446509199baf75c09

    SHA512

    396433236436bd5f11fb49362e9c07ce9888fee5df56a25d8700457f32125077639dc587885d6d5baed8fd17f29fdffda30b58b0dcd18a2e2c0d868435b6285b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d59a0dcae24551bffa23f88039f77240

    SHA1

    caa03b4b13ee146f2f00ae0801c043c98313f8c7

    SHA256

    909b759fe60410c8e21e3cc7112395bb55ba469e298375490e7d846c0334fce8

    SHA512

    826dc37242817e9edc5e6a2bde708657affbafd6140436e26c2ce50a084f5c7344298cb0f652f29d0ad63c1d1d01c887b8f3a8007e458893cfdebc63539183e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c538eeec77385678aeebfbcff2b11319

    SHA1

    16d2164d60718e336d2c0213de01b26827939721

    SHA256

    056487f729f7a8dab695da415276d591e2cab9b78c15556fc30c09d6c8424b59

    SHA512

    c2c2cc72b37ea52a233705f8d40088e6157babcfe5170118a94e4f6b782553015ba0db8782ed538303d5202543e1bc229df27e450789f89ed5c13eb930da4e45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    148fefd81e937cf3956bd297c0f12397

    SHA1

    fdcd7b339b7f469e99509c1e00fbec041a1f39e1

    SHA256

    0c920ac224a5d61ca10f84fc7c1a2a6770b470917bce77c3751a8b6b232554fd

    SHA512

    1a2b80b557f99b6b28e5a265a1e4aec00efe4140a0d71babe00ee10763b74309429055ba5b32b7b3d3d3464f05282fa6e5c9ac122b502a32fef50824d9ffb506

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af259f73863b2f835a5619b39bd77a78

    SHA1

    90f70f5b63d30bdb9ae308620566f71f90149114

    SHA256

    e231d0d997ef230033cc3efdf6aca727d90d1c608cf15cee4067a5372356b05b

    SHA512

    6a72c744e27628a5a09bd078bc2c54853fd528c3dff21bae1febbd1d8394b16f3b491926bce0744286e8b58a28d508541cab5561a8f9b8801f83ef52c65caae6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d6a47a933b950cbb1482857f8bf62364

    SHA1

    7fae01a7160a61c4f48e9baef1a71795391a90ba

    SHA256

    231f81b854d0a09f4dbee08796f70b70f95bf9005cf360c4c736af680c729e35

    SHA512

    37966c041729ee067feaa6ef12270c2f4c01af392f19c3addc6b86fc0f959a7dc3e7ecdea8e2d87b103b1537aaf0f28f2326623fefc187905424034ad3dc61c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    924019ee0676f7680ceba23dbbfd6291

    SHA1

    62b771d2561530843bd637c6a7a5a3d7db026aef

    SHA256

    8f860799f463e45c1bf5e0dcc0370986b9f214e5d2cbe7b67e386e3597af8289

    SHA512

    9a710936d6235d5217ea8ca861b33d4944abbf1d24a68ebfa113bd3791de349bcc40d5fce47c0b877e8f0b720d4dd659d4018371248e151e9b6c3d71c71f8def

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4bc0a47c78212f75c03a9ac4d003ff40

    SHA1

    4d094bba0215807e18d76fc39051c4cc5e6ce0f2

    SHA256

    be9e1d3bd7fdd342a9798272253ca3ece35aca39ee38e261568a8f67741cf799

    SHA512

    e93833925dd568736ad01ccabaf5d59b68759f3d3f1fdde8a37640fba6c5bb43543b20387d35b40b9f7092d9459abfcfc65b0c30ac04306e5565aa15272c7d0d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    280524838a27ac11eb000a224b191e30

    SHA1

    aae8e4e8da87d27e4b063a6c395b765f2a6ba66e

    SHA256

    69fdfaac984e294a58e73dded74fde0a3516953122a66e0994050ad596452d61

    SHA512

    4ac89e3e8e81cca362ca4571d18081f0fbcbdf2e4aa285d9cdc2b60bcfb8b0c7c48ec2185c93677db7d2ffc2ed21675f7f62b20e59e0810d1533ea9db807575f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4d8fcead34fc06f7baeef4b70b19c37f

    SHA1

    888f8b3342a7f0861506ce231d2009126c27941c

    SHA256

    f5b8a60fa25f1e9f91acf602995eda21e12354f1a8e6af6bb063cae409b4bb2b

    SHA512

    62c2436ebe1b9d97cfb4b079cdad3013e895366617d7dc0674c1babb7d500aa195050a7ca779a071da381005594ebb78820ed13f7e81d4d28cbb34c45a305d7b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e626aa08990d67372e121b47fc7fe57f

    SHA1

    1a4b3e7c4bc66531f756c0dfb439b8fa681eb20f

    SHA256

    44b891bed4a5144549cd649a9fe16aa2d656bb1f2bfd3b3ff07b6dedc426cb58

    SHA512

    62d388a5713a57734eb7d098007ca248bab51e8ae79d47e03109e65a116e984b3471eaba4895e02738fb4292f13b22701728934f02a09eaed6016d4ec08a084f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82481cd3599ee4257ad2e723338f54f3

    SHA1

    b75a298d43e29bfd1d3a5731bdb850a202139470

    SHA256

    3407c1423ef9b40efd033cfd443a6316382771526d6ed904d5538a577bb4887f

    SHA512

    ca95a01f463efe40e8540fda0a7d0e976b246b23d7cb2be4b4e9c04e5878fca855599d616efe5da8af342052c93786a787ef4bc26bc591d12ef3688ae40043a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    98af2b7573f207120c8e6c97327c9a10

    SHA1

    7d12732d872db3622f12a1ea8c7eabbe80559801

    SHA256

    62ef8bab1cbbe3dbaccfaa08294409db47c5c0ecc625fec1e1eca20fbd85d72d

    SHA512

    a9e8a7b3090c3c19825850bfb87249b9da22445c530056d0cbb84341badca4a3ec61e88c4b7ea262db5ba266521baf12d23ee934105a253a1989e90b79288a00

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BD839961-B672-11EF-B4B0-E62D5E492327}.dat
    Filesize

    3KB

    MD5

    1744a6ec6d37ecab80f6f06217473f6c

    SHA1

    17b9e69a38962ecbefd24c863974abd61961dfd0

    SHA256

    d30988bf9ccd796a2e41fc11ac4db66f01a2ebfe5d2ff0ca6172eee346e2e92c

    SHA512

    c83a026681558064fe91b5ba5f203390f8ca97311e834fcb8dd4c5bd70fa61592d85cfb36a682667332ae02d099899edcceede8a5d13b3bfbaffed506cdca380

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BD84D1E1-B672-11EF-B4B0-E62D5E492327}.dat
    Filesize

    5KB

    MD5

    f9fa052955687e94134fc689e7accc9a

    SHA1

    a0631d81973495f9b143192cddd7cf19b0ff1520

    SHA256

    f5c6352605c7c82ec448b733bbbaec530fdf67ad0516509883622009b3392397

    SHA512

    91cdc9acfe7c522400d249d99b1812efd3d0391a366835a76e6a562c6174e97104a6811c295e315c58eb9c8ccc206246f73f8d85190fd150f0888010ef4a3265

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabACC.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB9B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2384-1-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2384-0-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2384-2-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2384-4-0x0000000000200000-0x0000000000201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2384-5-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2384-3-0x00000000001F0000-0x00000000001F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2384-8-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download