Overview

overview

10

Static

static

1

ea1535f98d...8.html

windows7-x64

10

ea1535f98d...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    132s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    13-12-2024 05:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea1535f98dca3fc6e08317a4dd413c4c_JaffaCakes118.html

  • Size

    155KB

  • MD5

    ea1535f98dca3fc6e08317a4dd413c4c

  • SHA1

    b7ce94ac83bf16a3b2a05d29f21e0e2f9d1f98fd

  • SHA256

    27d41f6d4bd0507b37310929e2851392b6fbd88f32edb2a5e96849efc767846d

  • SHA512

    d545ca06c371cd1e44a8727d676d2e2dc62684530dbc5e411e50b64241f7d4514b75747e90646b68cb203fdae5d69e83ea3d46e4acd53558f4935b57a158d218

  • SSDEEP

    1536:i3RTsdAA9u+fR+QPzTyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXAZ:iZ9gAgzTyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ea1535f98dca3fc6e08317a4dd413c4c_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2900
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1656
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2780
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2616
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275472 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1544

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2356c199c892058ab00c9f46575e687c

      SHA1

      4b5eda4da8cd3ac2cc010c7bdc2ea48d7b252bba

      SHA256

      cedcf0a989654f7849a2fda43d66380c6261a9b2011b2547a778fadebfdc9596

      SHA512

      51cdddb54b4079634ffcb2e39fe2987228b078b5a507fb38146fa0ab17625376bb008b857a4cac32516cb9913fccd8fac426546fbd19e3414d0f7e43662ef8be

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      06e0c39ee6ffbbbaa9ccfd9475f12afc

      SHA1

      bcf22afd4e1a8752d9e81e10584ca9a3b0038a88

      SHA256

      e6a06f6b71155886b02dda961355229d8fda8c0c29165e31f54df4f5c0bd3cba

      SHA512

      525d23be8446a990c6d9bb9c34ace65e2869d3b097a5995b65ab41db8b6f946b123278317f99fb7814c5753623a67b9018c919315a4322792f1d033595dd8b84

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b3c3096aac1f587d3524c9d4b4293e84

      SHA1

      180042a7ed9a2277f456202927c0690866962d3f

      SHA256

      b3746a583a3f4cc78f29b0113b52546aa19821d8bdf875970b9091e5eac8383e

      SHA512

      8cc1ca1508be05ba9c0319ad6a9f6073121e53dfd237e37db19c16305e7195c8762b98a10863858ade22ebd0cc78ae820784e741602be7f35fe7fbedce2a98eb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1e1178cdf088853f496be637537c3892

      SHA1

      76cbf04bb38a7d823b84757172f99823220ced2f

      SHA256

      a66216b5671c5d6160060c1ae12e2420d720e428a545dbcfd0295d8b5abc7c05

      SHA512

      39e4be695c41cf8a2fc09bfabf21f10b115b2407c8a6190bf726a3a042077bb50ec09418bab7a96415410349f0d040e7ec5f77922f2be3b4417343b30a873a93

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f01457bf248eebba7df276047d006121

      SHA1

      e61b0a8f256056ec0cf290333a56aa2263e68a90

      SHA256

      b5e62b2d20850541ecae60c1205ac8a6d92198df72b826068d1968c2f4154553

      SHA512

      9a6b650a9e195d219a10adf0436514627b3548306acbf76b69419af38cc083eceaa69fa4957cddd9d5287525bc7971812104b8becbb6a195b8829e03921eb0bc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ac84673e3aea6b5614c5237b8b6ccb82

      SHA1

      285c736d61c695119dd3510449203260b59beaf1

      SHA256

      6056313d0cd161e5b63fad1cbf09e262776b75db317ecccdaa973e2f31ea1f5c

      SHA512

      4f5e40645b4aa7654fd7de887a3647948a08817bf9392e648d2ea65c05488dcbbb6c92b12570d7f5a206b52c4d2086939adc74be5a9efdbaba8ee41f8bc744c3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      20e61d6e37190b72b5e4e3b1cb598742

      SHA1

      86153281d845511b7815a2962c385097ac23a388

      SHA256

      beccee503efb9790a27b63c33a82dcf19e9320e11a161f606edc74b385d920cd

      SHA512

      69fcddf08305047b47524ac9f90f2d6ee117a9866f0d234ff01e0bddebd4f7804ba002aacadfe26c4af364f2dd74236726057f1aa508a20590b14403d0990a80

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4d4705d4058151ede2074db3a6adf46a

