Overview

overview

10

Static

static

5

e2c3daa4fb...18.exe

windows7-x64

10

e2c3daa4fb...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    121s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    11-12-2024 18:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e2c3daa4fbb0991ded2ba73edad61515_JaffaCakes118.exe

  • Size

    366KB

  • MD5

    e2c3daa4fbb0991ded2ba73edad61515

  • SHA1

    670cb1e0346c5f561872a1f36a2fc6211bff2398

  • SHA256

    760716681c84fb080c3600ff047772afa89b3eda85c08ddf332fadfb53dbbbf8

  • SHA512

    56e545f6895dae489e2d2ea04ef51be5fb4622cdf8f2a97383f1fdf266cb16a98da40c9c33f98b9fba684752896481e11e7cd8931678da688c65ee5efc5e1f35

  • SSDEEP

    3072:xk59fo2r2f0oJDib8iLws7ngPZwGj9Tf8/fmA:xk7o2r2fj2P8sbgWGj9o9

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2c3daa4fbb0991ded2ba73edad61515_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e2c3daa4fbb0991ded2ba73edad61515_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2784
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2712
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2820
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2820 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e93db453c4ec0656a6631fcca75a009f

    SHA1

    c0e00244b78040eec344dbf411cdca34fb21d3e2

    SHA256

    fd71bad2c7d88529d063422013a6aac44950e4e549ba75c8b4ad6a0bf59593a8

    SHA512

    9e498ecf72eb6fa7caedfa1ae0aa62bef9f44722e1cb2d62b94767782d510c92aa8ad6b28ae90e7d7814bf4a3c64967ffbfa6a9cdbffbba1ba902ebe049b2b15

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a7bfdcd16367e5b52fcf1028b8ea1c8

    SHA1

    8520021ae36bd42b03796f9d2cf8ebb206e0c051

    SHA256

    cf099f644a7be4498b2e45befa5a04249e60636c5f13afe90ae031ac07f80404

    SHA512

    748bae9cb7265bfc9fd195c5e057694ebfd80a19de64c2a20daeb99bf91b428655b399d051d5de2a5439d2383c2ae4b5d1e7151233ff6c97e3ce06052f97eed1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a2d47ef885916fb48be5ee1cd8eaad1

    SHA1

    b04cc028c988f3662df203248a3e04c8df0d05bf

    SHA256

    218395196d60d2766df9485d9d6092ed399d1052f4188a149c775661671dd521

    SHA512

    524bf81cf62d5cf5b624eafeacbf57a9a08d53ee3d6bb0df14e34a68f1d820d006a2247c3449b48222f6c9d92144725869f0ebb1459010b8c5f4a09fcb9b68e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    57f10099586eb38f37b7980e5da9d2ec

    SHA1

    a4b866e05e39bbc1d4fb67fa8709daeab403d510

    SHA256

    83e46fc754b2e7d0a349b027f804beaba12955bbb878edd3ee1de3dfa134e211

    SHA512

    76fab48b8197e455e3fbc3dfadeec10e8bccb0cc3636cf607fb5cd193937ee00f71c20fbf9802dde92074848f67d6f3cf57d667252f5d97c38cfba13bdf7f815

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d55af578d10659ac0276a1aacb7671b6

    SHA1

    3e490e47d706e7c8cf64161135151b5c4566fddb

    SHA256

    0ed27a9d3ff3207b451974d8fed2032b32d61bd46685b5329f8123b46a6ca689

    SHA512

    0d02ee9e0becd826ac4f500d1ae147b08b0755b64afba32b0170a03e00709becf617c8a8c2ced9a831cfc58e86f297269a95caffa4af7d3b610368e85730c99e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0367a21c45fcf22c044a5616bcccbb82

    SHA1

    60b46d38e36bcc339b20b5bf69b2002a97ea2750

    SHA256

    ee796a3275b3194c2aaca02da972f991f07b39aa8aa89040c227159fcb198dc4

    SHA512

    5d7ca4a955770256cc210442548945a439538b4b369e5015002b6ac160b0f12df0e54cedca94ac5d4bcc8eba08fc46d1549899417cc07ca9ffa44ad80dfa327c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e562115c239ce638bbdb3c04669c8f30

    SHA1

    f0bb5ac77018a6ebcfc9969f435b9ca9014f2c2d

    SHA256

    a896246750e5f9ba50f8f2beefeb9659bea40dc7fb96e581450f9b57bd84f76e

    SHA512

    994bc85840108c9f77399da888c82b759a41a4dabf15887ebf57655543c97767952d1ed36a9a1612e1e658d809830a44fbdbb1fc2b45660323644723e4fc3394

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a01f0d9e2048a6ebf953076e4d34de6a

    SHA1

    62375f07dbbadc066e499ad2e7ecba2a1731c163

    SHA256

    e7973ce32c0514a91923ef3fa717a22b30eac15f4356859581a23860f9498fa8

    SHA512

    ce577443a2881a248b53b3388e92bf788f407ac46f6f6f92a7fe9d865d28c5b09a8d299d728372d18d3921b01b59d9ece74f98a79d58bf2f7eb8eaa1a95a432b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de71018b146a3b047acc52b9dc6d60fc

