Overview

overview

10

Static

static

1

ea9a48ed30...8.html

windows7-x64

10

ea9a48ed30...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    131s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13-12-2024 07:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea9a48ed308f59c61aedafcec9c514b9_JaffaCakes118.html

  • Size

    158KB

  • MD5

    ea9a48ed308f59c61aedafcec9c514b9

  • SHA1

    c8422c29b2cbc83b3256ee6f247a38d580e298fe

  • SHA256

    2a8a921aa185313bf5e3fa9cfc1f92ae2fd17c14023b1063e37944e950033df1

  • SHA512

    a160e868e900741a73803f02df84ed33533155acc793d5462645f62c22f4d88eb272d0890290d9816b329aedab33d945a87f505abb07b53513f4accea39b12e0

  • SSDEEP

    3072:inSNN+aDtyfkMY+BES09JXAnyrZalI+YQ:iStD4sMYod+X3oI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ea9a48ed308f59c61aedafcec9c514b9_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1488
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1488 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:480
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2300
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2992
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2376
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1488 CREDAT:209942 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1988

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fa7d9b3d54ff0146f9cb57cffd19bd4e

      SHA1

      6542ebbc8a73cb825d0d3fde7f40f97186e15c03

      SHA256

      91539702648b89d9a807b0937645b65b4a5643eeebb678e62d54f0ea210288a0

      SHA512

      c6731101347387ac18225f830325d87f3dcfae719664ed264f57326a363e503926342af83da8a0c8a32dfb70a8d1ea70eac138f49289ae90043489a28e092a53

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d57f915e62a60e34838e724c4f49e5db

      SHA1

      45407fa8b4eeb0a34dd9964939e8869654eaf7df

      SHA256

      37656adbe4b1d0b818be74484e7d9cf506961fbcd0981097604d6b82b8596e3a

      SHA512

      77a773fe39a7df695d3e40c16602374cf9470a4c0d97b8a2b969bedd0476a9455805997d7a3767dc8d6975df78c906245eb5be85b7b1defb7ee7795475319e68

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ae2b612ac01fa4dea1a8793697506849

      SHA1

      7052e5b3a78ce958e25a652d852b9d3a29552131

      SHA256

      8b2f47a8473c9c173040542693a9f39218ce45aa22f60fa756f6d709ee7b29e5

      SHA512

      51a915711a7a4da2d2276830f4cd1df0c7a60dfe2c1c17d1eb0f8bdabac505fe2615a2a80f607d2b026086cf76196eff89a8e0bdcb785aa7975467e999e9b3cc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      119bec72db4bad9b113006e42b7799fb

      SHA1

      f221d15bf119070296a1b2c11b78808c6fafeaa0

      SHA256

      a3d9482816f252d6405d2dd5e06410ac64997fbbf976d24130fd7bffa4bb702e

      SHA512

      23be03573de226a09904d33d76293cd45bd53404571fcd912044e4b553bba694d6f01c0b9601000e6ee11528926166606be8193b161fc4b05fca40571bcd250f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f2234db45a085c918fbc8995aecdacba

      SHA1

      2f7acc15db7a0ea4b47950c7af1fe1aa9361f377

      SHA256

      f571e4d764cd7a93f576e1ea4b7e81d593654105c34fdd996a42e1b0c3822a8b

      SHA512

      b20a8c732aae7ae58d24ed5b707275ebba4abf0fbd9106b566284b40772be80c905a00640516ff1af044f08487756e16fe142dff235ae931a26a3e596912de39

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      941ff8109c166cb945278f5686fb4de1

      SHA1

      c99188ab82c92da5ef57379bba7f75064d62c8f3

      SHA256

      e9f3b8e5c132b963688566ea18df216cda7a64f6d5aa4ff52204025b00528981

      SHA512

      b5caac1a2da0c63bc5f36d66a62c31223f6845b75994e09373316153a4a262cc0e095c5ad50eeb31244f9cb34943ae35525ffb969a1a41ce71737dbd158feb68

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2445b98da0cd854cf3490f4825fd5d0f

      SHA1

      da4b4358b6dfb57ade283b26708ad2234cfc7b21

      SHA256

      c134179a123a8fd7fc8ef566681c089ba7c04431f1a73f7b31afb54ec81620e8

      SHA512

      118832acecc9d68314ed48fa88ef0fbcf67a8812b56a0841aa2843f148eea75e88f2d65b8646da12026d1354fb86762ce02c9428cc212503035dc5634012cf8f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dedc4f10653e920cb59d3339f93fd89b

      SHA1

      5a21cd9b7d076f2a527f14d012eb6e01865c3b69

      SHA256

      5fcb377a556fbd1bc128d9f2076761fb2b073843b41c10172953021fd48a6b10

      SHA512

      574fdb6d380a21bbb1c5cc50160b42004c0085c782bc5936f38d5a37cc9992b6460b81fbd38a7124d8764e34950730d4d9ab8186612dd531a1231c07a2da84b4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0990b43881839301ab08069dbe04f229

      SHA1

      893843f84032f2f034b46fd353c01c818af274ee

      SHA256

      bcb9ad47af977d4eb07d5563924911c4422633073b1f30285c8a8cc1e17a5148

      SHA512

      3eef719df1682993c44d995d5e40850479355e1158742ea6c7c9e3e8537757e3a7f1fa0b5287e33f0c334c6cf911161e387274db289bbbd45e103ac30004b8ee

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3a7a91f94afc06e76416e6c737db291d

      SHA1

      6a09695e1345dddef8feec588835dcf0e3d38b1e

      SHA256

      714a00e2989a1e39437f5e2f39589b4162c77f8fa334049f1b6a5c2feffe759a

      SHA512

      580d585901c91956a313e303aa2aab2668eb9faa693f0afb1a5270a36132bcb945295466a50d7ffa1b3005d3b851c4e7be4ff6616a39834870cedafa7dffcddc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ddd9ffc2746f1047531f7e7ee4b51d6d

      SHA1

      3af8e1d0d28282ea2e136ca31774a2000869e537

      SHA256

      932cf45a2bd8a20a8e7aaa559bc739a529b1a8f22cf44738e03ae64f041ec9e1

      SHA512

      989ed2b09f8f01b2cf23bfe0454d299979aa00bbdbb323221ac524acfffe6d4a9500405761f53e413f90d5e1bbe69abf3f4516dbc8716c5141ec334a64a5d834

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabE552.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarE5E1.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2300-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2300-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2300-435-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2992-445-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2992-446-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2992-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2992-449-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download