      SHA1

      f5696135c28cde66c6036d5532ec2770034d9bad

      SHA256

      da19238be919359a3e5897dd34f60f9693ad0b81abc18a90880a6ba69c2b3fa1

      SHA512

      48cee96d11162610838e721cc979522eafb9e02c597198d444f2f05ac56383202c20f7f8522cf5384c4335bd0ee3749b41e729311244b46903e46cffcd0ebbd6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      845ba81e9da532c6e9353637d1bbe76c

      SHA1

      950804db67be1c34cbc38cd21feb90bdd229558f

      SHA256

      582481d119b9b2b65f95858aaab26e95cc0188001f2b3dc9152562b6464612ac

      SHA512

      5467f0a6937c53eed93b105efdbbb68d64bd537618e43ba11c2d0f2fa306df05d1357532578056e1bfc3f4b50961c4c783b92d93c8b0fea9acdce4d70b650673

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e7016a1ac27f89b99af91a7eedfc383c

      SHA1

      c8c3400c7cbcf9b158488df1982b1553e9006d38

      SHA256

      381a482b0b53a1e0b0a5deab55a4e095f3a1026091ab82dbc9822048b467a459

      SHA512

      c8af265d453e99601f477554e6fb0f13708c05cb6cab68395c7617aa3a3d55d6819750fc633dfd21295298e0a88fde80e1315b2f3485a28a1a0d1a011b4e6c0a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c133b9a253d8dd3d7bf843a9e98e0eea

      SHA1

      b6eb5a861cbe3bd9a6aef1967880dbbc0ba89ec6

      SHA256

      45409fa30e12d0eb2ee5b958509c0adb1363b0f8993067b04384a0ea102a1a7f

      SHA512

      2aeac50e1bc42fac910f9511e1ec742ecca4d43d5c466e4c76ab4f54e663d7d71ca49f49e1a9228784450ed3b10e6c016cd7f91b9439f6f5539ac5ad43cbd2cb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a2e694cd1a41febd900787b3f45fb7f8

      SHA1

      a3bb861a834f36e312b4667e171d04f8e72bc8b1

      SHA256

      710e877006f412a785e437624412977dbb63e3df297d86e6cb79ab1716fde4f4

      SHA512

      c77917a5b33e256a4b72bbad1032b2f15a3183959a1eb6fd9330d4f82d1f14b4ffccf6c96f2f284434187584a0439997422ae8581a7aaa037e195461482cec48

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      622eb0fb36791905aa129abe661c8047

      SHA1

      702e961a0910330c974e60c0b6ac3e7ac6094ad7

      SHA256

      65d14eab2b48bd5ac9c4a133f5e433ae635bfe77234bcb18f99bba4ce5099eb9

      SHA512

      9966df1f654a82b8d8d4e147dc01ed33dd11ae4f7aa5bac664f65164dbb000b6b90c8020a3fa78d287e4506d5eddaf102991998e865c209bbb8ed2b98eface3f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b2876809c1bf685c25e486fd99525e48

      SHA1

      bbd1f0876c8694ecb21b62d6fbde36e146291043

      SHA256

      f78157d3279456511c0617f164b753565e669708209a40217c9942ae613bb355

      SHA512

      8fc4fe01006b9cd77e90f20c4f9156464abc8f3aa930f0e3c2e7d662c5088efc60f3f7f970a573f2a5456c2a83217a16952a85fd3b4057135c30985e1eee9337

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cb012cdd45465cc488ccff599a23619f

      SHA1

      02003cadb76bfd1faff798dfb499d7cfaa31ed13

      SHA256

      35de221a68c6859c4e1f225cf149859a21ea3dfc3f34b76f3d2b599573ed8c48

      SHA512

      ff813382c632e9f2c46e22d2ab9fe187f23e61d769c0aad62e006a8d5bf7e2f86d4b4dbd8b4e28b3948be0853142a155b3735c6db717b55e736523eaf7f2cbb5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      502714cf5ad7601f3bd4475ba9fc5ccf

      SHA1

      ba0e3105bd0011c6fee27660343b0affef786db6

      SHA256

      82889fa93511f04f0c766bd8adbc83ff72f9a33ec3eb3cf39e22a689476e782e

      SHA512

      a15f7e41df7fb770103bb68097acb7825d97a3e92fbb38e9e02d8ee7f569f93fa8b652dc18833bd2125d141a5baf75e36842f8d782d18a9bf885acbb91735ba5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab984A.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar993A.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/1656-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1656-435-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/1656-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2780-445-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2780-446-0x0000000000250000-0x0000000000251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2780-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download