Overview

overview

10

Static

static

1

dd9020fe8c...8.html

windows7-x64

10

dd9020fe8c...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    10-12-2024 07:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dd9020fe8ccee32e5e672c0759c04748_JaffaCakes118.html

  • Size

    117KB

  • MD5

    dd9020fe8ccee32e5e672c0759c04748

  • SHA1

    465499bab6e3e102d7c6c14d926bf13ccb1d8eda

  • SHA256

    b38cb225e537ccd8125b1e2af4ee432761bb79da274f19134bab4a59ae1ad654

  • SHA512

    d9a2603604c8db4b4dafe5e7606fd8d654321edc431d9eb79726915e985be91978eab29e383d9c0f1f559a1b157117a67484fef18312bfde487035b67273ac56

  • SSDEEP

    1536:SSagyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGCW:SSVyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dd9020fe8ccee32e5e672c0759c04748_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2832
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2832 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2940
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2692
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1660
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1944
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2832 CREDAT:209930 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:448

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fe00c1f28c82322e173a76938034fab5

      SHA1

      b674ce209b25404a7ec09df05a18aad729dbd8ca

      SHA256

      95b27e419e64ed3a191540785d3c894549c149a114b98939270d68b251e9c75a

      SHA512

      b21d0f0946357c3b884500ece624290a3f5cca36657fca0f919cb2e3e102951802e4133ae130f031d866a603922a2492dca3855263918054a5527d96a1c87c74

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1aa11de1ed019c4b781bdade85c1580e

      SHA1

      2bfb443a2f02e315222e78f5307418f1ecf091a9

      SHA256

      eae3a50f1963e4d1ed31f4d1bb6d9d6bbeb3bd0a1aacb6723ee78bbff6b85fe4

      SHA512

      0817b6d768599e06b71bf8ca67c18f3f294212ae1ddf865da7cef26152d9b9330a0324c715a0985e2b4c93247d628b470e8d28b7fdd6006fac97d7ad6d19eee2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a26fe9dfb06309e1d0880ac9da53babb

      SHA1

      2be587f550a1119b9edaef80f0db2086925cb996

      SHA256

      c8f8f3c4e411d92c1db6f0d41b58f032665c41358d35869200709ad228028e0e

      SHA512

      5b341699a272042c149af75511a0b8766ee1a034550e1a0d460662f7423001899fb72a6b6622a3ec5afdcc67ef41c742f79d87af65914b8fd911bb640f12d8bb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      de117788abcea47978db992d999ba455

      SHA1

      c83ee8892267010064924835046bebef37e942d4

      SHA256

      16a16f6d68bd941a7c4f74ce2591bfb193075e2ab5d6f63790224709a175c0e3

      SHA512

      0819b9f563368fbe0696dd8cd79e3bb9afe5103d2ba7700337e272ebb0cf515bac01fc314acf6460e8df6a229e56363d9411f71d9a0df47cb111f8bc7b42c550

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6c5e39d0b547c76a35cee7bd6b4e1a56

      SHA1

      de932b7c2b22ab917430133bfa8e4601b1d27961

      SHA256

      efcc672ab4f5a63d5b1b51158bbce6836f7982f73ca30c262bc78a4f6db48aca

      SHA512

      f4c0c86ebc4e2a111c0f7fbfff488c5257d8db1dd9ef0267ba3a012b459f87dec08a2bc8e70d2069ef8d6b7e99117c053ad2c94856d40a4045b0841e7eee1592

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dacd65aa5ed14d4a2f808f0459d91125

      SHA1

      6fdd784eac170225d5447dd7437a096cd0e32804

      SHA256

      496fcde99dd7176491639b932f81d6a5b510bca9a8c16a051ffb065d758e48ff

      SHA512

      940fb31d03538bb822dcc309f93d5bf3f3c23095a4c6017365fd5c0e6d99c966995ed7e19b483b7f1b7c44830fe5c94b47e4777fa9e583049ee998fe12645d62

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5449df9cc1052cf675da4b846db166f1

      SHA1

      47f9d56624f12c112d78cb4642c009249c2fa0e6

      SHA256

      41ef8bd222b6ef8b5f4508b6d1f59fb0ecfcd36881a8c5497fb891f052b9d640

      SHA512

      2869ba143a180e7adacd40fff312370b8221a26cbca49dad0c9eb40ae75e52dbc6399d8805a8a9c7fc3e912a1c369a14f0acaae4a4e08208c1f215fca840a14c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c0b03a7bf367d841a8b09ed221380050

      SHA1

      451f9d197e82b6ae2b8803770ef99b3ddcf89fc2

      SHA256

      7ad2e8a89ea71074f19e01a2e976c9b6d8b39f78256d7e8de35e1b721ea2074f

      SHA512

      edb1e941a90a21cd8b44d94cb98ad261e895ac3f5d14e3103153e297bc26ea953159cb27f106f769684c7f6f2373097b6fb832ef9279ae050292affdfca9cd75

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8b6b11c9564bca8982d9d2e43abbc173

      SHA1

      2bdcbe746474c6fa146206133dab1026fae520b5

      SHA256

      34eb826276e3eb84bcde4a414d8e2072235e5c401e412ab1dd004c742e152199

      SHA512

      5ae2ca154bbe74eacec5ff3e2ee377f0fb1951196e3b88153f6cfb0a55282ce4dc24780caeeea61576c1414c9a01a1857878d4acd888df1b229e6052357a38b2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6c455c7f5c431a8a133c5dc1bac12259

