Overview

overview

10

Static

static

5

e0494c5868...18.exe

windows7-x64

10

e0494c5868...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    134s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    11-12-2024 06:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e0494c586877ed55beef56cb6474c5ac_JaffaCakes118.exe

  • Size

    105KB

  • MD5

    e0494c586877ed55beef56cb6474c5ac

  • SHA1

    0b213e17bf382ecb7a398a02ca2d4ff41c88ddb2

  • SHA256

    625184c9b6e15b8ec88d1c592dd52af92f235d10390c09aabd25f964750c9eaa

  • SHA512

    089c568d660b329dc7766282cf0a330eef514e4cfb923715ef9bdb0771be4c725c9d0bbf77d5bf1e2d9f6a43b8428a88da2c22070161f786b46daac594cc17fa

  • SSDEEP

    1536:LOC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfBi:LwV4OgSzBmh04eZFkz3Rr0gwGj9Tf8

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e0494c586877ed55beef56cb6474c5ac_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e0494c586877ed55beef56cb6474c5ac_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2604
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2496
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1696
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1696 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6bf641a41df8709e38c23d48179eef81

    SHA1

    0d6901f48ff71237b16d9d1c78225f310e824341

    SHA256

    4850ef22122e797a156e6d0f409032fad714daace8e95df67facc55ab159dedb

    SHA512

    8507c1b051fcd5d5aa195580fae1a2bdf6e08432f8b78da0cd0ddf4cb28a13bdba58e853c3f482ff400e05f2dc4abf8c641a0b7b4aae4d06feff1b3d6c866e46

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    23ff33e33c62b0248389558b382a9554

    SHA1

    ad225695035b34c32eed7e8394f8d75cd96966d8

    SHA256

    b5415968546ca03a76ed72ad0df3b930c6eedad742bae42ff84a7de165a72a61

    SHA512

    7acfd65ef169a81d6ee586df8d5cb50a44c0bd255b3c20a6694c031f29f554dfc6f980244bb6551422dd56ff1b03ebad27c1a548ce4d1608782b4a66d15fe114

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    166f4b95be5d0f524fbae7e006cc9aeb

    SHA1

    c0f9df2ce89ddb97e2900b279c2caad463782242

    SHA256

    6eceffe82448ada5656c5e5e7b2909e7b229bf24423adab208f329795e5a3587

    SHA512

    cd1697733f9330fb432de431ff30855b2c1e6cec7a4c988322e57f9cdbb42115698bea694307efe66b0e0c94e68e78198ff38c25b6fa30e2c361f66a6d52ae29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c246cc493c09be86557ba5abb2ccfa4f

    SHA1

    e57c2993bfa1963b4bbb241ff6ec898a2c38abba

    SHA256

    337b60f24abf3154f814c5fa301daffaafeac6df424e2489adcb67a6f4cae2be

    SHA512

    d74721ce6bb1dd0e57562eb953dfa7fb1552bf35070941591624900dac3ce6a2a820af7b7843167f21ae4adbec5258eaba5b59170e613201ff00e75a0d596394

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c90d97f7b2384d36a4a6c9897f92bfd5

    SHA1

    4ff4da51b2ba87ce40f02a999e0bc279a5bfa344

    SHA256

    e67389a3682cad735903801ae5cef6f2de55b455674817e3ec06930647b5124f

    SHA512

    9541c5e0a1b2d5ddf3400ce36e5305aec8dc7cf0b3bf78187f287ea08c54b5549c10b4379aa7c7d4d170f640d2714a8755aa6ab8271c289d74f90c55b071e8a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e0f4b3f2d57e57e6c7f5f6c5135df8c

    SHA1

    354b3e52dd14bc5145d25a64ae54ba6a32d70db8

    SHA256

    7a0e00ef564e66cdfe636cebd9fd9d9d0a5f37837970836abbecf3b297d49de7

    SHA512

    578eeb8a97eb80bf5bd48f5e20bca7ffd11caa06e214c7f0b96b0b4a3ce43823371a45911427c288f556480f3f6af7d0b0f01ffbabb1297d07497c3e331f1fb7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b991dc9380257ad1b41e2d00c9cff20

    SHA1

    a625f5ee50e9f752f1b1c108bc35384c2d3d3949

    SHA256

    c2ec96d2562764db4e47a916c476889fb88347b738c47f5bb52dba498c72ba94

    SHA512

    b48ed3df86dc7959144a47ef1f5a95ec1c0554d983b901716b545310610301dba2ee34e204cd3dd9e689e0741625389344dd4a46724f0578b7e91ba61d4bc014

