Overview

overview

10

Static

static

1

e99d7edd75...8.html

windows7-x64

10

e99d7edd75...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    131s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    13-12-2024 03:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e99d7edd75d5d247e09d8118929f5e28_JaffaCakes118.html

  • Size

    160KB

  • MD5

    e99d7edd75d5d247e09d8118929f5e28

  • SHA1

    890724c3120ab675ec49d2b293e2d0c3f3497ed6

  • SHA256

    2c1d624f9ae21d1f1100b2cace97c842c42d1cbb2982d53ddd2ade3d0c29d6e9

  • SHA512

    77dcb3211d034f1e56a620dd8d3b94e812bca97888a3cef90d2d4a44db8065efbe92ae320bc7aa09a83b797fb2ae58b8f25fbb1ffd11be5689d078957cfb46a4

  • SSDEEP

    3072:iqttK8/8eyfkMY+BES09JXAnyrZalI+YQ:iQtK8/87sMYod+X3oI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e99d7edd75d5d247e09d8118929f5e28_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2940
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2632
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2904
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2136
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1996
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275469 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1944

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f75724693e434edbc4c46a14b26e7020

      SHA1

      ba07bf3a086ae227667e9fbe8f921ba103403414

      SHA256

      90b7bc50d494a197ecca862151f274dbd095a2a3fd59dd7ffdd3ab4cc3565693

      SHA512

      eb754bf848d22fedfd337a7198c6bcda5ca9e274ae322561434d71dbe7e332ce75f0f1c681e526e3c2ed5b93dc086bded78c617dfeb5a7d50e082ad595f79bca

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e5d7b94c1b491c6cb1b14bb176fefd4e

      SHA1

      32c1c1538ccc8068515796b9383e78c68f3276cd

      SHA256

      000cb3d4b7e3ca1153a267368c6b8054ec5aad44e55b9d7a458d53d508f9ebea

      SHA512

      c023dc8b34c50741c6db9b2f599fdbe61273c9c359a978a9910de2397b9037704aed727a19cb510516464e38864e5627bfb027404ea138202c21e28ee2dbbe5c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2790db34e326c2b33f1b0446235dff9e

      SHA1

      1d21a376f8d90ffe0008140912a37217ff9071b7

      SHA256

      cb5ebee9471ff187dc1cd0303d61726fa72f5d8e3cbe3dd48f6bd8963200d9a7

      SHA512

      e83950f6dea22937d7f9b0376e744e49f2a74f527f924cb307eec661747fac6b86bfd4f1cf790907e6dc574c4964ae6bb841f20e26fe746352e9028dd728de3c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      aba826c6550e8d8a6567847e5f3b7320

      SHA1

      9e4fdd8539acabcfe9be07ec34f26d0957ff902e

      SHA256

      5438dd46b61ba10e9dabf8b8448c1adc1f136ec646100e26ef79bf0848420468

      SHA512

      42b76d2a70d66d2b0889acecf529e490f8e27e5f1d4d4afa68bd579ad0c7ff672d0dd033f06794df5215a94666b8d04caefcab3b560f392486429d5286551305

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a21c866b2d621d8cf91165fc006f236b

      SHA1

      674ce2701c572b5b7c857a275ddfbfad591defb0

      SHA256

      e5f8252bbef43bc5182828c0284e42fa7f0fc59ac361943a70c546e2eedb786a

      SHA512

      a642f4ee334cc9064251d770988dff6536bd54d6aefa09cec2aa407ea0bc6441b5664fa53f83121b4031daf3b664534829eb1fc27485672a47b0666c0ad9c3fe

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bc377935bf63edc07ea0b5d77f82b381

      SHA1

      3bcd9b35525c2430e32607818df128598abfd768

      SHA256

      0426a5f0ef47fc00aff689640b6e3d12a01e5b7637c6f1fcff865436ab19e76f

      SHA512

      da69a2ff299949b1a670aeb6d554cb25d5c292dd01af3cf790d58765f1562c8392f879c43a8f2e2a4ddb1498e4884da2d390fbe9d6a245d9c08b0fbb2356f167

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fa45b4da7a43bce0cdb1a6a2d9724d40

      SHA1

      93d2cfcb9b5fe47b64f76006b77cdd436dcfb659

      SHA256

      d3e8709670e8073299508c281e0b0df4200cc66126fb03a508ec2a55e6af2396

      SHA512

      35985dc02688ca2cfa763d5b4d5a6675d71d01ddd1daf50a6d6c0c0e683100ee886b81aa2b3ff352defa4cc615f8ac5e86069ceccabdb363f3731a7318f8028b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      167240a29f48d88997f017c7ceb02f89

      SHA1

      ba5da7a7ce5d20ae159b847b454898dbdab65f8f

      SHA256

      fbef3b4bed01e8de4ab8ecd34b77a16b898e8e1e2a67eaf3eaa39ecd8f871385

      SHA512

      1a7cd85ca0043900e782a3cfbd532c476fd8bd89f9866390094fc1e4f4dbe417878c66add8ea5058f1e1da6b9203d614168cd1cb7025598c6f06b769b38b74d6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      486345cf7038d9f4c5b2fcb1094cf5bc

      SHA1

      63446e04453765ea94fe4e6a25fd4d7eaceba546

      SHA256

      15439145cb0ddc5801ef882282712f43688050120da7cc34c0260ca4f1ff614e

      SHA512

      4615f8d6170e11fd11a0cee56b7812e2f6565d5e833489910b47e2ad60d834fb74341c11bcd37c0d9a96d883ad233a4d69fefe8b448240b6b641cb18e5918a7e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f1285b03e02b706e89d7fb15affda7a0

      SHA1

      663ae8e458d9a9245af9323117385c46e33028c4

      SHA256

      1c257077ac6b49f373b7ef7791d7495e8cb8a17d6a7510512f3d9693099d1581

      SHA512

      28f3e2eecb77e2ba814931d31780139b57242b24aaac18874f6fdb86c936707edb229026d9eee9ffe3e31b977c82f46edf46d24d3dc1198c2f600b6e3755b6a4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab7E27.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar8A6A.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2136-298-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2136-300-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2136-733-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2904-289-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2904-290-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2904-287-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download