Overview

overview

10

Static

static

1

e445f7778a...8.html

windows7-x64

10

e445f7778a...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    131s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12-12-2024 02:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e445f7778afdf27437ab7aace696d43d_JaffaCakes118.html

  • Size

    158KB

  • MD5

    e445f7778afdf27437ab7aace696d43d

  • SHA1

    31b1e49c5f7386ad93d5785de2736501952b1431

  • SHA256

    c3c455cd205dcf7bcbbe46e1ae5c5bf7223895176a5dad6f85422fb1c7172d59

  • SHA512

    b7d39849719712fb7eae277f720efc3fcb72a060af3c6fb75b3338ccd7671bae88ffe04f328541744e3a52235551dd13fe6b4ea201eff4f226fa55f3fb0d6078

  • SSDEEP

    3072:iOQtiuZesyfkMY+BES09JXAnyrZalI+YQ:iffsRsMYod+X3oI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e445f7778afdf27437ab7aace696d43d_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2408
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1996
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1628
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2108
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:764
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:603146 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2536

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4f6777e404e004de4a7557dbce326a43

      SHA1

      b8eb6c995a10ca07f64c92b83d372e08104b9523

      SHA256

      6e8d041cc70371866ca90d829c235ff0ea4f3f11fb556d028c3369c33f435f42

      SHA512

      64331fd9964c7ee29f103d183be7f0929f33cac31b15c4abce8b3ef65e9aca0da7065b2c4c8fd8c3d88bd542dff70c434f7cd07fcc7e8fa8f2806c8848bfcb2d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fb16174de7bbd40cf905df8f3a9d494e

      SHA1

      57aab3216226c13faa9527cc96c20b3fd275d6e2

      SHA256

      027701b4a2e0dc2f219112755cfa6ff9ff6f56df72d595042d668b3a91f73527

      SHA512

      fd62d08c77c12e8e9562bc248d3e0335c0c7ad8aa52d5c1679b59ff21ca041bba28909508691e820085f4351fb3a6471571ccf390ae208947dff55d250eb7005

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a29e91ca0bb8e3233a155eb526680f7c

      SHA1

      a70fa0d02dd583261b8695724bcf50ff3307e9e7

      SHA256

      f89cfff52462a0e1ef85470d346c56fd64d8a5e3ccf2dd55f2f2784eeca68b8d

      SHA512

      9c306befc39cb7b39e007f4be7183bae83f44dc0afc1c9aea8c840b7ab1c0aba234fef94feeffe3a4e46ca76885cda4689c4c72a5049dbddbfb5a235e15545df

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      caec242a3683cd36b4a1f1c2128e8d16

      SHA1

      65055efdce673e86a4538a6ac681005a22766320

      SHA256

      7a0ad37990f36683f8131a54a8398e26631eaf6c2cef88485fe1b567a05071f2

      SHA512

      dc5e877217ccf30bdf27293eb0fb0aea172e94a3f4f757c54b138d5a300c88090d58f81bc173daa93c8f2e20f08485ca837e813862fcc1d7eca36439ebf27319

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      12ead90df1bda722c68b9a9db44fef45

      SHA1

      f8a30dd5e1452357a966141fd2986c4b951d3cb8

      SHA256

      38db240e742d132dba00dbf617991160657af1e261c908d46c88a00220b69e46

      SHA512

      cb6573c54272dcbe4144ffd1cdc07205d9eac74533db879aebf3528449dc3c910affc84957af4f6f4e64709d80c67cca417431c36bb10f3497fc8a03136a8ef9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1d532b0afbfbd7b4baded453579d976e

      SHA1

      3502a044c4ad5a2be8a15f68505175e6f57aab8c

      SHA256

      d1739f4977a0834520dc7f42071913ffdfe2af9d5add6c67b7dc16b6b7f58f83

      SHA512

      88b0a0a50c431d2a41b58bc8240340d3e2ac00de3cf33eaa86b53e1a5905abd73d5e75353ef2711541ba9e81c142463dbd01ea74dc8485e401a22e3407b90491

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      74161dae95c2f761968dcff1a857ef2e

      SHA1

      3cbe84d15d832d88e820943f7f0f1d78d8d7b26e

      SHA256

      049f162cb8649068ac996384c1039de3c81d796a332681c37b32656d4a3248f8

      SHA512

      be763a8c1e7178c9f1cda7c01ac4a737aafd09878f76541282aa1ae8a1e1fdfa6637eb62e295bfa8ebd006283397317da08a5a59ff47c1a878b7bebd82e5d8ac

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      40d25b1f8895cfa0a63a3ab1a09c6fe3

      SHA1

      b419ff0c54a323e3a692d36a5c77932bf38b27b0

      SHA256

      8b063e9c711a2e2d0d6ae50fdd6da8792d79810c0dfbafd07585216e7928db60

      SHA512

      271407e8cc2655147171554a111d1cbf3e291704073ab4bed6c675854da98fdbaf6ac49f0a5951cf3bad10050ebf11ef00bdc0f5124beb2f02e6ae10611a3013

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0ac666d3876eda7a891d065bf701d83d

