Overview

overview

10

Static

static

1

e132330f35...8.html

windows7-x64

10

e132330f35...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    132s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    11-12-2024 11:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e132330f35ec5d2a8928447fc5ab59b5_JaffaCakes118.html

  • Size

    155KB

  • MD5

    e132330f35ec5d2a8928447fc5ab59b5

  • SHA1

    ade925bba975abddfac3dab9535914b75d54c27d

  • SHA256

    4da7d2d5f9f33af4e1f5a45cd20bfc39538d548f1fd77a635c2fd37b7387e250

  • SHA512

    e27649fa12fe2345fb332eca26ccbf74bff30a72d3d0c0514e63e7e3c70f65231ed30ea935d8aba294cfcf97a4f16a963c41cde592a45dbb891b41766b360425

  • SSDEEP

    1536:iMRTvosjLeuTIrl0M4zm0yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09wd:iO9zE0yfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e132330f35ec5d2a8928447fc5ab59b5_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2656
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2656 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2496
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3064
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1788
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:892
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2656 CREDAT:472074 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1524

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      319f15e2d1098b9c5dbce0d4c2027f7f

      SHA1

      6a851048c0a46cf83e17aa5d70a0ca119f8b9209

      SHA256

      a939392773c009fa9dd82880ea50c135ded8dd67ef8a28dc16ba5a03ca1f661a

      SHA512

      0b502d4bb88c9f64b529c04ddd93acdd9d98e8536b9c2204d70c3dff93105bf8dd38d01638e1217160f69773371c1a47c44458840cee917dfbfa2a0bd45ade4e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a5adf926a5b37c99123751d3ae5d5227

      SHA1

      e68349eba4a592ce51cb520e450e40113072c9b4

      SHA256

      469913ab23c4a038fe1651eb83c86a0d5ff18e72e8af63c9c76c60599fdc5361

      SHA512

      9ab92814f0f4cfff1f04dc8fdb9f2bac643fa3a655c4dad5cf0c14acaeedd1e261ff9475d5ec98b415c7c39130c5ec8b21c9e2b98f065c4e3e94e57f0817c492

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d45ce604996ce840639e2b6676d91e9e

      SHA1

      dcd22dca096ddebc5a8b8685dfe3eb5900489735

      SHA256

      b375f05b4d3072ffaf124d7d04f1d2dc404961a933b25583ba6f15478a1b9710

      SHA512

      c270d3f652e7684da0ea18e3f21a82f1da0477a107ba0339b9e47817ee6969f77b6796341a48bbc260abf9d1dd4270441dd8fe83e91925fe56bb23a7655d7697

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e55bf0e00a5c9bf0d526240daf7f952d

      SHA1

      fe2f00a7255970499af1cc70003a119f4a3563b6

      SHA256

      be2528b2a6371f0a181f67b267d26ae25786b2f4db2264270a1cb7fd6a2fed55

      SHA512

      16a808fa9ae61ca4defc257d20f5b6da0b628750f25a13dbb5dc72c1b3c50c51861f02dbd6fe203105badae3f9870057de16f7ecdcbe2a62c839683e122aa905

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0942bd5c4dba98a21f592bebbf3b6d22

      SHA1

      5fada7b36a8868107d73b93c75ca6dc0154d8a47

      SHA256

      560d3b1b2dc8c903b538a57641726d696e37fcf15ada5e97aa04d00df7e92982

      SHA512

      3ee224dc3d593b54e7e0f1c8e3cc9f2d2b76676190f8f93927371f8545e2cc9a2060a29594568ce4d7dbf804d909785b3b82a9dbebef7ed528439b9f5904836c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      45a97ebc11028d636862d3014529a121

      SHA1

      f2f6b1203e9604d852c273a0b4662b6dd5a47d73

      SHA256

      5f9ab7ca39d5a9a6efd4f2e1e0129730496a90787a61a432cd09e86ddde765df

      SHA512

      22644ec1784607a265fbdcf74131221819ae662b15f07b46e16b2623ca4be85d1d30dfafbf96063142a15784bf9a9185013269fc3b38f736ed432f8a8392d1e9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      40bcc0e2091a94c0c0efd2286856558d

      SHA1

      cc935ce9076e116e3c64bd893f7aa2f2d05c4e47

      SHA256

      922802618e653df7839cbf32a6e4114e52cfb27935a1c5a420b594e8df54ffc5

      SHA512

      02bfea1947133103088ae604ad50014aea99fa4e452af383322f1d8ffe96f24faea665b42b82b3e00d11f0a005b4d0ec2c35e99491c4640e798d37152f220335

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      63c79929e37d2da486bb959d26cd9abf

      SHA1

      0c1e55e2556003e651f88ce806cb72f5241ec8af

      SHA256

      beaa17e9776ee83a316617985c2a7e75214ac096105eaac3ca61e223677f442f

      SHA512

      ed1cc69dfcb4d095f4cf527703f4bad478ba189e5702669a09d82ec35abc9d67fe946b8cb3fdc1b8d4c13ec8c0d3870cfee79c42ef67dbee29cf5f56243061f2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f527133b14595bd11454f292cbd1ed24

      SHA1

      115da7315ecc02a044fc64209575ee21291cd3f3

      SHA256

      f1e0b7e7d9a8434de101ec794d7c93f9665b0f3d59d897b5ccb8f7006c90d13e

      SHA512

      fc9aaecb101811e743cc9ec01f748243b09131ebf2e07005a2df4d546a1b470aea5215405b371c6fb1c53b0e04465d5dcefdc30cd9247f2738f7bfb038bef5c4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1b1941ee6984666faf77451164118243

      SHA1

      fa5396a234c5d9d4bd54d0f7a505342f0d37a36d

      SHA256

      0d897480a0c01f79eff800459f9504fc60c0ed27e1d6a7386eb1ea769fa0b33c

      SHA512

      1c4b943c88efefe215a0f14ac6c2addb21a9c2ce89d35630a3d495e1704aaa0a65d63584e2f18a94719cd3f37e3795bbbbf3be18656e2fdf0bc9aaa42eeb0660

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5a6552bc5fdcfde384517ae63e2e08a6

      SHA1

      e511a91df3a34a71c7b317623deecff283951cab

      SHA256

      656c79f0f820ea035adafdc0840449c93cb322af0569ac801efca8ed4f14a583

      SHA512

      d75e143845ad13d2e36f4ec773e61a0cb8fe04cb00ad99d3726791f0fb8e8e33157f0fe6784384bbbc91ab9b60a42080417137d497536b3777668ad10e13e2bc

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabA768.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarA826.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/1788-449-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1788-447-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1788-445-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/3064-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/3064-444-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/3064-435-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/3064-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download