Overview

overview

10

Static

static

1

e136fefc92...8.html

windows7-x64

10

e136fefc92...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    132s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11-12-2024 11:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e136fefc9233ad05551530fb3f3982b7_JaffaCakes118.html

  • Size

    157KB

  • MD5

    e136fefc9233ad05551530fb3f3982b7

  • SHA1

    6117269dbbc7e11ca6c9359b130c5a5dcc565f7f

  • SHA256

    ef3b1e615765099656d707c50b0f66d8b8716b9b1778cb31a405e39c65825a63

  • SHA512

    67030fc913923416d05b5a0c57333541bebc6ca2b904805b517413b6e28f062a2f60f2ff7f54b47fbcd48cacba627efcf0f127f95dbf0414511d5465413b3851

  • SSDEEP

    1536:iMRTH7jGfO3SryLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:iOmYSryfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e136fefc9233ad05551530fb3f3982b7_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1800
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2168
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2184
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1300
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:209942 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:604

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      26cec6076d35c83d379fd5c0e55e3c06

      SHA1

      ec194e78abdf2ccf35807d54d3f40e7ba69dd7fa

      SHA256

      677abadcc26434086c4931f804d091928a31c7dd18cfe029768cac0ad37a067c

      SHA512

      09c7b456664aa245c4dcfb343c18d929f230812545d069ab18edc1aa102fa135e21f4db208a3b777f701eece88ff128d8bcd5e46ba8d864896d74b98ea10a263

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a056fe561fb99a610713b0781e2ef383

      SHA1

      5dc852d344d012d014bb4d7af0dcc7cddd319a5a

      SHA256

      d974bd391482663087ec2e171bafa074d2d6d854db02e692349290203422ebec

      SHA512

      b90098a0f68a499c85e93f0538ccae47568530b94547bca4065c1ea4ddf09f7676b524f829cdd9aba0d84da8ef2c1db73ac0b9fe27dbf5ea4ba8d945314b8fb4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      89ac59caa928efc8f187070cbb2a3826

      SHA1

      482e827527c163d509aa20525bcc871b37f94284

      SHA256

      279818e04fbecc8d51157b0b0c2456d92f5daef73ae88350ea7bff84e8a4559c

      SHA512

      b6cbb2ef40d0d043b986ba6c4fc25a3a605cd5281a32a7cdaa9fa8ce6a61b9dd4d867edc32d367b6102ac962da4745f2610e96fadc491066f1495bb98c858833

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      130e35797e6ddea1b00c64d1b291b741

      SHA1

      18e255b6ea1a525708899d5d844273a69398a645

      SHA256

      b71f62d23a36a5ad56461e2265b07726362ad232b0a85681700360967bb2ef2a

      SHA512

      bb337737a05baf5b989fc655c89eac08f28c5c36e6516639ee2cc9d2d39747a389f0bb9ae0341b226056d7b62e450d2d49d8d6bfbe1b54554a208f9fef57e041

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cb54b400161ce6718c390b17f7e5edbe

      SHA1

      bef0ab3603f657c96478209a35c295b5d5158798

      SHA256

      1609705fdf5ea57221b8b2af0a208412ab6b856d888757c308b70720472926a8

      SHA512

      754a3adb37f954a2fac4fcf7c83646752f471ee9d006a6dbc467daf662ed7356ec16b8182ee59e74af91dc16ca7145caba1ed680b419032a6d3514dbac1e74bd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a9a04739fc3a782a31c5c1a71aaa7ef1

      SHA1

      7035377c9ebc7a5d006cbcf0918492f5347ebfad

      SHA256

      5fce58984344673f84408849837d477978978eef740938e61768308868d99efe

      SHA512

      6c53a720f3529b0f13bc40d80e2e813cef8e128a2b384d0cc1874537b22efdeaf99575eb3b72c6dbfb011c360847c1bc02de07cd8b4cc8bf62370a7199246e4f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      993921aa3d8a67e684660d5ed5080ef8

      SHA1

      7ad0f0353530e51b4f2bc6f8bb71e3f6f0a193a0

      SHA256

      c997df84c54399f06412e5a4bf5b65186c2126f0c37832b04d051526ff51e9e8

      SHA512

      28df1564160988acd7da3bbd6fa663fa48b70152083b4d469c3b9b5919d7d8ab174ecc1405a6a8fb9a9ca31a89b1c28ffad2ea60b44480f5f9d2c8ef3d42fcc6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7c4a2ded981fdc3e4df2b94758c5fc91

      SHA1

      8c6956531505bf026f9159e6a9aa7647b0a24330

      SHA256

      c8a1cd753fc4080397dde2d6dff5aa2b26a64863e1955af60cc6ea952f08b0e3

      SHA512

      438b5dac9adebd3fc7abf3e022d36fc313ec186289a3409aa1ff272d298e9755a8ee8ec3beb6f6559b3b15bf7ecd11ced27687f67e219e5f225f8ddc254126fa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c07935c01fe26b86f917940598935b6e

      SHA1

      d794d7882662f32de9d988943fcf5127563564d2

      SHA256

      6c43f50f9baf5a4fa2f020e6e86f5b6d3376966a3b0850b6f21e029444d7b434

      SHA512

      fd530460c032a1c167d915fd893a6cbd97c3a2b3f4d2bd54c3f8fefeeae2ccc3148d05ff4959f43f523f67df235457777176fb9099af8565d1fa86c232338604