      SHA1

      79a46429cd0e3fb15b6f0ff8550692f5576c9849

      SHA256

      cc8d3f9f11587e7aa7078930ade9d8f7e6e809280b7247325cfcb3b6a376b6b5

      SHA512

      136d20cf717f10b30921d653f6f2da5b609dfcf63e96ddeb9ae6b10b5501dbd759d625351d2462e4f83b17eb579f32721a9363dfa1b9356f9191fe4ec12a5549

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      88dd4e765a5b86d01faca7340e114186

      SHA1

      286973859b2973e4a1730ee759dcf67b7c6f64e4

      SHA256

      797fa52f0ad52f12eb27ebe16538092a4bc508e80f357a13e0d93b782d87695d

      SHA512

      be4e91deeaf1c91ad534f6fc06ce1197d8249aee02c94f824d107b3839bbf22bed1f528d3d0dabe962742d0f2d32cec43dab69609bcfef001d8283386b397e32

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      88f1daa716223a52fffe92d0745540e0

      SHA1

      3914423ccabc0e8b0f8f11e762624427f756e486

      SHA256

      b1f2c6ff6ce7667bb798917f140bc257e73179653032af62c76340120f4d2e18

      SHA512

      ccc7b3eac52df87a6045c363b67d9fc13b4c7f14f87d1c73ea22bdc2f7c739cf19710600d0eb3bae8563f7501d435f797b500afe40b0762ae8886cc7d8f63a8b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      09d26107035d8eabb21fdc7df981680d

      SHA1

      e8c3457582b092d8095e35f951291aeea0965d71

      SHA256

      e9f0b921800606a38e548f03bf581b32ef663ec49242d6620a1abc28aa929a61

      SHA512

      ad0c32845201920a152a113dfe253dd5484eb183c8d51557ff207a85605971f25fd3b0792b62cde764152201e747b4b0c690f5c30da498f422f3187d83af2847

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0ac648b3a0fdc65f597f25c5db79ca56

      SHA1

      5d095563d8bd434e3f5630b70bed4dc3acfda714

      SHA256

      cef2c5ead099f164c10d85d55d9d3f373962a04fea890cc884f289503fff51d3

      SHA512

      7f1ccfef16ee7acc063ead9f84eebc01d71c81761f6efb9eba0b8acf355f7e483829c9176ff543161f7bb7481f3bd5cd33f4f1110ba8e823747dbbcc00a72d56

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      17e1d61be5a72c60d380546bc531a34e

      SHA1

      f9fa11e053c632c8b4d701ab10b98588966e51d3

      SHA256

      3d2d8c4376b8a92374e771a60033d96cdafb4fb140cf03c8d49aa2dcec060244

      SHA512

      a35749e2324a2ba9ae4f63ec4df5beddd5978590f172453f56318e57cc0b8f0cb104a74425b161976d07b6cff76f7d46d57544f2c596fc6216e4604d27f8b125

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c5240fa6d3ae334340505e88fbfcb9b7

      SHA1

      c7c3edd0167904da191eff332018ec1e9ffe615e

      SHA256

      7ab5f9da922bd9fd8ff225a8f56c104367a4851028a52e907d09062f801d97ee

      SHA512

      84640a8ee859966d7a19d28faf5f41dfac3c0c986abc5cccf5daac64955124d3e3dd852a8f8808c32818dbcd2f568d71ee7a00abf5b552ea96ccef791652411d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8c489d9b5c303018dcb42cb0beab4815

      SHA1

      a09bff0d8deb6bfa00ad9a23f488196d4c421bb6

      SHA256

      ab4f6a34d4d3894f115a71a80aefdc9539104f8de66dee5b17fe6958201c8b23

      SHA512

      e2acda0fea3a3372d52eb869b764cb680f03ba259d0d830372e7e65aebf25808faa8fbc4e8bfe2884454c1efbfadcde8c01649eb23906d9d86bdff67d27de1a9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1c1590fbc5d0a950401fefc9129fae1f

      SHA1

      c41382439f67b921b5683bb04827765a9b70ca9a

      SHA256

      edf203ade2abecc6947d3d24c2e0bc04f303d4437cee270a1005cbd67b019be0

      SHA512

      720ba4c38cfcec5448be40f083cb1579173a24921d50459385c6952ba0319fa31ff3d063a6f611a3714d01927fc5e8a16ea76c8e8fd7bc50b59e84fa788949b7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      31eb2d09865e63062539796fff8e798a

      SHA1

      d77012037005bd4af1b7ca44d6c06421505ff36d

      SHA256

      f8265ae74546e10d55aff14b6aa69c3914069020c3b564d9afc65a62ac246440

      SHA512

      da65666144be59e2ae877df7ed3bedc6c8497a70a8687cdab06e58f01be5869e2d3bf975fc8d431427342a5f5737afafdb1440e29520a704fe9573e538efc3f2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      41af2fea1febb83bf42e8c56d3e8f1ea

      SHA1

      6fd175df8fa61650d7a0275a3ad495e15cd0b11e

      SHA256

      dce1764abe25557eb53d87819fb22f9e666cd00aad007403bb96a68135d15166

      SHA512

      0cda1ba6b9be49721697cf3b9e3f0dafb87456701b17ed0121c22282712b9fdb851472d0e6915bbe8d8e92e13693fed1c720903c62af5f9e598202a2aa0d975c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab91B7.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar9217.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/1628-443-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1628-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1628-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1628-435-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2108-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2108-446-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2108-448-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download