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    689ee001b64e75bcb8894de6d3003a8e

    SHA1

    97ff0429afc85e32c9f8b0170a82445aefddddbf

    SHA256

    480dd99b99afea0f236f7824e3e5130114e883f65b8cc0a1c1d82bbeb83efee2

    SHA512

    b692a570fff3bac28831d019067294a92d8eedc534f664b0de9d14974fb2a98e10b264070c4ff906286b2c9f16616002bdfad5104baefaa2fa9dfa566936dc9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ee569b00494e2aa56b4aab440fdd5e3

    SHA1

    872f79f08cb54e510875d58943447cb04f6b2058

    SHA256

    719b42f78d8c87f7e095a68d8819291adfcac3def4b9806064ff048c2ad1b07d

    SHA512

    43330f3692169fbb25d9516707b0b29d887a69e54089d1a439ac425669368e1cf8fd8a5b2f8f1338e3c0dd2503122cb101f88bbc2ec3d559751a6f3bdf2be675

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    33f29260612d5ae6deca3e854bad8972

    SHA1

    ab86ea579cfced7e4f1b4f0dedb288c7ffe286c0

    SHA256

    4d28217135a8084d07cd8a2c31bcbef615f5a409039e22fe68616fadc1abf54d

    SHA512

    160598d02e3a1fcee68240754b7b8fefe22d40d3c4dff390a387defa836791de293e84d4832184716453d670e9f0bb01a83c8a7b30a096f8b23d3153587c4457

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36da529e1c13da995086ba6307ab04f6

    SHA1

    946cb77aaafda56f5f856c6737fe3fbece189f5c

    SHA256

    951694ace3d8ed16a9ec34b1c7e44eae90cf19d830de410e3f7b8e5999ec9c67

    SHA512

    61ee874340234db1fd0838170d3ba578b471a6e06bbda6493cc321258ff9f0f22f51de842fc4f0543569a50eae0e01ac021f286401ec587e6f99207a6c5ce3f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f421305babb9cee34215b4d1246df47e

    SHA1

    91465bfa42aa7a1b2250194b51847c22e8df7d98

    SHA256

    7807ca5c47a8ae296e934d16e26a4747b71aa725c3f2f7dd98678bc49c162d57

    SHA512

    b24bda32c4abef25dd78f55817de60b60b0a1f7e37a24e86407d3158c4ad63ecba8d4bba76bcb7be8552e13547002eeb2b186ee315d9e5cda3a98cb8ebde494d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef70cb21e88f7c55dd029aec18f43052

    SHA1

    f73cb38706211357dc863366e2ee8c1e43fcb005

    SHA256

    d1de4595113f887068be437de8a697380bef0f70e2887155c7c2c6ff3c61ab25

    SHA512

    390e766c3845c3b80e529d903e2beae8f199f1d4813d21ea846385cdcd418360ca64be371f72c2a6b75d38cb137932cd9e02e66dab7523578c35c15bb43d1e0d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    53d9bf0f9b75348d4ddf19b0aebc79d8

    SHA1

    3a236228f336f30874095593421e858a993a3579

    SHA256

    f03ea382892de273e4ab5d7eae3d4171ce22555e48bb0ff332d6f8f26ac1983a

    SHA512

    1a350617d2293763cccf51c8312ee8a12e41f492104bf103cf786d1a5fa6e9aa1d0f93eb36db23c8d1408a970e62fbf60579034e8d6e5aac8acaf6fd6f8f14d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2ec0ee8466b7a5c9f8683c9be6e87db4

    SHA1

    374a0ce2808ea8f4e50a849a9960a8695cd5e547

    SHA256

    1f3cae1a6a5707e7c5d1bd45b5d3c66c56f60d26a72b3ee2bb82a33c447c0055

    SHA512

    897315443772a718f851299a71e5705a524a003f31499582b90533247dcf31f4633a6dc9cddc9010ea4e2c22cfed4d11c892894e3edec3402fd88536550a0ae6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9cf225e2056259d3be23db3a034114bf

