Overview

overview

10

Static

static

1

de40efffa2...8.html

windows7-x64

10

de40efffa2...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10-12-2024 19:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de40efffa26ac871b3973e2e40df0382_JaffaCakes118.html

  • Size

    154KB

  • MD5

    de40efffa26ac871b3973e2e40df0382

  • SHA1

    7bc5ad6e545b623dc3297dfa19e50fb74627b771

  • SHA256

    e47ef04175836ff8a46c7fc1b01a04975e533832e71c5fe3c58649f87cd236f7

  • SHA512

    750a8f6e4cd7a0085963cece6430df35ecd35d3617dc691b7a7931ab291768cdffdb3a05ae9c356c263f4ada9a1ff5ddbc91fd727ce44c917485937a5ab8b8e4

  • SSDEEP

    1536:STB1taPpvMZbZCnX3wOz+TOfDV4Jnl7QKRdw7ryCFyj+5OkMQr2CEu1cDi8C196g:Sgz6yfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\de40efffa26ac871b3973e2e40df0382_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2708 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2720
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2788
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2644
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2092
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2708 CREDAT:209935 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:980

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e610dbffed07bf79d582760fc275c5ec

      SHA1

      7a6f64c3357068044342110f60b35d6957f8eac0

      SHA256

      d1b147759e22ff08d4da03bbe372253e44c51c9d8768fea89a9b4b7d1c1e9035

      SHA512

      ff2576d0ce840fd5c8d85e5feae05681b50e16005533cd6cc970c91bdcc66a17d44c093455dbde57e8a802fc12d1f6893e43ac78b4388c59df8965d146c4bd1b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3e130fc43e47162a0c4bc99c4278c885

      SHA1

      1254b9c0e142e4f1ce3fa3910a1a46f7d6364c20

      SHA256

      8bbc513d2624a91b988cd71c08732d72f25baa6860b58bee356b4a468ff3f405

      SHA512

      ab6e64756dbb1cd62a61ec73b45f481e9c274a2d55dc02540dd9d59591f2e9784fb494d48ae3f345b0e0ce2482c632a8cbf4fefb8489e9eac8431e6bb1a6ca58

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9c434245628eed10d69fe80ff90acc90

      SHA1

      dbf646f061fc5831989a6e6e9cd6534ed28fa386

      SHA256

      9551a0114f34cd2a804b3b7e4fb7af17f1928abc91f5dfbc81377f8960f44560

      SHA512

      fd89e7e97b012a18cfc888f651eb8f83d8c95a7e79e4854582d2cfd9561540227d3e917d18e22e81c17a834ea7fc0206b2124c8550b902470716562b66f8bd23

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e648fa9fde417eba104dfac25d417cfe

      SHA1

      032b5c3f5f3acacc90a621c141d427a4ffd37e29

      SHA256

      8a654d70f7479198fba161d374feedcdd0ada5cddff9433de3e0bd88588ed5c7

      SHA512

      9e62b529120783386252336c527431861079ab253bbfa0772be2c103045ad92fb50ab48e5854b08f4907078897018f02692b5245daa89ef07af74eac1b7efc73

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      81b41a5b3a5a696bf1454061c15f0e12

      SHA1

      9854ab250c3846fdd3e0527f750d7fe89b7e7bd3

      SHA256

      0efe42c3274ce346e88626fc7360c65c756960d0416020bcbc030cec539c1ed1

      SHA512

      418ed607c24295593f6df8e1abd50bac0ec39f7defcadcc345fe3ac467503dabe5e654af552b8752359f0b3453672886e40a5bcf1c04af839f817f4306160352

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e0eea5fafc5886c888e3f7e31ea54997

      SHA1

      54cda7204ca00bbcbe9309993ab6a07332aa669e

      SHA256

      e7629a6c4378113f4815b641b8ebba5741b13875fd35c49db6ae665ec29a63cb

      SHA512

      91bc60a77ab729b4cdbc5895b535a44ba0ea3c61c00f5212b67f64f23f945ee2bf3ac566355537844db4cc627ffd85b4a265d37172fad94d1a26b1c2d2848e16

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8e28973298e1412d7bc7fdfc2efc9814

      SHA1

      b9cbd5a8095da93343e9e2b6116757155db6e4dd

      SHA256

      5e47456a80529d03057a12a93143cbe4b94a6109ff88e27ff4c155455ff3d13a

      SHA512

      1a27091d64bc8d8bf28ee79f2878e614ec090531ccdab16bd1a0daf808718306244435e44069e7f81c34da1fc60ed16812f322d5c318754dfaa13a6e1c7eebea

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d166f12a3e14427602946de57de768ed

      SHA1

      a43bb87caea9eb10c616386a8c3ca7f06900395e

      SHA256

      d6d27039167806d2a0076b0d88e0cc6b21f5a23201f30f290bb65e0f939b81d8

      SHA512

      69905af75209ae663221f1247cbb98150775ac13275238434cf93f213f3c31f0c0be1da35bce2468c6322c58ad121d0f4d1a28d2ece8349a6680673aa143d1a5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5057029ee2349db00a82971b15f3cf2e