      SHA1

      52cd4d03f3bfbcded070749ad80dfac2a9b8b6dd

      SHA256

      a237fa9257434d3b6635a93d7da07573fe2427be5ed8ab5fc65de1bdc37cde69

      SHA512

      49b9e53712117005c3e0636751af07e81f8193ebe5bc77bcb6a6f2d2cdca265b10cfb556746341f431b53fd8cb3e3531d8f168e523152299c3b3fd5c781b1d8e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      489b6f696af15df647327f8b55d94559

      SHA1

      8db4e0363a221b2c44b087feee3bc29f0b46e759

      SHA256

      49e394b231dc91a85135f77a4967065b5b4605eb49792922e532e7a3482595c9

      SHA512

      fd1ff3f800f21908ade97c9e2c02fa3c02480762c83a39dbbdf93c8de82d3873e318e33be3f44e2a68b591f82a40d7750a4bf556b8767310901ceda8e931faa6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      478fc8e07b782a414f35896c2d5ff201

      SHA1

      c24211aae7cb32f51e47364da37e15de3f211b84

      SHA256

      ab1c36b0e4c6846e9c0584b329807aad21c758ac01e7591d52990fac09871f7d

      SHA512

      eeeaa1985f80847fc5ecf5432686683503528f1e496f226d5a6b7fadb03da4dcedfcf36ea08b5498be191512d0066812d6a7a9c407a00ccce1175cc6ae0675a2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8249c5674bebcb72bd584e9e61ef4431

      SHA1

      99412dfacb7709c507cb7a550abc3456e4dfbe2b

      SHA256

      27a5a13647948be08620383c40def4040bb2d5c34bdb90e671bc315a16f8be79

      SHA512

      1e5437ffe11023c39fc1946d7f21a41ceef05a30cb39e049dd4cb25906e4b5850b4debf9ff7298c2cc5004de668006cf3cd015a6d68ff5ca804ca1fe967b2b3b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b95f3ed581026bfa3d0e03aae290adcd

      SHA1

      2fe827bdba5552085b86403e39dcc6dcc45b2fa6

      SHA256

      9554d09b2a8e5d1cf1ac31797543403d0c72dbd66a0872161f982edfeae59a2b

      SHA512

      4279077ca7595c04b292ab01338d31a958103fedf68e73939677f4c63aafa7e1cd4975396152f25b98bbb2954109fb1defcdc32f6744857e4cfc3316797286cc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      de4dcc4f117bb10dbb7584490252a45a

      SHA1

      d4d7e20764f3e50644abc40a32f06b2a7fd3b7f9

      SHA256

      6ec3dc6e1b12f65c4e0c995c987b0d3601252fd6afdaeb7a2ff9046c75d79e78

      SHA512

      36694000ac9be414faf73fe812a92ddb05b46508421632b0fc9db022c379f3ba5650e0f601ed769fad819e307bc0ca6db24dd8142b16eed1db4e3532ee82989b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      459e28fe4fea673c5c7462bf504802e5

      SHA1

      c0fe300e2a82b13793951be7344b35dfcf81bec4

      SHA256

      80e5e078d501e2886ce5bd09c5a8e3d2b40cef9b39c6e552423daf70c1e77def

      SHA512

      8992f92f3809001bf88047107753d2d7f99b56a8c0ab24eb5c1507686739c7d9c93575bd2c52a496618c7f459fe08be08e6d3a693b39318138eadafaef32b0f1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      87c8392330c2179b7ac61f88756c7bcc

      SHA1

      0744039cb918c602887b0bbfea88d19df0f1ef87

      SHA256

      971b1ff79c1ddcc490f8b9f0ef4d8bb4a4f4b09d7081fb59a0c491025f2ac787

      SHA512

      262099409ad1dbaed00a4ecdfb5a3612fc85d80906d05a4db5ae761e3780ae75f2f4d168c8c4006d23cafb886e06f4b98a4716c507bbf21a6e8eba437cf423cc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      122d05100e556577c5259524f4988ce4

      SHA1

      806ddc15ef1dce4c6e6ad7c1ce4592055b34bde8

      SHA256

      38f8110e81b170730f9935f0c91d2a7c46b91d1bd72265fc90152bd0d5832387

      SHA512

      cafb42b98032299e45fcdfad7ed0fb4a243b1e08bc36beecd7732a306703a5bfc6a78acce9a6e4b10e52ddbb8944dd7f0034815b2486d47cc1851eca6dae24a8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b3b93b41a8218576dd56559d6c431bf7

      SHA1

      cd6db8cb149bdf1c493999f41966d66402e6d597

      SHA256

      309ab1a5c9daf6f3f4b3f0e6b18d0e7d226c138c00b7d9f2a3af3dc2d4af93d0

      SHA512

      af616a2d27d4366846e939d64346b32dd11e30eeeba5599a619ad9d5994b5e734b8158e6774201d1aeba1d3a05d95e2d359d0c6982a686cddcaf0e84ab37da5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab7B69.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar7C19.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/1660-18-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1660-20-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2692-9-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2692-8-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2692-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2692-13-0x00000000001D0000-0x00000000001FE000-memory.dmp

      Filesize

      184KB

      Download