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9335623cd1bee545b5c09cf0bd776bc3

      SHA1

      b9808554d87148d330cde82510ac7c4a34428e3c

      SHA256

      7379ffc8b266133856bb8e3d5e107897e3dbe435afed377d4129972ae2025b62

      SHA512

      17b7102af16e73efda8346079af23d0c1ee96a767b654e53a00e5c46d497051c6cfb94be060cc43d5a0b5ea3c0583311b3f1983563262a9eb3664b4c17e79ea7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9f37706e661e872b419d896725aac009

      SHA1

      085a91aaadaefe467cca84f1533eb97c8c1818bd

      SHA256

      609f8b0cd3cd03a2fd7319e935fe70a8ca4bdce7cf40359143f4e13f9a087c63

      SHA512

      9b3c4e6ff51cd8f59bb7e05bcbe2ac9f586abf816fffc7241dd23c36c5a4b67f24b1d98180be4f5f86cec47840f4cc4921d0f1380618f57f8c9ae313157a0c9f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d63b610970961f28c7b040fdf939858c

      SHA1

      7f6161762facff5e2f7385c31c903f1c1d22d6b4

      SHA256

      62f9f86804604ee713002a24fe6d3cbb6989c39b1c695ba0b84135f5ddcade5e

      SHA512

      e90a38f8001a040f2f241c6b41ee6e6e7c747e59a4b228040cbd6e6c53254354d6b477630d8c9cb31e91a15eda3ca93eb7afdfb9ac7bb6cc6e48251f912d7d17

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      162ab6b878b79a16cd48ec80af9fda54

      SHA1

      baceab4b43b00943b3ac0aed6ef6dff85e230be3

      SHA256

      fbe94f081af68da6f9f2761cabc029f0017bcc079fde558ea35adf8c159da934

      SHA512

      bdead4f24633f4c7c072ebcb80a0b6ec69b2be9133fba8870d2f0a083f3ec27098e973255610093f78093712589f349c34b7cd33883ea05950fb7aad1b380426

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      93a644bb786d0dbfad6bf4f1f74bc5b2

      SHA1

      b1331d407ad9998c7ee0648748be7e1e212c8382

      SHA256

      83703f94ae4ec8a5edcc9cd75f179a7c7997ba5a102429c59bb92ea568e219f1

      SHA512

      74fa9d4696fa8578e41ea2bb51f3089714f19dc6440d9bf21856d159d0fdc9cc677edc8aefa1089760ad72cf5a07424c7e4b88e2ce28fc63e86a61cfd8f742c2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      81a410e486da06f1697091944373bc1b

      SHA1

      b3f9413d603ded021eb22c9e0059a679777b2933

      SHA256

      70eb58aa8f1b4f6d99ad4ce6d4dc9ed9d882cc30f2900e0d63f6e5fa9b420602

      SHA512

      3dd033c2f931dc9be724524fb99669e01e5897349e854314cd838d757cf9e0876ae642b4e058e5119ab27e38e1b47330220f14bad70be4eb436daf11ba1de6bc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d4f6ce44cd2311596835d69a41863251

      SHA1

      2d9ce85a5d4e71a68881f2de2baf6b130cc9e67b

      SHA256

      f89c10e88ec80a86786c3107963a1154b5d88791783c2d7fb97105d6d5147eec

      SHA512

      51d430d34c1399bdf52c1970db28e85d4dd943b8495ad9cf0058641b46e6ed3c7fd8ddbaf07d6d28ffd52a9eb4d79b179c5f36f540d5f1327150c406ee83a2ec

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      09045ffe6f36711b6910b29202a8540b

      SHA1

      0d1067097559dcbefc954661ec999991403f99ee

      SHA256

      713073139f90555e47394c0d7142a4ccedfc4181f29b7ebd15dd325237a40783

      SHA512

      3531405ca1386adef541de5e178c3f4b1a89c965c75d26f3c9bb68eb420eb156576f77e5bc09385c435593da14e3700a796661a0b9db0d030ae4e52a244bc45c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2df955a19983d6cde853cfc36f5b2df8

      SHA1

      54661a14ec6e21bb5977f3e34204276472808edd

      SHA256

      a2c2ce6cf4a1da4810ea5f0a4921d8d3a6fb2a128133869838e3f007e31f7eb5

      SHA512

      2a87ba58ec9f0091d0b9aa4dfab9befe4db4c8c7c616872a71bd6b550a5b396f2053317b6f834af663f8511aa0a60c06e06451229ad7f7d0b8c0be54931c347a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a095c12efb9771a7ce16670bfef7c941

      SHA1

      998d967e39fe45d9755389d7feb00d9afeb1b610

      SHA256

      0c02033987c4f39e663a46038c8d3d95b05cd1e6d136744b56965bd2bb09d9cc

      SHA512

      d6b79b65f5a000cc4378a2c9128d524347a55901e1c2cd68b4cdd9ace759295a41700e627f4c6d6cff3be1e6a7de6e319b1312768befab1842d78674d366e17c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabC996.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarCA18.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2168-440-0x0000000000240000-0x000000000026E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2168-436-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2168-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2184-446-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2184-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2184-445-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download