      SHA1

      7c00ae98e358b4561b492c431cbb7875d9ee594e

      SHA256

      4b82877bc7e5c7f1192db28b7dcd62c863e23e2cba84e60b94e461155f45c633

      SHA512

      bf8526afa7bc6eba3c4a778833cb38f0b537b95f9419bb2006aed584037cc4408e2e008847d2d75d2aecf937ddcd0d965a851aa27e6affb1c108900cfefdd12d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      436730b23ad7afd47b0f1df2020a047d

      SHA1

      e1bfbb864546db482bc2f1848eb3f07e9c217cb5

      SHA256

      82a521ddf9b1cff431f438a0c687e070a7ce0ae523a20f6280a808e093fa188e

      SHA512

      c984e73c51455a394eaaf0d49091895b5c66de3be58fa84ef8c1a32e28e927a375e2f778f98601edca28ac99182334518eb61ed609c17aa9a086e3e5c207bbd4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      726fccf262a736a08b7467c77c83153d

      SHA1

      54bec7866d24a8788c8d2417a40fb4dce0fdebe6

      SHA256

      2c03523ab84a1a92129a060068b93fee2579a7ed3828fdfaaa93df458d8a7dfe

      SHA512

      4212c22906d43d81332d961ed675a1b77f47a7f602db659fff2b1d87d9b510c36ffe42779df22e25c21c680af56b49651fd8045a43ab91b561f23721aeb3843e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d4af88118cab7052c82a93254f12a3b8

      SHA1

      aa03e2ed42d481dc1cd41829b3945442720632ca

      SHA256

      5ab1123327952b80abdbeab9478e47552bf8693d5ce1275deecd9b3d5d1f6c56

      SHA512

      0dde05fd94dbd64ab4a4c563bad06a6edb2ea0144b602ff4d0d09f8901e39c3b4a7731932721b88a9135029b9dfcf56a9ff2229e60913d8c72e77ce9de26b298

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0208b9df8d60c7f023a5206015cb6075

      SHA1

      bd223fc0ad5946257241c820a9303129f9f14f6b

      SHA256

      ac1f7efef21667e4ef3c94c0b80c9715c14cd42293d6559fdc9b7a5c189eb2de

      SHA512

      5d354876f4d941d3331665a67942c7b385a87b217db0521664194c6a56c8d40e9bbe4b85702b420a351766f2fa26c6b2e323f821ebcbb6c9d7feb239df918024

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6363fb99eeef72412bd7c6c3deee7c98

      SHA1

      9e88d3e0e010e65ffce4a97257245e9c01fadf13

      SHA256

      b8c2d4e892cb123979249eb6425668687980082bed8d0d1f1f456b1ec52f4e10

      SHA512

      05aa92d4bf9c5a6cd3fa9df9ac7cde7555f1d8fde18f623d30f778c16de526fd3ce6a5af179cbcbabae1a485dca3e447c17b25c8bd33d2fe6b7b99e8e1d0751d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      72605729390ba5e9ff61eaa18a9bd8a6

      SHA1

      8bbc9cfbd7fbed19f69dc30fde3eb2b1fd644e57

      SHA256

      5b9703091dcd561663c37942ed5d65089955319c7c36cf75e851632183e3de77

      SHA512

      8dd7add3e37a3d9ad4b238c53bfac7237e9b6f3f34d6b7c36968eceadb6784b12e4a63ffd038d613851bbe2dde4b40fd8bdc5d94e701e01303d03384c0b2eaa3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d86dde9366462886932104cdca12c52a

      SHA1

      d1c8aab065807643a60be803e28b3257e241eb1c

      SHA256

      51c800bb028973a05092115f8fb8118849743045b9eb2a8856a8ca45aeb7d04b

      SHA512

      8d46d6cbb212f1553bad5520a08860c8c19b8464c4b5ec258dd12356f9b7bdd84405732f55a2d766da25926c97fcc4862c22fd821c7c67cda43759e52f15905b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a34c9207004720816e7837ad0484e11b

      SHA1

      54a18e4e8cbbfac14a393380039d24510bfb94dd

      SHA256

      faa585692e65ba1a20ffbe4071afebb597e36fe2e2098e68a80e618b091649da

      SHA512

      6fd9ea36706dea235e6e9c9a3f261c05e8a0736adc75140214642359ec92931a2a8bc2301fb3af4b094f35596eb35d8307f292bb7710bd01756023fb8ff72407

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3332349c505bd0601d24d6d33dc65b25

      SHA1

      13d09129a355caafa59ac69cdfeb5b6d976855b4

      SHA256

      2fcf9ed0335b5f764cea7593448770ca981984821d6ed468412fb11bb0f31254

      SHA512

      c7dc0cfad0ced9ccb40b5f6e33133c8487786b8627f3eb6b64138b73aa97b71452a43f14d218d27f3d2d252f84b7cc536ef24d754786409f4fb99494f8e19b8a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1c9deb99e22bee6e97af5c99b3210955

      SHA1

      1e68ef65172370847a890ffd9cd93239f6e1f3ac

      SHA256

      d07e835d4f94ab21dff13f49d6fb2a4eea6c63bc926b1b51836b51a36eb1422f

      SHA512

      96e83b902f76a07b1a0cb6d6d9504d1ebce3ae7bc01b1f122ab1ce88b84f77973e405f9fefcea90a2a70a6e5a6384a411a7317bd9b35ac19e0298e4d492c7853

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab82E.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar8AE.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2644-18-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2644-17-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2644-21-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2644-20-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2644-23-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2788-7-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2788-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2788-9-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2788-16-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download