Overview

overview

10

Static

static

7

RippleSpoofer.exe

windows7-x64

9

RippleSpoofer.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11-12-2024 00:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RippleSpoofer.exe

  • Size

    15.6MB

  • MD5

    76ed914a265f60ff93751afe02cf35a4

  • SHA1

    4f8ea583e5999faaec38be4c66ff4849fcf715c6

  • SHA256

    51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b

  • SHA512

    83135f8b040b68cafb896c4624bd66be1ae98857907b9817701d46952d4be9aaf7ad1ab3754995363bb5192fa2c669c26f526cafc6c487b061c2edcceebde6ac

  • SSDEEP

    393216:QAiUmWQEnjaa4cqmAa4ICSSF1a0HPRV8gtFlSiZh5ZlZ:bhnGhMAXSmHXFA+

Score
9/10
discoveryevasionthemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 3 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe
    "C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/Qt5NMSgdzU
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2604
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    4397e311640677f5f5482e20fe0fa22c

    SHA1

    d6ad4b7bc4250e15d663e04e177ec804dc2730c7

    SHA256

    e6ab633a76ec71bae6bbe6757eaff001753821926b88fdd779f00a2230bdd4d7

    SHA512

    2c7a55f809aebd81d438e9c94a50b24ca6814e316fbaa561f9bc1db800ff410f224be6e424e328a14025d6793a508cf268148ff55ab87818e37beec9ccb1483e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ea93e8fb157ead92b111864291c07d1

    SHA1

    1692ce445cdc2b5290d9d397fdd0e6849034c4ab

    SHA256

    881cc6def78dd0cacdb279e493f8c4a95b4a7d6e26ab28c06106c331ab6d6a39

    SHA512

    460e4e6216fe2044bae2b8e8ed545e1ebb2777f06eddeb56971dc9a0ce7f19bb8f5586e5a3d13ccd09a8e6fd383f67c308e8a548638abe254998f48dda53aeac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5a62d1bf044e36656696fc2a4f62133

    SHA1

    19161a6238678ddb3257768edab2b572feda2915

    SHA256

    0f788831224fd4c9b6e14be3efd01dee2c12456142374b837e9eaec8c5df8187

    SHA512

    6442cf4a6da2fc0e767b54f8dfacf59dee814c63c9985c05e2c533f63d4764880cc7113feaa24ce1c5bea8ee6e87e057854f747b7f1d4b4dc3badb0cf2a895de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5af8200d017f202d369d3aa3abbdb4ca

    SHA1

    60dcb320aac12c7fb174257328abb76a083de78a

    SHA256

    d5eb3fc2c61649c38dbf105e83254aaf3b3cbe0b27ef1d1273212664fcc058a3

    SHA512

    f82d33c0694ccbbe7a3eb355f8480853dfab00878829bfb2b0b771d0dd2c234f25bc4df4ad5f956781cd694b30de3425fc965f3000c672c69cd41b97a1c30b99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dfd5e6193a7aa799bb98078879296cb5

    SHA1

    5ec0848bae5328dad1207ca1fb48d654a12b7bbf

    SHA256

    20557bf24c40b303f012fc2fb240d375a992b9e9d16665fc0e779c1a6e76015a

    SHA512

    dacc2f35fa17ffe3a625a710134c09808ecd4ca38a6f438af83efc5a71134c910d23daadb0d09c51fd9fdc97fb32c10d8f58823a5d0905720c9973f31a8079ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f851519d3f722d071914b92cf64a4c8

    SHA1

    087ef0549f08913867a7313b4f6a7e324b5640c3

    SHA256

    f095cdd4727aa1476e61495600b45e6034fcf4f885be47585c600d1df26b4d85

    SHA512

    e0bfb983cdf13f31aaa6ae08e88962d988bebd40e80fac1b74d1c1c5ca92d8db152f777dbb54ae505b0500e39f3218c18b28c75633446cf51ffb0e3b4f1da9a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    90b308ba89c4afe6ad01323257dbb376

    SHA1

    152b75f38bf51846b86eaa932414d56806647d26

    SHA256

    f838e82962de99bc0b22e877ed1308fed3ab7c38d2bed8727160cb024c32dc50

    SHA512

    df47f75d63a886e26a660f40e6a73430d273617a04c7b2438f44a5e67e31c63c7c88e5c86deb70cada216599c500286a01f29fb4c65d43a5e1ab8d3012cad201

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b200f429d33fc4a6e2f487ce4b619555

    SHA1

    f33a82218760a7c831c0c99cabf558d92e3885d5

    SHA256

    ccdc3e008562b804220c436b3283f70b18da28009fe6e9f24330d3780a1fa0eb

    SHA512

    eea83730e05630913d02c8adc0e961085f2235c94e70b584c76830225b4e9a7ac7c767af52bcc5ea4d43102e39e50142f0631797b5b8bde0066e762d8b8d4046

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f7e581e3dbd0d3f782da58b32bae83bb

