Overview

overview

10

Static

static

3

de5c3a8444...18.dll

windows7-x64

10

de5c3a8444...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10-12-2024 19:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de5c3a844441d66ec4943ec46d7e8190_JaffaCakes118.dll

  • Size

    472KB

  • MD5

    de5c3a844441d66ec4943ec46d7e8190

  • SHA1

    d3ef4f3d63dac3ee70b22eab1f13fb499baefbc3

  • SHA256

    58afca13bff0592c760dbfff3c1c78383a679c9bba5b38a7640fb63112f06d87

  • SHA512

    788e2fb21d2e4ce50d0037cffa70c51aae41cf80c11c81989eaa6476d2346072d8964f9d9e6cb7c9d5aef1b5688322d199ddb9c154816ec77ecb0c6a5c251ec0

  • SSDEEP

    6144:iecWnaNPpkXVJXGSo6CNx7pvPCIrnwm3Uh+COMqIIIo75e1ajIdRVb:iehnaNPpSVZmNxRCwnwm3W3OHIIf5bmd

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\de5c3a844441d66ec4943ec46d7e8190_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\de5c3a844441d66ec4943ec46d7e8190_JaffaCakes118.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1792
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:1944
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2056
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fa8c94eb1d7d005e65975febe40a1ac7

    SHA1

    181865bd618db22e031b366088552c1603bec99e

    SHA256

    b3fb76775c8f36a95048e15f042c3d9a34243595a7211310d0f615b43f8e6f12

    SHA512

    0eafb1a56aa22ca864f80e52ebefbd8a86a7698ed092b9af5d4caef3d704ff969ee59cde59a237e2b005744d662df22a21c26f70bc49fc0dbecbe05481005d4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4d6ecc99e3adf52fd6b1f9415f55a3f7

    SHA1

    10cca9b011dca9befa91ec13009ae7403fffe629

    SHA256

    130e9e45e6320a3389d85776f496be32180769809751830ac1dc760f35ea5d59

    SHA512

    138f7d5380344e8729a05c1672a4ca0bb6400f6f240c8a70a620743d448a4d8e413725a24a96d90c2fd02fa6846cf43e872c71ed6ca8045d825a4a4022b1abf0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    632c182bd4a9809bbc790fdfd3aec225

    SHA1

    a097b08bdb9f8471f9dafb0dd45c5273713b4751

    SHA256

    32b25457d5423ab03f2f520186354101ad18e34300e29758712a26b2e969f608

    SHA512

    4b27cb9d70c132d319b3f2348076f2f7961aced526c81345bcc0ece1b223e2cd40adbffd8fd4a8f2eceee7ccac9c8193f2bf3d14feced011b2f4bc5729d9fd60

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4e83d3d19e4d67d2cc7f8626c490074a

    SHA1

    9d0aec1032a555fafb2223ed4055c633e674efda

    SHA256

    21c8db81018d2add72afcc5db79a3ab10944ed42fbcb1314e92d7b2c91bd7621

    SHA512

    849121ae43894a116bf877016467880a80b00b83864df7b5fae0f5004f66d587b9ea02cb32b5f4fe05dddad6753ce5722df125a0af1c537e4cf5418f18847d09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fab88d28c988363915d4a6fe79aca596

    SHA1

    fe9adf6ac970533f67dc4563460462f8904e3364

    SHA256

    582ad1145e077ced5048dbcca9dc417a276848fea9ab45e636a8e18ca51e5539

    SHA512

    446cada2d3540e88cb6a257a068e39361828dad0cda37214dd01c980a17374f9025ea98b3bb388c74c2cd6273dff5f80c72f54229ba2e07a8d1a6b199160a9b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a0088c0a6f736ec8a44ae19516a8bf64

    SHA1

    f9b9a93c88e49d6fbfb70033be92f85c88a223c3

    SHA256

    4bd2294b56db9cf6fe8cf66e8e0bc2b38d702fb52917e2ff428aac62f770fcfc

    SHA512

    3ca6e484c8cf1c902476bc314f96542867bb6c0ced389cbccfda3595d89c94c69d3283011691738c814c56d353e8ff6c70daea8c82b728c0e7ac71188e683ce2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabEB6B.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarEB8D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    87KB

    MD5

    58da7ff3c598b41bbe4cb76d5666aaa8

    SHA1

    e0b965f7a4e4bbeede3d1d4a82beab1209b2f2f6

    SHA256

    885c8e15532b46d2203b50c67f593288968be6d5f7c79e19b637e0129a1f5987

    SHA512

    c05ead242fe60c4aea4a034748edc2329cc31ebcad7b9895d1d0cc8a01e2891d40cfd2adda733780c5ecec0abbad71d5a30e55659752ee7199dadc3332cf027b

    Download Submit

  • memory/1792-7-0x0000000010000000-0x0000000010078000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1792-9-0x0000000010000000-0x0000000010078000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1792-11-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1792-10-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1944-13-0x0000000000340000-0x0000000000341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1944-23-0x000000007765F000-0x0000000077660000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1944-22-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1944-15-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1944-17-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1944-18-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1944-20-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1944-19-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1944-16-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1944-14-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1944-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download