Overview

overview

10

Static

static

1

e8c8112d08...8.html

windows7-x64

10

e8c8112d08...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12-12-2024 23:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e8c8112d084fd7ebe2e57c8ce0aadf47_JaffaCakes118.html

  • Size

    118KB

  • MD5

    e8c8112d084fd7ebe2e57c8ce0aadf47

  • SHA1

    bc0450eee179ca792ca0fe7d92ae9de47a480f74

  • SHA256

    1d73c00ca5cbd716fdc0f51de11f07723a17b58b025046bedcc760730253a5f1

  • SHA512

    9b9cf3da1665169e76d20d6eaeec2f5b1198847d189e1353c01691c04601198cf730fa0f01b2597798b50742a5ed9416cc2a23045e90196e1a7c6d3c22d818ad

  • SSDEEP

    1536:kNp0yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGCW:kNp0yfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e8c8112d084fd7ebe2e57c8ce0aadf47_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1836
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1836 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1476
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2384
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:332
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2888
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1836 CREDAT:406535 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2740

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      80279093e7d74f4285647ad3be98fb6b

      SHA1

      1283a39afb38ea5dffc0cad6dd6ec1f1e0e32e3f

      SHA256

      bc641dc2a5b5c1429bc7730b646da74c353774226014be760c42acafb01764c9

      SHA512

      42755f259a6ac3617223578dc1ce6f2ad815ed91e2ae04335d098c859a9ebe2c225c7521c3504eb0c219dfdfad0681125136dd0e585cf79ffe8d955516bc0e0f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e2b223fc13592fc09687c838c906ca58

      SHA1

      1a861a24ff6c8aa5dd3f4ad6c458c81b539d71cb

      SHA256

      2a5fba9c2a966ca4fbc462589e87ee6416b2e553cec4e6e6bd08a671e0b64e7c

      SHA512

      5a463a4287baec70daf8195d2e70b898c922a72826f1e5718313a28e946dcb424ea4759143aebbddc0345d345f01de4ffda9ba4b5a7124ec758f055b27b1e10d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cae8a4e7b99352ffc2772cb149809a4f

      SHA1

      7b6a05728f0b416451a980408ebb0c273ae4fff1

      SHA256

      5e5d115d5d539329e8b178c479b32132db2dc2d0e8639e709c2a83445c5ea3aa

      SHA512

      ceb423ec5514e46a9941167570e369d82cfec3dc30dfd5ef0bbb57337e063ce7136fd34f8366f20204a359e7696e5ba6ebc8e35a5192805833be88854b2b3365

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1aa91f9b3941a29a1612958fc9c1379d

      SHA1

      31a8f966f3f8297d6cfb248f88bd43f8f019675f

      SHA256

      8f595a57c767c643547e2f9ceb3f20d4ebd8b19be6e218ca6ad4bb017e31a902

      SHA512

      5c2d82ee97c7b6504bfe59351977de996528fa26d0b7551abc0f4dfa8ce28dd7de4d0fc9a0bb28a639d2e360323ed4d5b74cc6438d420b9747822385307f3fcc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f1f7732683117a823109b94f60040852

      SHA1

      1b268f7b3f736fc79fe7cf5b21624abcd3ba1633

      SHA256

      7bdbac7f5011125530e40e6946ad3b1de38ec877c0ba2b4fb0e750e6c4a92b1f

      SHA512

      c87a2d8cd21a345ec23b24b08dc8c1a3194035cadecb30910778fe8461d02e7c7b0e3fca89f3edd7399fa340bc1d06d3599bd8eb5d69771dae18d422f099c884

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fe4ee7714cd1896c4d955a946e49b372

      SHA1

      940953257d266f9b797bcf3ebb8d46f89031d26e

      SHA256

      64bee6bc4b5b117edad02667d50d82b8adc5e6b3890bc3566c241e28e8c0f23b

      SHA512

      84414f014e1f39bfc6dd4c13f24123638facc6a8799cf04c122c46b0da0160fd4d9dcf009fd4440cbe51773de9bbec8754b86506f94716154a8c41530bbacd99

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b6809a18d0c4b9bd8ad24485259f27cc

      SHA1

      e018bfe26f694abbb12324c5cdf27241de683678

      SHA256

      e2bd48122809ac4f41b7870a3b97e0407446392e85a7667909986e4a5b55c6e2

      SHA512

      ecc722946053a9813b517c57d5befb5c77308a80ca8dc6d09a2638c71c44fbf07c295c1c82edb69ab0f201e2e0970f7e4c386c58022a9fc86fa89da7fa0c10d5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cae5434e2fb5b223675d65b52756dc60

      SHA1

      4f5e00c5b4401d3f9905acaa566e761c21e049e4

      SHA256

      ba6c4a1ebc107226cd51d80861ea28dc329362be513f2262bd6e7e0e5cc2a121

      SHA512

      50c246214e1ae22cec38323b8e01b0cae546530833254a1cdf16c0b98861c8c1c625bd6965d56a7324c9540d48701ca05a3552860e71f5c6b64ddbb2ae4b4479

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bac2422c6df7896b7d0cfd2a4193e1bf

      SHA1

      0bff960bb4903324346e09dd8f59afa1edf9e6cb

      SHA256

      5798f3ef59e69101fab6f6aa6d7a7b51c824eb6f49fa993189f7f63d74af3e1f

      SHA512

      a804f7f2f201e0cc3d16fd738ba841fff7d179114640346dc71a705532dedf067a1049fe275d95fadbe8aafece901f8c1363288fca08d2f12439d6f9f6fba955

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c858e401f38ee8c37bb2ac937f1da302

      SHA1

      87caa093e90ab012a2625ba0735c8339b129d924

      SHA256

      f17ac151248337557490c52b708ff64c63b5aacd8fcc72468e3dd5f029b1fb5e

      SHA512

      f8d392f8666940ae93d2d3964e439903644024917694944de39c3feaaa6d8936e3c4a183359e90441cd11c940d0d3f6f8f07b4630c621630642181c731b465e7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      257f564c1bf81da7724d13408ac3ee9e

      SHA1

      8ee91c58471039117434682ade9ce9b0063beb29

      SHA256

      e66da55b40f0fe4ff676fa853e8c7852f2eecf2babc3d4c98be75a0a6254342b

      SHA512

      69bdefcf1f93cce90471a2315b061a29222e9266b8e64fe1ab16d3956b99743812870665d5eba5078ceef1a45797fce0ce47ac255d0dd6c8e14d9e054a03df54

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab428F.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar42B1.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/332-23-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/332-17-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/332-20-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/332-21-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/332-19-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/332-16-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2384-9-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2384-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2384-7-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download