    SHA1

    be8fde1446e6675b35afa2be28789858a6e4b458

    SHA256

    f745bdbb05ab4f8ed20e2fad1c15123a747b7ad5826b8450cf296f7a21f177b0

    SHA512

    993edbeff8d11dae29a1f558506fd192b5254cefc2b89755a303d533f9080d5b1abbe9c6249e6528edfe1b816a468686c1d9ebc5984114d2d14f1df41e0285e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    902a96752200a0df3f860cf6018a261f

    SHA1

    cbe6329885b99bf1904f28c83f625dd7b3bc1d63

    SHA256

    f697901abf045689464267c40bc32811223b53ffa477937ce00e35cabca1bd9e

    SHA512

    470044e5b81f6c92d38608d146024f1b61dcd03bdf7ad62804a94229e38b159dd2cce0d3ae82e12fa079c9685e2a308de2c3c046ebdce97adcfc41d9f825ecad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2be4f889201f80718379d4ad1932cba4

    SHA1

    b340845b3f5a9c76970f68e7deb78be2d4ef3721

    SHA256

    305752959283cd3c9e85fd25d2066e7e49a68dd0040916d341638a8fbe12c981

    SHA512

    faf7d5aa4f4a3252c3316cabd62efe7985afd958f9fe957f6f771b90e797ec3629bac251fd5541c468e0104fc4050e6740ba9ca85b58cab9faf53494967ffdbf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9e470b15c5e0722205e9a94b05049750

    SHA1

    8bfcb0dea4b401f46b85fe6e6f0d504d893e0d40

    SHA256

    6041d2364205c018fd3bdbcbd0e10421b92fc575e6330304a1286ba1def6849c

    SHA512

    7a5c28d18af0d250a42de152f4582e54ae04a0553041bb2f1f522c9890ad8b3ee8e17fe97fa2a406a935ae362752dcf92872eac6fa39bead30f729be447a9b23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    150504dda3ddabce97450fc0787deed8

    SHA1

    449cbce13dc3e1cf057d31ff72edf53fd3c0d4e3

    SHA256

    6fc373167975d57c42a18ed90cecfc599d0dfb11b27e1df028f96e372ca20d7f

    SHA512

    4fc222197569a9c437d7359ff2237983d171305436322afc2a6d5c07a68e4f71e7a2862c21dbb832a3f12b1f1f735434f3b60939f729ce8715c588c00d114aae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5aa51614d110de36392c5328cf610c2c

    SHA1

    2cdc04afd9b22a29f6901cbfdecea9863cbbc2ad

    SHA256

    b51e92ab8dc38e2065d10b058809d13b8fe8059b4086bcd1fe119d8ed1c1dbdb

    SHA512

    a4f715934e1d167dc73caf1c288e712418a93f5037411ec04d35553caeb8f2be5f8d5359e0debde2336db552657f5647afe1ae6b9b919316fb62c0c35800f13d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    30c3cd44ca89b6f79bf8e04a7a6a5ebd

    SHA1

    de3f81744b8f074bb18610133167e96a2906356f

    SHA256

    c5d469181f49c8a396013ab6206bf1465eb269278518d2a1ce84d461e343ea7e

    SHA512

    7d2310c8198b25bbdc5058037c0113feaa844bd64ccde2f053bab32ad62c054f834b7374124ebefa39fcd8e1496516cf03574c797d71091ec948e0a9cce5dd00

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0qn8gcy\imagestore.dat
    Filesize

    24KB

    MD5

    b4a7749581e105f36906e5b4e7d8444e

    SHA1

    02d8faec958ddbc0bbde7e2421c32963d7b0c6d4

    SHA256

    efc9964e0adb99034a4b6a03840e21a2437246f1645464260b00ad9c7423eeaa

    SHA512

    c7157bd39115ce60022ad581239f0d4afd99c1f58843a3c7589189f3c6f0853761f0716366a53c8bbfb07ee0329ec59fc56a56901abfc223b50eb529eb9ebf0e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\favicon[1].ico
    Filesize

    23KB

    MD5

    ec2c34cadd4b5f4594415127380a85e6

    SHA1

    e7e129270da0153510ef04a148d08702b980b679

    SHA256

    128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

    SHA512

    c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4367.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4944.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2248-13-0x000007FEFD110000-0x000007FEFD17C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2248-20-0x0000000000050000-0x0000000001CD0000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2248-18-0x000007FEFD110000-0x000007FEFD17C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2248-19-0x000007FEFD110000-0x000007FEFD17C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2248-16-0x000007FEFD110000-0x000007FEFD17C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2248-14-0x000000001DD80000-0x000000001DE32000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2248-12-0x000007FEFD124000-0x000007FEFD125000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2248-0-0x0000000000050000-0x0000000001CD0000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2248-11-0x0000000000050000-0x0000000001CD0000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2248-10-0x000007FEFD110000-0x000007FEFD17C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2248-9-0x0000000003B10000-0x0000000003B11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2248-7-0x0000000000050000-0x0000000001CD0000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2248-6-0x0000000000050000-0x0000000001CD0000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2248-5-0x000007FEFD110000-0x000007FEFD17C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2248-3-0x000007FEFD110000-0x000007FEFD17C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2248-1-0x000007FEFD124000-0x000007FEFD125000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2248-2-0x000007FEFD110000-0x000007FEFD17C000-memory.dmp

    Filesize

    432KB

    Download