Overview

overview

10

Static

static

7

RippleSpoofer.exe

windows7-x64

9

RippleSpoofer.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    46s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    14-12-2024 09:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RippleSpoofer.exe

  • Size

    15.6MB

  • MD5

    76ed914a265f60ff93751afe02cf35a4

  • SHA1

    4f8ea583e5999faaec38be4c66ff4849fcf715c6

  • SHA256

    51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b

  • SHA512

    83135f8b040b68cafb896c4624bd66be1ae98857907b9817701d46952d4be9aaf7ad1ab3754995363bb5192fa2c669c26f526cafc6c487b061c2edcceebde6ac

  • SSDEEP

    393216:QAiUmWQEnjaa4cqmAa4ICSSF1a0HPRV8gtFlSiZh5ZlZ:bhnGhMAXSmHXFA+

Score
9/10
discoveryevasionthemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 3 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe
    "C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/Qt5NMSgdzU
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2820
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2820 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    96b3fc5a4b175fbdeedb4eb55ee74ef2

    SHA1

    b0bacf69a1687879d6d92c0bdf0700dd1c4a64ba

    SHA256

    3250cce822b754d47791abad79de0133ac0512a865fdef5bd02f232240dc13b8

    SHA512

    32e7cfbc9ba90b0b313a7508c61909b4073217f975828d32397418fab42dfd0dddcbda24122983224fc4968031aa127bb8b1228c5ec6d2a88985b8394379eda8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    93c6d8207bcadb029d9653f076b7c036

    SHA1

    bb379eda1a7bc9d3334ccc526546fb44b61c1668

    SHA256

    3060f72ba7cda390f45a982d1b09b5c81aa6fa280e8ac58737fa56852d48faac

    SHA512

    89a377ee1075309d6dbd9c3c75364dcca32d6621ea6f53a2b9fad6411a4065879980519043cacee32190faf852db77de431a89646940a929a2f33624ada74fc7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1511046c7f5cc2e641928bc1b8a525ac

    SHA1

    6c542aa65e9d2ffa80610ff25ff175e349a9f72a

    SHA256

    e386179fe0742c3f069a4855ad948e542c9d9dcb05c67fc221dfa82b7d4aa68c

    SHA512

    0c232bef6561ba44ba263d948af7f69752363b50c62180193b3b3eabceb3973d3f72dbf74f06f3a6d1c2ff1c53bebe937c5f0a9a9605abdb05f1b366bead9b83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e4795e8b40f38b5df45db4e70248538d

    SHA1

    0d9c8cffaffacffadaa507977f4d659c00d082e3

    SHA256

    ec8118b18378823fed31e6c08fb846eb20d2d5b7252bc75d7f20d22a34c3f57e

    SHA512

    59cf3aa50dd73aa551d4814b403082b1584457e8a0e5a182c3d812d3f16b03780118b3ea784c4d7425ea905edde904ba8407b087b12058246d8418190be359dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3930e7688ca811eb7c881eb08ec6c0aa

    SHA1

    c99438b5bc961e57b8a9dc0333da0072131f4baa

    SHA256

    23f4324ec6efd28ad317dea68aa58eaa924c8e97d2bd1dd0c91a458f41d6c16c

    SHA512

    996e56c76836cb83ba701fb2bf414f2649d60d68bbe185fd5c27aead82ee32d9bd9a1707836a88dbae7fe74089fbb838e7bfd1fa38b930db0540cffd3209778a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a31d1aab1af7c85f638fee74b0011389

    SHA1

    6e2947b7f2e82c83a3366ac96bc7cd9d911dafe0

    SHA256

    73810663f0263a450f425e52399dc36b3925c37c618f88a3912327ded7b302ae

    SHA512

    9b80b83aa572c717301d2e8ceaac35bcec26a9e6a1f95bfdf1a0290724fd72a12261d6c59122cfedd60fff907c68e128def5315c9e1fd9eba0f4c24fa4ffa422

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a599bc4726b452ba2f4df2bc31d6007e

    SHA1

    e50fc8d75d22085fb55406f51df77011f3f9d85b

    SHA256

    07cd5d3087695e552395231125d4f1ae5648ff1549bc82ce6fd8012d4098c257

    SHA512

    f494ce1a8e8c2cb2b66d9d113eb729577bccfc70e764d5af6ed1fd129bda7063004106c4d9b07e56dd6f23d0bef3cc88ffa7d4531bbb30e831e59a306076cb02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    68ad9ff178c82bf5b54fe5c438543385

    SHA1

    db8b9c426d437d716db7519b966e8078c1bb8a8d

    SHA256

    4d7a01b21236b87d19ccbeea3f6a8dd253a34a29916d15b5b328d90daa73670a

    SHA512

    608390d97e1b36b032c74dafaaa3f5a5b0c8c1c7df906565174c4b009f987ed48e2da2e378efe5d70c612f0e253617118cfa972d51959f40bbb692df6e430db5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\78076te\imagestore.dat
    Filesize

    24KB

    MD5

    592588a123b30a8e3799610bcd8a01c4

    SHA1

    9b776c0468302629c71086ebda7f78ad3cd55aa6

    SHA256

    6d79b0d3b38efcab43404aae6c2c4d87462450a427e7c8af408e753ecec40205

    SHA512

    6d06e59890bf9c507080963cba0dc993e5146c1c986b97c2d431ce89c607f950d387813f2e4427e9740f33f494126105610ea81fe1bd0be770174ba719504073

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6J4GCMD\favicon[1].ico
    Filesize

    23KB

    MD5

    ec2c34cadd4b5f4594415127380a85e6

    SHA1

    e7e129270da0153510ef04a148d08702b980b679

    SHA256

    128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

    SHA512

    c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE909.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar34D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2084-8-0x0000000000660000-0x0000000000661000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2084-16-0x0000000000880000-0x0000000002500000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2084-15-0x000007FEFDA90000-0x000007FEFDAFC000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2084-12-0x000007FEFDA90000-0x000007FEFDAFC000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2084-11-0x0000000000880000-0x0000000002500000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2084-10-0x0000000004740000-0x00000000047F2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2084-9-0x000007FEFDA90000-0x000007FEFDAFC000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2084-0-0x0000000000880000-0x0000000002500000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2084-6-0x0000000000880000-0x0000000002500000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2084-5-0x0000000000880000-0x0000000002500000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2084-4-0x000007FEFDA90000-0x000007FEFDAFC000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2084-2-0x000007FEFDA90000-0x000007FEFDAFC000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2084-1-0x000007FEFDAA3000-0x000007FEFDAA4000-memory.dmp

    Filesize

    4KB

    Download