    SHA1

    0a5e040dfc9276de2d378d1059e7a1f4de183c50

    SHA256

    31a3781e7b3fce28b322f28a7de987aef7d25c2adc83662d2c8e62f6fbf06d6e

    SHA512

    fceb2cd1e5aa1ddb80ebbd895de36116661fcf484ae506f3ae0ec752ddd790324f3ac2d9c35102d141d3dc6b30e798c7e8d685c3e05b2a3a4c0b29ad5e1d8bf8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4593e2d16d5b5b464045f5725680d92d

    SHA1

    2a93e0468a34ebeba9c8a895b6aeca0de6e9a112

    SHA256

    c7f7807bf5400d600aff4700be3fbca6e8692a3f0b01afdc4cc9a4fecf821d01

    SHA512

    83f7f9fa983e81f81aaa77bfe4616b64d978fece52294c02bc06d5f3e539d44b7f6db471090fb8276252bcf899f785c9e2fcbc8af5242c6f4d0509fb3049e509

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    360216558353a76eeaffce7bdc597b22

    SHA1

    a9e0e50eb16d62da0f50836284b5c1aaef65a0ff

    SHA256

    e46f5d56d4666767a15ff2ab7cc8dec4b04efedd461e4d5e7a06e10c09a5c6ed

    SHA512

    c628853a791cfa541b685d9f1dc24511f4925be0f39fecf888629b8427a75b0244cb07f0b5675292e721ee76af825d5cefde4190b18ee7ca4ed6f932de0f2e0c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d1a74099d172c855890cc4873503bc91

    SHA1

    ab095922f5f015e2be3d9824a5b34f56f0cd5945

    SHA256

    55de123883c6214c963d32b6c57a04ba02e4dee63fcf2a080eb9250384d02189

    SHA512

    e6a93c96c22f3de0b22565021e00826d04fdcc30702ce61c0f34cc24b34204a19d0ce1fe3275c627794e7fefcd2c41ec48f0872ec4d13b8010431375e13a8cd9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e8c3534cf5a8e22c1bd1700be3b849f8

    SHA1

    790b777a07ef32ad1dd90cdba21f6ef4389739c6

    SHA256

    dc1f2f19277971e0affb55e53ab4fa5ff202f13a103d19ff7be9866b8c13941d

    SHA512

    52cac073418a72809212ff1c68dd1d725e0fa92fe294a8093608ad8157f160549f5036733b502806c59dad14d1b894c82c789705500f2cc34287993256028489

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d0939e7c9aa365a6cfbb12d923b0bd3f

    SHA1

    76ccf1451183060ca0b7b347f1b37f2fc69ed9bb

    SHA256

    d2d3af02cc97606e045816dbdf429a6d7c010db776e2784ecaf84e71d96c58aa

    SHA512

    9856e9b627303f83b9867703318ec4e1b79615452e019828670b191362014c70aca4df3c95501188a0dccf68c8d4b96f0666e592a2d77ca8a18f566055c5b2da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    705fd1507f43b20dceceb0f9742e332e

    SHA1

    2101bfad13737f9553c1774dfe452e935c59c6d0

    SHA256

    fae35658f30252d5f7de66ef85d81ad0e1ec174f0be36970327acaab265939d7

    SHA512

    43cd3625e4b8120fd991fe937184994cc16c9cbfd96db29d269fad362cbfcc23be6c8afae542e1969cede7ce27abfc4017c0913879cfb60c1c1815def73a1102

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    232b5537f1865c62afe6d69d4f56bee1

    SHA1

    fbf6fa5c470ebd0355c873168187a17f1163a2fc

    SHA256

    16f4d152a7c0ba1c32e01d341a73fd0511e9a8ecd44737daafd4b6ce3b727ffc

    SHA512

    f208af777477aa4e338c6e2ff0faa24935f9efde9127e8ad7a5f6d640f21c6e491f7638930aae8dd2d1cc2832937fe06f66c88fffb0f7c04a87db8c55f40bca3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7152BA01-B878-11EF-BD8C-6252F262FB8A}.dat
    Filesize

    4KB

    MD5

    fecf582a334dc2a170713543b773bd75

    SHA1

    d952c9fc8af1a952b6d809b96002e0de6e8c9ee4

    SHA256

    2b97ec942e52b570a37bada3a48195bd38866903c71a3e141b89ccb676909404

    SHA512

    63b684c04be6ab7b717d07401819860ac2b3ddc0de7deaa0998137920e3d2906f47e7aaf897a55026c9a3bee6c317c7ba3a5a02e447b3a50a26d8783ca641bce

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{71551B61-B878-11EF-BD8C-6252F262FB8A}.dat
    Filesize

    5KB

    MD5

    46e242aadf425462816f6da4ca8fb1f7

    SHA1

    0a3ce9f023f0e48e1a6652600843670cd2096117

    SHA256

    63263f9d0d0433be552c0eebabd3cb979f98891af930c7384b88698fc2223c42

    SHA512

    998cd6af00afc73fb4e7883276f1addb11ea7a4cd3c6b7d17f21776e2d88d103f2ab4353a2d100539fb7e1a22964b1480fbd4446008213736b0b3a7a8ecaa0cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab91E5.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar92C4.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/3032-3-0x0000000000640000-0x0000000000641000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3032-1-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3032-0-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download

  • memory/3032-2-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download

  • memory/3032-4-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download

  • memory/3032-9-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download

  • memory/3032-5-0x0000000000650000-0x0000000000651000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3032-6-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download