    SHA1

    2e6ac080048693184938bacf004109eae5807715

    SHA256

    758cc57e35dcd492316c03209614f7fa7606b23f04447f5a3084b5b6cb784b32

    SHA512

    1ab583751b6d2315d463e133d87cdd868a2fe2004a5fac45aa56fb6da02f587072d4a1410cd6f9add09f96e9815f3eb1f25709af060c592b172d26130ad2496a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6298d32400b3194064f04e8ef12e6a33

    SHA1

    dd19d0a4b23cf8074ed0990347d811e93104e44d

    SHA256

    4d3fdcb717db081055a56322fc9cfe7f9e48b77ca43c3cc4b709515b4caf6e59

    SHA512

    af18d4a8fb48cbcd1e3cbb9919129a680c04af197d72450258e866264a0830ad21fd2737dc18c6e3d9e8ad527594b617329a06be051089e6388ac0153dc99078

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cfe586031bf4b8357b8fef36f35adc88

    SHA1

    a53bf578c7f8ff82821203ff4854cf230748121d

    SHA256

    46acee725d1c1c23b00bab63cb0d565461fc1bbebdc14ffb40b6f8783dad25d4

    SHA512

    5969035285e8396b326600a56728ad01181322c7e059eae4488a9e8ad953424cf5871c591852f14781b8559fa482b925773d0284c4179fefca65eaa6c10be25e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    20270a8eb23e86e7ea289afd75706391

    SHA1

    cd23680985ae31fdffd1b882f918517de274e891

    SHA256

    210aa8c6e54ea8eb51db9d502e3221cf54389ccd240411fcd537ac65035ca391

    SHA512

    c26138c3cdbb29a1a8dbf152fcb1f5df108279af87c7a5114076734465d2b185ba33d16e4b876539d83299f7851466dd9090abefdc0cd91c76ab7c9646eb4527

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4535d551260ce179c90bbe5b5fe6debe

    SHA1

    a034f31a9bf0f14e0e0274801c6caa38d30c3303

    SHA256

    6ecf823e27b2cb3b91cecc439667bd44e21298b9f2d8c20e3fa1c69099f5c56c

    SHA512

    956083a9b02c2d489329eade5ad30b941010e5852e4a01c9b5bc3eee5b20ffab4510a79b87eab1c357127be2569da7e22accdb8a329037d9b2977e4b81575153

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    89b35897f5c02f4e78efe1b9e9f0fdbe

    SHA1

    177b28f4630b4b8c777e52767c56c450504b9517

    SHA256

    0c4082d5293bc0bb54fcf3ed6a4a9d6a5494813462e87eb7128f86bd34294f81

    SHA512

    3e34f146ee55a4eddbf3af58c38dd033b063d53ee1a5db6117e5ca1a0e122ebc27bf52d982a99c39057e83cdb2292a79fcf3f7f687c759ee7e163a7ffd2a9efb

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F01EB991-B78A-11EF-AF8F-6EC443A7582C}.dat
    Filesize

    5KB

    MD5

    e7d3f2a07d37a02e85530da302759ee9

    SHA1

    5cdfaec71112bedf6960fb3318551247b7b5f08c

    SHA256

    4027538e5f17aa1007dd24092a1fdba2b68ad76d2e7d0101aa6041c61bb89358

    SHA512

    8a882f2acc3903ae2692fae438d86692eff39ffe621836573441769a193a7254cd22c6bca809ae8aa36bd2f26b93de9fa1a65cf7f73ee776485ddbf3b31f5f00

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F01EE0A1-B78A-11EF-AF8F-6EC443A7582C}.dat
    Filesize

    3KB

    MD5

    1bed699c4c3387fa4a81a9b63ef09b71

    SHA1

    ceefa5dea4f5910c7d703287e38ce43f74e21047

    SHA256

    e47069c73a657966d1e697adadac0161d86027a61a35a2f47287fe9ad1bc509d

    SHA512

    4d1e76250d785858e8fa6e773d45262bc649182bf12c29002036ce16318f23a90a4b4d05acbc6aecca96bd0a390ce4015ac0e9d6ac917f51fbf03fae7c18ffd1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDBA0.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDC61.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1720-0-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1720-4-0x0000000000400000-0x0000000000475000-memory.dmp

    Filesize

    468KB

    Download

  • memory/1720-1-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1720-3-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1720-2-0x0000000000400000-0x0000000000475000-memory.dmp

    Filesize

    468KB

    Download

  • memory/1720-7-0x0000000000400000-0x0000000000475000-memory.dmp

    Filesize

    468KB

    Download